View Full Version : malware not been able to remove
AFTER TRYING TO UPLOAD Farbar RS, I can not do it, because even I followed the rulls for unchecking and more the size is still 70kB what does it no allow me to upload FRST.txt file.
PLEASE HELP ME RESOLVE THIS TOO for sake of other users as well - I splitted files in part1 and part2.txt 13281132821328313284Thanks!
usb malfunction, corrupting and overwriting usb drives, not being able to unmount usb drives
I run Spyboot Rootkit and many many times I have the same malware and each and every time I delete them they later reappear with the same key {} as seen in printscreen.
Please also teach me how to make a bootable windows 10 boot drive so I am empowered in the future.
I needed to reinstall FARBAR RT, because my first .txt file was too large(70kB), yes I followed the rulls. I had to uncheck one more option and I unchecked "One month"
Please help me, thanks in advance, sincerely, Grega from Slovenia
You don't have to upload, just copy and paste the logs into your replies.
******
I found what Windows Defender is picking up on and it's Spybot - Search & Destroy because it edits host files, which is now throwing out errors since Windows Defender finds it as malicious.
This is common for one anti malware device to find another device on the machine when there are no exclusions set to allow it to run.
Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
******
As for your USB drives I found the below. No idea if you go to your computer manufacturer web site to search for driver updates and see if that solves the issues.
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Please also teach me how to make a bootable windows 10 boot drive so I am empowered in the future.
I can send you to another web site, you'll have to register and create a new thread and ask this question and receive help.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
AlternateDataStreams: C:\Users\Lewy\Downloads\FRST64.exe:SpybotOnAccess [245]
EmptyTemp:
C:\Windows\Temp\*.*
End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download and run AdwCleaner
Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner
run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please copy and paste the content of the log to your next reply.
============================================
Here are the logs from FRST64.
I could NOT append the logs from aswMBR as the malware did NOT let it. I tried to run aswMBR from safe mode and networking as well as boot>command prompt.
The first try ended in blue screen and reboot if I choosed Virtualization Technology (and if I did NOT it reset during update and/or scan) and the second (cmd in boot)
said that I do not have correct version of windows and that it can not run aswMBR.
I will be VERY grateful for further instructions and if You can help me. Thank You in advance, sincerely, Grega Leskovšek from Slovenia.
P.S.
I am retired computer scientist any/if additional income I use computer. Please help me get my system back in order. Multiple thanks in advance!!
AFTER TRYING TO UPLOAD Farbar RS, I can not do it, because even I followed the rulls for unchecking and more the size is still 70kB what does it no allow me to upload FRST.txt file.
PLEASE HELP ME RESOLVE THIS TOO for sake of other users as well - I splitted files in part1 and part2.txt 13281132821328313284Thanks!
usb malfunction, corrupting and overwriting usb drives, not being able to unmount usb drives
I run Spyboot Rootkit and many many times I have the same malware and each and every time I delete them they later reappear with the same key {} as seen in printscreen.
Please also teach me how to make a bootable windows 10 boot drive so I am empowered in the future.
I needed to reinstall FARBAR RT, because my first .txt file was too large(70kB), yes I followed the rulls. I had to uncheck one more option and I unchecked "One month"
Please help me, thanks in advance, sincerely, Grega from Slovenia
***FIRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021
Ran by Lewy (administrator) on LEWY-T61 (LENOVO 6460D6G) (24-06-2021 13:22:38)
Running from C:\Users\Lewy\Desktop
Loaded Profiles: Lewy
Platform: Windows 10 Education Version 21H1 19043.1081 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\SugarSync\SugarSyncSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Suunto Oy -> ) C:\Users\Lewy\AppData\Local\Suuntolink\app-3.5.2\resources\app\LaunchAgents\SuuntolinkLauncher.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3989200 2021-06-24] (Opera Software AS -> Opera Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Run: [SuuntolinkLauncher] => C:\Users\Lewy\AppData\Local\Suuntolink\app-3.5.2\resources\app\LaunchAgents\SuuntolinkLauncher.exe [831816 2021-05-13] (Suunto Oy -> )
HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388304 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\...\Print\Monitors\CutePDF Writer Monitor v4.0: C:\Windows\system32\cpwmon64_v40.dll [89584 2019-10-20] (Acro Software Inc -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2021-05-13]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05AE8C68-50B2-481B-A3F1-2CC62541FFDF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {231D852E-314A-4EEA-A961-96B1102879E2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {26594A8F-743F-461E-91CE-90CEFD1BB327} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3156AAFE-51A7-4951-B2F9-FBD6CE19FE21} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {4926CBF4-09F3-49DD-B466-2CE151DAE8F0} - System32\Tasks\Opera scheduled Autoupdate 1621107074 => C:\Program Files\Opera\launcher.exe [2264784 2021-06-17] (Opera Software AS -> Opera Software)
Task: {76B19E68-4D13-4530-A475-5F00A01E4D7E} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Spybot Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9469648 2021-04-29] (Safer-Networking Ltd. -> )
Task: {7BF7733E-C6AD-4C3B-B40B-1310F9820CF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {8E1B2B9B-8E6E-493D-8E48-1275C7990617} - System32\Tasks\Opera scheduled assistant Autoupdate 1621107088 => C:\Program Files\Opera\launcher.exe [2264784 2021-06-17] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {955FABE3-EBBA-47FB-A42C-6AFBD07E4709} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {CF083C10-3C84-4272-9590-E04603D43858} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-15] (Google LLC -> Google LLC)
Task: {F9D6FB9F-4367-4DF9-BF54-D8AAFCB91755} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-15] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{246b3cd0-4f87-4e0d-8144-c134806beac4}: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{9998636a-9278-4fe9-a9dc-651fd662a520}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e8abb69c-6cda-47ab-83b7-c960956b95f0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{fd739b55-5b00-4063-8e03-0db564833618}: [DhcpNameServer] 192.168.43.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lewy\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-24]
Edge Extension: (uBlock Origin) - C:\Users\Lewy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2021-05-19]
FireFox:
========
FF DefaultProfile: sxjcljno.default
FF ProfilePath: C:\Users\Lewy\AppData\Roaming\Mozilla\Firefox\Profiles\sxjcljno.default [2021-06-07]
FF ProfilePath: C:\Users\Lewy\AppData\Roaming\Mozilla\Firefox\Profiles\kingwiiv.default-release [2021-06-24]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-06-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-06-24] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default [2021-06-24]
CHR Notifications: Default -> hxxps://www.nkbm.si; hxxps://www.youtube.com
CHR Extension: (Slides) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-16]
CHR Extension: (Docs) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-16]
CHR Extension: (Google Drive) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-16]
CHR Extension: (YouTube) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-16]
CHR Extension: (Sheets) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-16]
CHR Extension: (Gmail) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-26]
Opera:
=======
OPR Profile: C:\Users\Lewy\AppData\Roaming\Opera Software\Opera Stable [2021-06-24]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14280 2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395360 2021-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SugarSync Service; C:\Program Files (x86)\SugarSync\SugarSyncSvc.exe [173056 2020-11-30] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [410624 2006-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Lewy\AppData\Roaming\Zoom"
===================== Drivers (All) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [266240 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 3ware; C:\Windows\System32\drivers\3ware.sys [107320 2019-12-07] (Microsoft Windows -> LSI)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [809288 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [139792 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [14336 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [18432 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [16384 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 Acx01000; C:\Windows\System32\drivers\Acx01000.sys [415232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [1135416 2019-12-07] (Microsoft Windows -> PMC-Sierra)
R1 AFD; C:\Windows\system32\drivers\afd.sys [655688 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R1 afunix; C:\Windows\system32\drivers\afunix.sys [41984 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [292352 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [18432 2019-12-07] (Microsoft Windows -> Advanced Micro Devices, Inc)
S3 amdi2c; C:\Windows\System32\drivers\amdi2c.sys [45568 2019-12-07] (Microsoft Windows -> Advanced Micro Devices, Inc)
S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [207160 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [211256 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S0 amdsata; C:\Windows\System32\drivers\amdsata.sys [83256 2019-12-07] (Microsoft Windows -> Advanced Micro Devices)
S0 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259384 2019-12-07] (Microsoft Windows -> AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\drivers\amdxata.sys [26936 2019-12-07] (Microsoft Windows -> Advanced Micro Devices)
S3 AppID; C:\Windows\System32\drivers\appid.sys [208712 2021-06-23] (Microsoft Windows -> Microsoft Windows)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [18432 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [138040 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [174392 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [154936 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 arcsas; C:\Windows\System32\drivers\arcsas.sys [131896 2019-12-07] (Microsoft Windows -> PMC-Sierra, Inc.)
R3 AsyncMac; C:\Windows\System32\drivers\asyncmac.sys [31232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [30024 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533816 2019-12-07] (Microsoft Windows -> QLogic Corporation)
R1 bam; C:\Windows\System32\drivers\bam.sys [78136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 BasicDisplay; C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys [68608 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R1 BasicRender; C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys [38912 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [41272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 BCM43XX; C:\Windows\System32\drivers\bcmwl63al.sys [5170176 2019-12-07] (Microsoft Windows -> Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [9728 2019-12-07] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 bindflt; C:\Windows\system32\drivers\bindflt.sys [148816 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [117760 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [113664 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [65536 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [106496 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [45568 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 BthPan; C:\Windows\System32\drivers\bthpan.sys [133632 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [1563136 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [110592 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 bttflt; C:\Windows\System32\drivers\bttflt.sys [43832 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [44032 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 CAD; C:\Windows\System32\drivers\CAD.sys [66576 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [300032 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [100864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 cdrom; C:\Windows\System32\drivers\cdrom.sys [181248 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S0 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [319800 2019-12-07] (Microsoft Windows -> Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [1853752 2019-12-07] (Microsoft Windows -> Chelsio Communications)
R1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [97792 2021-06-23] (Microsoft Windows -> )
S3 circlass; C:\Windows\System32\drivers\circlass.sys [52224 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [496128 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R0 CLFS; C:\Windows\System32\drivers\CLFS.sys [411464 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [36864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 CNG; C:\Windows\System32\Drivers\cng.sys [746400 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [40968 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys [41984 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 condrv; C:\Windows\System32\drivers\condrv.sys [57160 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R1 CSC; C:\Windows\System32\drivers\csc.sys [580608 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S1 dam; C:\Windows\System32\drivers\dam.sys [97096 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [152064 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 disk; C:\Windows\System32\drivers\disk.sys [98624 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [59192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [16128 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R1 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [3784504 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 e1express; C:\Windows\System32\drivers\e1e6032e.sys [300544 2019-12-07] (Microsoft Windows -> Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3418936 2019-12-07] (Microsoft Windows -> QLogic Corporation)
S0 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [95032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [124728 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [15872 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [421696 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [425272 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 fdc; C:\Windows\System32\drivers\fdc.sys [34816 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [59392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [94736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [40448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [28672 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [430392 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [69968 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [33592 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [800056 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [23864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [183112 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [430080 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [139776 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [39440 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [120320 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [57344 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [55824 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [48640 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 hidspi; C:\Windows\System32\drivers\hidspi.sys [66560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [44032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64312 2019-12-07] (Microsoft Windows -> Hewlett-Packard Company)
R3 HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [1511936 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [1564984 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S4 hvcrash; C:\Windows\System32\drivers\hvcrash.sys [35128 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [95056 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [30208 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [33096 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [27448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 HyperVideo; C:\Windows\System32\drivers\HyperVideo.sys [41784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [118272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [36352 2019-12-07] (Microsoft Windows -> Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [91136 2019-12-07] (Microsoft Windows -> Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [79360 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [93184 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [171520 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [175104 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [177152 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2019-12-07] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [113152 2019-12-07] (Microsoft Windows -> Intel Corporation)
S0 iaStorAVC; C:\Windows\System32\drivers\iaStorAVC.sys [884752 2019-12-07] (Microsoft Windows -> Intel Corporation)
S0 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412176 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [558904 2019-12-07] (Microsoft Windows -> Mellanox)
R3 IBMPMDRV; C:\Windows\System32\drivers\ibmpmdrv.sys [80144 2019-12-11] (Lenovo -> Lenovo.)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [47104 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R0 intelide; C:\Windows\System32\drivers\intelide.sys [19784 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [418800 2021-05-13] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 intelpmax; C:\Windows\System32\drivers\intelpmax.sys [30720 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 intelppm; C:\Windows\System32\drivers\intelppm.sys [230728 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [57168 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [90112 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [117584 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [225280 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 IPT; C:\Windows\System32\drivers\ipt.sys [59704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 isapnp; C:\Windows\System32\drivers\isapnp.sys [22856 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [292672 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [172344 2019-12-07] (Microsoft Windows -> Avago Technologies)
R3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [71480 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [46592 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [29000 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 kdnic; C:\Windows\System32\drivers\kdnic.sys [33296 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [147280 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [180048 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [29696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 lltdio; C:\Windows\System32\drivers\lltdio.sys [72704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [108856 2019-12-07] (Microsoft Windows -> LSI Corporation)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [124216 2019-12-07] (Microsoft Windows -> LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [135992 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82744 2019-12-07] (Microsoft Windows -> LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [140800 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 mausbhost; C:\Windows\System32\drivers\mausbhost.sys [537608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 mausbip; C:\Windows\System32\drivers\mausbip.sys [64016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [391168 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R2 mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [17024 2006-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59704 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [81720 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 megasas35i; C:\Windows\System32\drivers\megasas35i.sys [105480 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 megasr; C:\Windows\System32\drivers\megasr.sys [575800 2019-12-07] (Microsoft Windows -> LSI Corporation, Inc.)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [65024 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [1131320 2019-12-07] (Microsoft Windows -> Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [53248 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 Modem; C:\Windows\System32\drivers\modem.sys [47104 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 monitor; C:\Windows\System32\drivers\monitor.sys [80896 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 mouclass; C:\Windows\System32\drivers\mouclass.sys [67600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 mouhid; C:\Windows\System32\drivers\mouhid.sys [35328 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [110392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [80896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [157696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [577864 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [264008 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 MsBridge; C:\Windows\System32\drivers\bridge.sys [127488 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [44048 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [56120 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [12288 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [20296 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [34816 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R2 MsLldp; C:\Windows\System32\drivers\mslldp.sys [78848 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 MsQuic; C:\Windows\System32\drivers\msquic.sys [322376 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [382792 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R0 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [296264 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [47928 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [12288 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [17920 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [132920 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 mvumis; C:\Windows\System32\drivers\mvumis.sys [63800 2019-12-07] (Microsoft Windows -> Marvell Semiconductor, Inc.)
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [742400 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [146232 2019-12-07] (Microsoft Windows -> Mellanox)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [1478984 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R1 NdisCap; C:\Windows\System32\drivers\ndiscap.sys [54272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [135168 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [28672 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 Ndisuio; C:\Windows\System32\drivers\ndisuio.sys [70656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 NdisWan; C:\Windows\System32\drivers\ndiswan.sys [206848 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 ndiswanlegacy; C:\Windows\System32\DRIVERS\ndiswan.sys [206848 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 NDKPing; C:\Windows\System32\drivers\NDKPing.sys [72720 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 ndproxy; C:\Windows\System32\DRIVERS\NDProxy.sys [93696 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [131584 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [207360 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\drivers\netbios.sys [64312 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [341504 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [250192 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 netwlv64; C:\Windows\System32\drivers\netwlv64.sys [7530496 2019-12-07] (Microsoft Windows -> Intel Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [87568 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [27648 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [48640 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [2851656 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [7680 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 nvdimm; C:\Windows\System32\drivers\nvdimm.sys [168464 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [12914360 2016-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150328 2019-12-07] (Microsoft Windows -> NVIDIA Corporation)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166200 2019-12-07] (Microsoft Windows -> NVIDIA Corporation)
S3 Parport; C:\Windows\System32\drivers\parport.sys [109056 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [182592 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [469304 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 pciide; C:\Windows\System32\drivers\pciide.sys [16696 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [127800 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [57656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 pdc; C:\Windows\System32\drivers\pdc.sys [159056 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [823296 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58680 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [68408 2019-12-07] (Microsoft Windows -> Avago Technologies)
S3 PktMon; C:\Windows\System32\drivers\PktMon.sys [129872 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
S0 pmem; C:\Windows\System32\drivers\pmem.sys [138040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 PNPMEM; C:\Windows\System32\drivers\pnpmem.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 portcfg; C:\Windows\System32\drivers\portcfg.sys [27136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 PptpMiniport; C:\Windows\System32\drivers\raspptp.sys [101888 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 Processor; C:\Windows\System32\drivers\processr.sys [216376 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R1 Psched; C:\Windows\System32\drivers\pacer.sys [161608 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [53248 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [42296 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [20480 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 RasAgileVpn; C:\Windows\System32\drivers\AgileVpn.sys [113152 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 Rasl2tp; C:\Windows\System32\drivers\rasl2tp.sys [110080 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 RasPppoe; C:\Windows\System32\drivers\raspppoe.sys [87552 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 RasSstp; C:\Windows\System32\drivers\rassstp.sys [86016 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [455480 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [28672 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [169984 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [31544 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [297784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [2003792 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [990008 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [213504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [115712 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 rspndr; C:\Windows\System32\drivers\rspndr.sys [89088 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [18960 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [118096 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [44032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [158736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 sdbus; C:\Windows\System32\drivers\sdbus.sys [305472 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [35128 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [82848 2019-07-31] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 sdstor; C:\Windows\System32\drivers\sdstor.sys [104248 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [86328 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [173072 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [27648 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 Serial; C:\Windows\System32\drivers\serial.sys [90624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [29184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [19456 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 SgrmAgent; C:\Windows\System32\drivers\SgrmAgent.sys [88080 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44856 2019-12-07] (Microsoft Windows -> Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81720 2019-12-07] (Microsoft Windows -> Silicon Integrated Systems)
S0 SmartSAMD; C:\Windows\System32\drivers\SmartSAMD.sys [209720 2019-12-07] (Microsoft Windows -> Microsemi Corportation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [172544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 spaceparser; C:\Windows\System32\drivers\spaceparser.sys [26624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 spaceport; C:\Windows\System32\drivers\spaceport.sys [678728 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 SpatialGraphFilter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [90936 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [87352 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [787968 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [315392 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S0 stexstor; C:\Windows\System32\drivers\stexstor.sys [31032 2019-12-07] (Microsoft Windows -> Promise Technology, Inc.)
R0 storahci; C:\Windows\System32\drivers\storahci.sys [186184 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [54080 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [155960 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [92984 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 storufs; C:\Windows\System32\drivers\storufs.sys [61256 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 storvsc; C:\Windows\System32\drivers\storvsc.sys [44048 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys [18952 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [6656 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [460528 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2992968 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 Tcpip6; C:\Windows\System32\drivers\tcpip.sys [2992968 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [54784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [117560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 Telemetry; C:\Windows\System32\drivers\IntelTA.sys [26608 2020-11-19] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [41272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 TPM; C:\Windows\System32\drivers\tpm.sys [255288 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [66560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [37888 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [141824 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 tunnel; C:\Windows\System32\drivers\tunnel.sys [129024 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UASPStor; C:\Windows\System32\drivers\uaspstor.sys [79160 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [166400 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [188416 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [36864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [113152 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 Ucx01000; C:\Windows\System32\drivers\ucx01000.sys [259896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [52736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [344064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UEFI; C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys [34104 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [41272 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [330056 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys [110608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [168264 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 umbus; C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys [58368 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [15360 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UrsChipidea; C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys [32056 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [76304 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys [29496 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [201728 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 usbaudio2; C:\Windows\System32\drivers\usbaudio2.sys [260608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 usbccgp; C:\Windows\System32\drivers\usbccgp.sys [185664 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [107520 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 usbehci; C:\Windows\System32\drivers\usbehci.sys [86544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 usbhub; C:\Windows\System32\drivers\usbhub.sys [528184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [653136 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [40448 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24064 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 usbser; C:\Windows\System32\drivers\usbser.sys [88064 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [136504 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [39424 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [329040 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [608568 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [67384 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S4 VerifierExt; C:\Windows\System32\drivers\VerifierExt.sys [347448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [820560 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 vhf; C:\Windows\System32\drivers\vhf.sys [47616 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 Vid; C:\Windows\System32\drivers\Vid.sys [644424 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 VirtualRender; C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [160072 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [36664 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [19768 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [90960 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [389432 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [429880 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 vpci; C:\Windows\System32\drivers\vpci.sys [89400 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [166712 2019-12-07] (Microsoft Windows -> VIA Technologies Inc.,Ltd)
S0 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305464 2019-12-07] (Microsoft Windows -> VIA Corporation)
R3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [29184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 vwififlt; C:\Windows\System32\drivers\vwififlt.sys [77824 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 vwifimp; C:\Windows\System32\drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [31232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [93184 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [93184 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [202544 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [93184 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [832832 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [421112 2021-05-29] (Microsoft Windows -> Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [958976 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdmCompanionFilter; C:\Windows\System32\drivers\WdmCompanionFilter.sys [23560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-29] (Microsoft Windows -> Microsoft Corporation)
R0 WFPLWFS; C:\Windows\System32\drivers\wfplwfs.sys [180024 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [39736 2019-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [731648 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [76984 2019-12-07] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [18920 2019-12-07] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [36152 2019-12-07] (Microsoft Windows -> Mellanox)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [259584 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [107008 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [73016 2019-12-07] (Microsoft Windows -> Mellanox)
R3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [19456 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [234296 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [32568 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [25088 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [136192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFWpdFs; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [9728 2006-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [329216 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [51712 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-24 13:22 - 2021-06-24 13:23 - 000061663 _____ C:\Users\Lewy\Desktop\FRST.txt
2021-06-24 13:20 - 2021-06-24 13:17 - 002300416 _____ (Farbar) C:\Users\Lewy\Desktop\FRST64.exe
2021-06-24 13:18 - 2021-06-24 13:20 - 005198336 _____ (AVAST Software) C:\Users\Lewy\Downloads\aswMBR.exe
2021-06-24 13:17 - 2021-06-24 13:17 - 002300416 _____ (Farbar) C:\Users\Lewy\Downloads\FRST64.exe
2021-06-23 21:38 - 2021-06-23 21:38 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-06-23 21:38 - 2021-06-23 21:38 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-06-23 21:38 - 2021-06-23 21:38 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-06-23 21:38 - 2021-06-23 21:38 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-06-23 21:38 - 2021-06-23 21:38 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-06-23 21:38 - 2021-06-23 21:38 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-06-23 21:38 - 2021-06-23 21:38 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-06-23 21:38 - 2021-06-23 21:38 - 000011333 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-06-23 21:37 - 2021-06-23 21:37 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-06-23 21:37 - 2021-06-23 21:37 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-06-23 21:37 - 2021-06-23 21:37 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-06-23 21:37 - 2021-06-23 21:37 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-06-23 21:32 - 2021-06-23 21:32 - 000000000 ___HD C:\$Windows.~WS
2021-06-23 21:30 - 2021-06-23 20:20 - 000230743 _____ C:\Windows\system32\Drivers\etc\hosts.20210623-213007.backup
2021-06-23 20:32 - 2021-06-23 20:32 - 000000400 __RSH C:\ProgramData\ntuser.pol
2021-06-23 20:29 - 2021-06-23 20:31 - 001173560 _____ (Akeo Consulting) C:\Users\Lewy\Downloads\rufus-3.14.exe
2021-06-23 20:27 - 2021-06-23 20:27 - 000000000 _____ C:\Users\Lewy\Downloads\Unconfirmed 369227.crdownload
2021-06-23 20:25 - 2021-06-23 20:25 - 000000000 _____ C:\Users\Lewy\Downloads\Unconfirmed 608991.crdownload
2021-06-23 20:18 - 2021-06-23 20:19 - 000726052 _____ C:\Windows\Minidump\062321-12031-01.dmp
2021-06-23 10:55 - 2021-06-23 10:56 - 000761492 _____ C:\Windows\Minidump\062321-12500-01.dmp
2021-06-22 18:05 - 2021-06-23 22:13 - 000000000 ____D C:\ESD
2021-06-22 18:01 - 2021-06-22 18:01 - 000000000 ____D C:\$WINDOWS.~BT
2021-06-22 18:00 - 2021-06-22 18:00 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2021-06-22 18:00 - 2021-06-22 18:00 - 000000719 _____ C:\Users\Lewy\Desktop\Windows 10 Update Assistant.lnk
2021-06-22 18:00 - 2021-06-22 18:00 - 000000000 ____D C:\Windows10Upgrade
2021-06-22 17:56 - 2021-06-22 17:57 - 000829260 _____ C:\Windows\Minidump\062221-11843-01.dmp
2021-06-21 23:07 - 2021-06-21 23:08 - 000779212 _____ C:\Windows\Minidump\062121-12640-01.dmp
2021-06-21 23:02 - 2021-06-21 23:03 - 000667516 _____ C:\Windows\Minidump\062121-13265-01.dmp
2021-06-21 22:54 - 2021-06-24 13:20 - 005198336 _____ (AVAST Software) C:\Users\Lewy\Desktop\aswMBR.exe
2021-06-21 21:15 - 2021-06-21 21:18 - 000045465 _____ C:\Users\Lewy\Desktop\Addition.old.txt
2021-06-21 21:13 - 2021-06-21 21:18 - 000075191 _____ C:\Users\Lewy\Desktop\FRST.old.txt
2021-06-21 21:02 - 2021-06-21 21:02 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-06-21 20:56 - 2021-06-21 20:56 - 000000000 ____D C:\Users\Lewy\AppData\Local\D3DSCache
2021-06-21 20:02 - 2021-06-21 20:02 - 000013506 _____ C:\Windows\SysWOW64\bddel.dat
2021-06-21 12:51 - 2021-06-21 12:51 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-06-21 12:51 - 2021-06-21 12:51 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-06-21 12:51 - 2021-06-21 12:51 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-06-21 12:51 - 2021-06-21 12:51 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-06-21 12:51 - 2021-06-21 12:51 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-06-21 12:51 - 2021-06-21 12:51 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-06-21 12:50 - 2021-06-21 12:50 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-06-21 12:50 - 2021-06-21 12:50 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-06-21 12:50 - 2021-06-21 12:50 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-06-21 12:50 - 2021-06-21 12:50 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-06-21 12:50 - 2021-06-21 12:50 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-06-21 12:39 - 2021-06-21 12:38 - 000468175 ____R C:\Windows\system32\Drivers\etc\hosts.20210621-123946.backup
2021-06-21 12:38 - 2021-06-21 12:35 - 000468175 _____ C:\Windows\system32\Drivers\etc\hosts.20210621-123851.backup
2021-06-17 22:03 - 2021-06-17 20:49 - 000468175 _____ C:\Windows\system32\Drivers\etc\hosts.20210617-220307.backup
2021-06-17 20:52 - 2021-06-17 21:26 - 1789542400 _____ C:\Users\Lewy\Downloads\KB3AIK_EN (1).iso
2021-06-17 20:47 - 2021-06-23 20:18 - 468432153 _____ C:\Windows\MEMORY.DMP
2021-06-17 20:47 - 2021-06-23 20:18 - 000000000 ____D C:\Windows\Minidump
2021-06-16 01:44 - 2021-06-16 01:44 - 000037250 _____ C:\Users\Lewy\Downloads\FRST_part2.txt
2021-06-16 01:43 - 2021-06-16 01:43 - 000033710 _____ C:\Users\Lewy\Downloads\FRST_part1.txt
2021-06-16 01:30 - 2021-06-16 01:39 - 000045625 _____ C:\Users\Lewy\Downloads\Addition.txt
2021-06-16 01:28 - 2021-06-21 20:55 - 000061345 _____ C:\Users\Lewy\Downloads\FRST.txt
2021-06-15 22:07 - 2021-06-24 13:23 - 000000000 ____D C:\FRST
2021-06-15 22:04 - 2021-06-24 13:01 - 000002308 _____ C:\Users\Lewy\Desktop\Tweaking.com - Registry Backup.lnk
2021-06-15 22:04 - 2021-06-16 00:07 - 000021659 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2021-06-15 22:04 - 2021-06-15 22:04 - 000000207 _____ C:\Windows\tweaking.com-regbackup-LEWY-T61-Windows-10-Education-(64-bit).dat
2021-06-15 22:04 - 2021-06-15 22:04 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2021-06-15 22:04 - 2021-06-15 22:04 - 000000000 ____D C:\RegBackup
2021-06-15 22:04 - 2021-06-15 22:04 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2021-06-15 22:03 - 2021-06-15 22:03 - 007333288 _____ (Tweaking.com) C:\Users\Lewy\Downloads\tweaking.com_registry_backup_setup.exe
2021-06-15 22:03 - 2021-06-15 22:03 - 007333288 _____ (Tweaking.com) C:\Users\Lewy\Desktop\tweaking.com_registry_backup_setup.exe
2021-06-15 21:22 - 2021-06-15 21:22 - 000000000 ____D C:\Users\Lewy\AppData\Local\Opera Software
2021-06-15 20:07 - 2021-06-15 20:02 - 000468175 _____ C:\Windows\system32\Drivers\etc\hosts.20210615-200759.backup
2021-06-07 10:54 - 2021-06-21 22:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-07 10:47 - 2021-06-21 21:02 - 000000000 ____D C:\Users\Lewy\AppData\LocalLow\Mozilla
2021-06-07 10:47 - 2021-06-07 10:47 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Mozilla
2021-06-07 10:47 - 2021-06-07 10:47 - 000000000 ____D C:\Users\Lewy\AppData\Local\Mozilla
2021-06-04 16:30 - 2021-06-04 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force
2021-06-04 16:30 - 2021-06-04 16:30 - 000000000 ____D C:\Program Files (x86)\SoundSpectrum
2021-05-31 20:01 - 2021-05-31 20:01 - 000000000 ____D C:\Users\Lewy\AppData\Local\TeamViewer
2021-05-30 23:57 - 2021-05-30 23:45 - 000014458 _____ C:\Windows\system32\Drivers\etc\hosts.20210530-235745.backup
2021-05-29 11:52 - 2021-05-29 11:52 - 000302137 _____ C:\Users\Lewy\Downloads\rkhunter-1.4.6.tar.gz
2021-05-28 21:42 - 2021-05-28 21:42 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-05-28 20:13 - 2021-05-28 20:13 - 000000194 _____ C:\Users\Lewy\Downloads\prod.repo
2021-05-28 20:12 - 2021-05-28 20:28 - 000000932 _____ C:\Users\Lewy\Downloads\delta-mde-rhel
2021-05-28 18:35 - 2021-05-28 18:35 - 000000000 _____ C:\Users\Lewy\Downloads\install_mdatp_dnf.yml
2021-05-28 18:33 - 2021-05-28 18:33 - 000000983 _____ C:\Users\Lewy\Downloads\microsoft.asc
2021-05-28 18:18 - 2021-05-28 18:18 - 000040050 _____ C:\Users\Lewy\Downloads\mde-urls.xlsx
2021-05-28 18:14 - 2021-05-28 17:45 - 000468195 _____ C:\Windows\system32\Drivers\etc\hosts.20210528-181409.backup
2021-05-26 22:58 - 2021-05-26 22:58 - 008770144 _____ (ENC Security Systems BV) C:\Users\Lewy\Downloads\SanDiskSecureAccessV3_win.exe
2021-05-26 18:08 - 2021-05-26 18:07 - 000468195 ____R C:\Windows\system32\Drivers\etc\hosts.20210526-180823.backup
2021-05-26 18:07 - 2021-05-26 18:07 - 000468195 ____R C:\Windows\system32\Drivers\etc\hosts.20210526-180747.backup
2021-05-26 18:07 - 2021-05-24 16:43 - 000468195 _____ C:\Windows\system32\Drivers\etc\hosts.20210526-180709.backup
2021-05-26 17:52 - 2021-05-26 17:52 - 000208821 _____ (Igor Pavlov) C:\Users\Lewy\Downloads\sigen-ca g2 2457237012068.exe
2021-05-26 17:45 - 2021-05-26 17:45 - 000003469 _____ C:\Users\Lewy\Downloads\sigen-ca g2 2457237012068.p12
2021-05-25 14:50 - 2021-06-24 01:07 - 000000000 ____D C:\Users\Lewy\AppData\Local\CrashDumps
2021-05-25 14:50 - 2021-05-25 14:50 - 000001495 _____ C:\Users\Lewy\AppData\Local\recently-used.xbel
2021-05-25 14:43 - 2021-05-25 14:50 - 000000000 ____D C:\Users\Lewy\AppData\Local\gtk-2.0
2021-05-25 14:43 - 2021-05-25 14:43 - 000000000 ____D C:\Users\Lewy\.cache
2021-05-25 14:39 - 2021-05-26 17:39 - 000000000 ____D C:\Users\Lewy\AppData\Local\babl-0.1
2021-05-25 14:39 - 2021-05-25 14:39 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\GIMP
2021-05-25 14:39 - 2021-05-25 14:39 - 000000000 ____D C:\Users\Lewy\AppData\Local\GIMP
2021-05-25 14:39 - 2021-05-25 14:39 - 000000000 ____D C:\Users\Lewy\AppData\Local\gegl-0.4
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-24 13:04 - 2021-05-15 21:31 - 000004156 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1621107088
2021-06-24 13:03 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-24 12:58 - 2020-11-19 09:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-06-24 01:06 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-06-24 01:05 - 2021-05-13 08:05 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-06-24 01:04 - 2021-05-15 22:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-24 01:04 - 2021-05-12 19:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-24 01:04 - 2020-11-19 09:43 - 000458272 _____ C:\Windows\system32\FNTCACHE.DAT
2021-06-24 01:04 - 2020-11-19 09:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-06-24 00:13 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-06-24 00:12 - 2021-05-12 19:37 - 000000000 ____D C:\Users\Lewy
2021-06-24 00:12 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-06-24 00:12 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-06-23 22:13 - 2021-05-13 05:06 - 000000000 ____D C:\Windows\Panther
2021-06-23 21:43 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-06-23 21:21 - 2020-11-19 09:54 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2021-06-23 20:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-06-23 20:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2021-06-23 20:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2021-06-23 11:21 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-22 20:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-06-21 21:08 - 2021-05-15 21:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-21 21:02 - 2021-05-15 21:29 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-21 21:02 - 2021-05-15 21:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-21 15:21 - 2021-05-15 21:30 - 000000000 ____D C:\Program Files\Opera
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-06-21 13:28 - 2021-05-15 21:31 - 000003944 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1621107074
2021-06-21 13:28 - 2021-05-15 21:31 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-06-21 13:10 - 2020-11-19 09:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-21 13:10 - 2020-11-19 09:46 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-21 13:10 - 2020-11-19 09:46 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-06-21 13:09 - 2021-05-12 19:43 - 000003360 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2620606096-767457063-359015763-1001
2021-06-21 13:09 - 2021-05-12 19:43 - 000000000 ___RD C:\Users\Lewy\OneDrive
2021-06-21 13:09 - 2021-05-12 19:37 - 000002360 _____ C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-17 21:51 - 2021-05-15 21:32 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-17 21:51 - 2021-05-15 21:32 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-17 21:51 - 2021-05-15 21:32 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-15 20:04 - 2021-05-13 08:23 - 000000000 ____D C:\Windows\system32\MRT
2021-06-15 20:00 - 2021-05-13 08:23 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-06-04 16:30 - 2021-05-15 22:05 - 000000000 ____D C:\Program Files\iTunes
2021-06-04 16:30 - 2021-05-15 21:36 - 000000000 ____D C:\Program Files (x86)\Winamp
2021-06-02 18:30 - 2021-05-13 08:19 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-05-31 20:14 - 2021-05-15 22:44 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\TeamViewer
2021-05-30 23:44 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-05-29 08:56 - 2020-11-19 09:43 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-05-28 20:29 - 2021-05-15 21:36 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Notepad++
2021-05-26 18:06 - 2021-05-15 21:46 - 000000000 ____D C:\Users\Lewy\AppData\Local\Google
2021-05-25 07:48 - 2021-05-13 08:19 - 000725304 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-05-25 07:48 - 2021-05-13 08:19 - 000470328 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
==================== Files in the root of some directories ========
2021-05-25 14:50 - 2021-05-25 14:50 - 000001495 _____ () C:\Users\Lewy\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
***
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
Ran by Lewy (24-06-2021 13:24:56)
Running from C:\Users\Lewy\Desktop
Windows 10 Education Version 21H1 19043.1081 (X64) (2021-05-12 17:12:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2620606096-767457063-359015763-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2620606096-767457063-359015763-503 - Limited - Disabled)
Guest (S-1-5-21-2620606096-767457063-359015763-501 - Limited - Disabled)
Lewy (S-1-5-21-2620606096-767457063-359015763-1001 - Administrator - Enabled) => C:\Users\Lewy
WDAGUtilityAccount (S-1-5-21-2620606096-767457063-359015763-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AdoptOpenJDK JRE with Hotspot 11.0.11+9 (x64) (HKLM\...\{8709B56A-ED95-4A8B-AE25-6214DFBAE863}) (Version: 11.0.11.9 - AdoptOpenJDK)
AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2248, 04.04.2021 - AIMP DevTeam)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Application Compatibility Toolkit (HKLM\...\{3BD6A529-0C2A-1EE9-A123-3EF4D804A1D1}) (Version: 10.1.19041.1 - Microsoft) Hidden
Appman Auto Sequencer (HKLM-x32\...\{2942F2D5-2A6D-2061-A152-A736B3277068}) (Version: 10.1.19041.1 - Microsoft) Hidden
Appman Sequencer on amd64 (HKLM\...\{7A394A81-957E-FA00-5F3F-46CF5DDEAA4A}) (Version: 10.1.19041.1 - Microsoft) Hidden
Assessments on Client (HKLM-x32\...\{2C100366-FCBF-7B21-5E61-015CDFBBEF25}) (Version: 10.1.19041.1 - Microsoft) Hidden
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
Blender (HKLM\...\{D6E38255-FB12-4724-A6FF-075B43272C66}) (Version: 2.92.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CutePDF Writer (HKLM\...\CutePDF Writer Installation) (Version: 4.0 - Acro Software Inc.)
FileZilla Client 3.54.1 (HKLM-x32\...\FileZilla Client) (Version: 3.54.1 - Tim Kosse)
G-Force (HKLM-x32\...\G-Force) (Version: 5.8.3 - SoundSpectrum)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
Google Chrome (HKLM\...\{C208811C-385C-3C16-BE72-20618CB11F29}) (Version: 91.0.4472.114 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.54.0) (Version: 9.54.0 - Artifex Software Inc.)
Imaging And Configuration Designer (HKLM-x32\...\{8072F2F3-C269-A639-4626-9209FFF6DEDB}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{2852AE0C-1EEB-72F9-1C5D-FACF6C9304DE}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{30C24881-949F-D09C-5376-9F0DC6B412CD}) (Version: 10.1.19041.1 - Microsoft) Hidden
Inkscape (HKLM\...\{8E094247-4FB9-47F4-AF01-BF66AD9781C8}) (Version: 1.0.2 - Inkscape)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Kits Configuration Installer (HKLM-x32\...\{8867E8B9-1539-18F3-54AB-B1F1E641AC14}) (Version: 10.1.19041.1 - Microsoft) Hidden
Krita (x64) 4.4.3 (HKLM\...\Krita_x64) (Version: 4.4.3.0 - Krita Foundation)
LibreOffice 7.1.3.2 (HKLM\...\{76B2DBF3-5773-4463-9EEB-D4A099EB6265}) (Version: 7.1.3.2 - The Document Foundation)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.54 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.56.2 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla)
MXAx64 (HKLM-x32\...\{53B28ABA-8EFB-7BFB-603D-9B1334BBD881}) (Version: 10.1.19041.1 - Microsoft) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
OEM Test Certificates (HKLM-x32\...\{DAF67B85-47AE-B13B-5C22-3A7149E46EB8}) (Version: 10.1.19041.1 - Microsoft) Hidden
Opera Stable 77.0.4054.90 (HKLM-x32\...\Opera 77.0.4054.90) (Version: 77.0.4054.90 - Opera Software)
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
PuTTY release 0.75 (64-bit) (HKLM\...\{06DB09EC-52D5-47FA-A0F3-D70ED6407481}) (Version: 0.75.0.0 - Simon Tatham)
Python 3.9.5 (64-bit) (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\{f3d4ed4c-f434-41ef-8469-ffadd80c4ccf}) (Version: 3.9.5150.0 - Python Software Foundation)
Python 3.9.5 Core Interpreter (64-bit) (HKLM\...\{FBB6299D-CB58-4177-B6A0-63BFB1C8C3AE}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Development Libraries (64-bit) (HKLM\...\{AEE58901-97A1-422A-B964-4FD9BF3327B8}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Documentation (64-bit) (HKLM\...\{4EFE695B-F377-4CB0-90E3-6AEEE22DEFEB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Executables (64-bit) (HKLM\...\{843C07B6-040E-4E83-B244-5383247D70AB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 pip Bootstrap (64-bit) (HKLM\...\{7559EB6B-36F9-4AE8-8970-532E4DC0ECA3}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Standard Library (64-bit) (HKLM\...\{F4DC18F4-6323-4BE8-A322-38268831BC24}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Tcl/Tk Support (64-bit) (HKLM\...\{351016A7-AED4-4824-8D2E-2F9ED497CF77}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Test Suite (64-bit) (HKLM\...\{605117B9-EE12-4498-A089-A63219191799}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Utility Scripts (64-bit) (HKLM\...\{420E50F6-A8E8-4098-A321-7DF6B3C3BA82}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B6EF11B6-0882-43B1-AA75-4D3BD32A144A}) (Version: 3.9.7427.0 - Python Software Foundation)
Skype version 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.7 - Safer-Networking Ltd.)
SugarSync (HKLM-x32\...\SugarSync) (Version: 4.0.3.3 - KeepItSafe, Inc.)
Suuntolink (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Suuntolink) (Version: 3.5.2 - Suunto)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.18.5 - TeamViewer)
ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Toolkit Documentation (HKLM-x32\...\{1978CD82-5D9C-F9BD-4FA3-17AFA5AE12B2}) (Version: 10.1.19041.1 - Microsoft) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
UEV Tools on amd64 (HKLM\...\{91339917-AF30-9EC7-D5AA-05919BB21DB9}) (Version: 10.1.19041.1 - Microsoft) Hidden
User State Migration Tool (HKLM-x32\...\{2AD80B8E-9213-FEA7-BA85-0EFED76D6F11}) (Version: 10.1.19041.1 - Microsoft) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Volume Activation Management Tool (HKLM-x32\...\{4B43C47D-8870-ACFA-C414-6C0884876EB0}) (Version: 10.1.19041.1 - Microsoft) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{9346016b-6620-4841-8ea4-ad91d3ea02b5}) (Version: 10.1.19041.1 - Microsoft Corporation)
Windows Assessment and Deployment Kit Windows Preinstallation Environment Add-ons - Windows 10 (HKLM-x32\...\{353df250-4ecc-4656-a950-4df93078a5fd}) (Version: 10.1.19041.1 - Microsoft Corporation)
WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)
WPT Redistributables (HKLM-x32\...\{AE00264D-F001-A1D3-F3B8-74A9D2193E7F}) (Version: 10.1.19041.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{FD439F85-AD64-B3E5-9FC5-444AE8C8AF7B}) (Version: 10.1.19041.1 - Microsoft) Hidden
Zoom (HKLM-x32\...\{325D3FAA-C519-40F3-9423-DE74994B7B80}) (Version: 5.6.823 - Zoom)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2021-05-15] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2021-05-15] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2015-06-29] (NVIDIA Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-05-15 21:36 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-12-06 19:37 - 2019-12-06 19:37 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2020-11-30 22:46 - 2020-11-30 22:46 - 003060224 _____ (SugarSync, Inc.) [File not signed] C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2620606096-767457063-359015763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123simsen.com -> www.123simsen.com
There are 7942 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2021-06-24 01:08 - 000467379 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15988 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\AdoptOpenJDK\jre-11.0.11.9-hotspot\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft VS Code\bin;C:\Program Files\PuTTY\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer\
HKU\S-1-5-21-2620606096-767457063-359015763-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{6C9BAD30-E75B-4B02-8205-702CD4289285}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{93E726A5-8872-4EAD-AD18-C85ADBB7D106}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A2A4DBAA-CD61-4720-8B62-335F2466FCC7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B62211A-3155-4EF8-837A-55E47F561C05}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{2B8A53BF-0B23-4E41-982C-D4CC01257694}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{DB906621-3B3D-4EEF-8747-BF85EB682C4D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{E164E1F8-2309-42DF-957D-35D4D74DF947}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{15177D09-89A2-4CBC-8E8D-5A74E06941E3}] => (Allow) C:\Program Files (x86)\SugarSync\SugarSync.exe (KeepItSafe, Inc.) [File not signed]
FirewallRules: [{6760AB53-900C-4ECA-AFAD-C3446D3AB6F3}] => (Allow) C:\Program Files (x86)\SugarSync\SugarSync.exe (KeepItSafe, Inc.) [File not signed]
FirewallRules: [{79A5CBFB-333C-4D5A-8D77-2618F7E2B8B7}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{25F65549-883E-4388-9DFA-01656737201A}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{853C167E-1E7E-4C77-8534-3711FBCE56D4}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7108E88C-00D9-4813-887B-54DCC319C16D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E31A36D9-2C41-4A45-AFD3-269D033EB0BD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2CBC8CF9-39FC-4574-9AD4-62711346EB75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9689789E-14C7-47DE-A1B8-ABE0AAA271E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E44A3438-1202-4603-8D26-253ECC0799DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C7532C0-0E40-4DD3-B721-BD1222F27000}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3FABD95B-5A7E-405E-870F-C350472FBAFA}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5B97CA4-CDE7-457C-A0A1-D1153C64F0AA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B1B4EF68-FB1E-4DB1-B322-1D085ABB6A40}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{30EA4684-9A4A-4BBF-B5D6-1514F7AFF6B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{116D42E5-26D4-496D-8916-5DFC626ACD53}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E9B01D31-0CE8-4FD1-9830-3E82DE918D8E}] => (Allow) C:\Program Files\Opera\76.0.4017.177\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{11B6B3F8-9619-40E4-B11D-E4F3F3C035C5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{60460550-1596-480A-A407-A902A49E584F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0EBFB665-58E5-43C1-98D4-14D98C0A435C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{72207830-CF95-49C0-BE09-168394ABCC62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC2844A6-8AA5-4FC2-99D1-ED5FAF013B84}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F323AF87-555E-4B89-B828-504EBA8BE75E}] => (Allow) C:\Program Files\Opera\77.0.4054.90\opera.exe (Opera Software AS -> Opera Software)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
==================== Restore Points =========================
15-06-2021 20:04:59 Windows Modules Installer
21-06-2021 12:33:36 Windows Modules Installer
23-06-2021 21:26:24 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (06/24/2021 01:21:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x70ed60b6
Faulting process id: 0x3178
Faulting application start time: 0x01d768eae1eb46ea
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: bbdeebf6-0f8f-43e5-a0d5-010bc04c35f8
Faulting package full name:
Faulting package-relative application ID:
Error: (06/24/2021 01:20:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x3178
Faulting application start time: 0x01d768eae1eb46ea
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 50e5d0c4-89cd-48ac-8d3f-ee906cd1b8e1
Faulting package full name:
Faulting package-relative application ID:
Error: (06/24/2021 01:10:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x3394
Faulting application start time: 0x01d768e97c4e3dd0
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 52f523a8-966b-4a81-98a1-a217c14655d9
Faulting package full name:
Faulting package-relative application ID:
Error: (06/24/2021 01:03:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2ef8
Faulting application start time: 0x01d768e88eafa15c
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: c5801f88-ae94-460a-b833-8e8f3500996f
Faulting package full name:
Faulting package-relative application ID:
Error: (06/24/2021 01:10:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x1b18
Faulting application start time: 0x01d76884e73af533
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: fc72b44e-3f1b-4909-ada3-c699e824627d
Faulting package full name:
Faulting package-relative application ID:
Error: (06/24/2021 01:07:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogiOptionsMgr.exe, version: 8.10.84.0, time stamp: 0x5ddeae0d
Faulting module name: LogiOptionsMgr.exe, version: 8.10.84.0, time stamp: 0x5ddeae0d
Exception code: 0xc0000005
Fault offset: 0x00000000003f3430
Faulting process id: 0x294
Faulting application start time: 0x01d768847028b37c
Faulting application path: C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
Faulting module path: C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
Report Id: c658b1c7-7125-451c-915f-9913500d5e32
Faulting package full name:
Faulting package-relative application ID:
Error: (06/23/2021 10:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x24e8
Faulting application start time: 0x01d7686e1b2dbd61
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 9dd87d9e-5905-4a20-ac9b-1b6a5d2c2949
Faulting package full name:
Faulting package-relative application ID:
Error: (06/23/2021 09:53:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x3d5c
Faulting application start time: 0x01d7686967f92e9d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: e42b2277-2c2a-4d6b-82a2-4623a155f74d
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (06/24/2021 01:02:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (06/23/2021 09:17:08 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {f6341c04-9543-4499-9b96-95283a5d485b}, had event 76
Error: (06/23/2021 08:21:57 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (06/23/2021 08:21:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (06/23/2021 08:21:14 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (06/23/2021 08:19:32 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffff980043049080, 0x0000000000000002, 0x0000000000000000, 0xfffff804678319d4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 90c9cd1f-bc50-4bdd-b529-181ddafe4f0f.
Error: (06/23/2021 08:18:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:55:57 on 23/06/2021 was unexpected.
Error: (06/23/2021 10:56:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Windows Defender:
================
Date: 2021-05-30 23:44:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Security intelligence Version: AV: 1.339.1708.0, AS: 1.339.1708.0, NIS: 1.339.1708.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6
Date: 2021-05-30 23:27:21
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.1645.0, AS: 1.339.1645.0, NIS: 1.339.1645.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6
Date: 2021-05-29 20:42:18
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.1620.0, AS: 1.339.1620.0, NIS: 1.339.1620.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6
Date: 2021-05-29 08:48:35
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.596.0, AS: 1.339.596.0, NIS: 1.339.596.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6
Date: 2021-05-13 15:09:57
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Security intelligence Version: AV: 1.339.596.0, AS: 1.339.596.0, NIS: 1.339.596.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6
Date: 2021-05-12 21:41:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-05-12 21:41:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-05-12 21:41:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-05-12 21:41:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2021-05-12 21:41:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2021-06-24 13:20:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-06-24 13:18:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 7LETC9WW (2.29 ) 03/18/2011
Motherboard: LENOVO 6460D6G
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 84%
Total physical RAM: 4030.29 MB
Available physical RAM: 638.66 MB
Total Virtual: 18474.29 MB
Available Virtual: 15145.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:140.52 GB) (Free:62.57 GB) NTFS
Drive e: (ESD-USB) (Removable) (Total:31.99 GB) (Free:27.73 GB) FAT32
Drive f: () (Removable) (Total:233.19 GB) (Free:119.79 GB) FAT32
\\?\Volume{6dd9e22f-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{6dd9e22f-0000-0000-0000-902423000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6DD9E22F)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=499 MB) - (Type=27)
Partition 4: (Not Active) - (Size=97.4 GB) - (Type=05)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 117.2 GB) (Disk ID: BAA8C257)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
==========================================================
Disk: 2 (Size: 233.3 GB) (Disk ID: 6F7A4A05)
Partition 1: (Not Active) - (Size=233.2 GB) - (Type=0C)
==================== End of Addition.txt =======================
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-06-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-06-24] <==== ATTENTION
EmptyTemp:
C:\Windows\Temp\*.*
End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download and run AdwCleaner
Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.
you can download AdwCleaner here: https://malwarebytes.com/adwcleaner
run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please copy and paste the content of the log to your next reply.
============================================
Run Malwarebytes Anti-Malware
You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):
run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard
Please post these 3 logs when finished.
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
Ran by Lewy (24-06-2021 20:33:55) Run:2
Running from C:\Users\Lewy\Desktop
Loaded Profiles: Lewy
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-06-24] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-06-24] <==== ATTENTION
EmptyTemp:
C:\Windows\Temp\*.*
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\System\CurrentControlSet\Control\Session Manager\"BootExecute"="autocheck autochk *" => value restored successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js => moved successfully
C:\Program Files\mozilla firefox\mozilla.cfg => moved successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\assistant_installer_20210624202817.log => moved successfully
C:\Windows\Temp\CProgram FilesOpera77.0.4054.90opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 8937472 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8507636 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 46776975 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16692 B
NetworkService => 16692 B
Lewy => 2759026 B
RecycleBin => 0 B
EmptyTemp: => 63.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:35:43 ====
ADWCLEAN:
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-24-2021
# Duration: 00:00:02
# OS: Windows 10 Education
# Cleaned: 6
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2167 octets] - [24/06/2021 20:49:05]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Malwarebytes
www.malwarebytes.com
-Podrobnosti dnevnika-
Datum pregledovanja: 24. 06. 21
Čas pregledovanja: 22:41
Dnevniška datoteka: 935cc7e0-d52c-11eb-8fb8-001a6bcef9b4.json
-Podatki o programski opremi-
Različica: 4.4.0.117
Različica komponent: 1.0.1344
Različica s paketom posodobitve: 1.0.42191
Licenca: Preizkusna različica
-Informacije o sistemu-
OS: Windows 10 (Build 19043.1081)
Procesor: x64
Datotečni sistem: NTFS
Uporabnik: Lewy-T61\Lewy
-Povzetek pregledovanja-
Vrsta pregledovanja: Pregledovanje groženj
Pregledovanje je sprožil: Ročno
Rezultat: Dokončano
Število pregledanih predmetov: 337666
Število zaznanih groženj: 0
Število groženj v karanteni: 0
Pretečeni čas: 9 min, 28 s
-Možnosti pregledovanja-
Pomnilnik: Omogočeno
Zagon: Omogočeno
Datotečni sistem: Omogočeno
Arhivi: Omogočeno
Korenska orodja: Onemogočeno
Hevristika: Omogočeno
PUP: Zaznaj
PUM: Zaznaj
-Podrobnosti pregledovanja-
Proces: 0
(Ni zaznanih zlonamernih elementov)
Modul: 0
(Ni zaznanih zlonamernih elementov)
Registrski ključ: 0
(Ni zaznanih zlonamernih elementov)
Vrednost registra: 0
(Ni zaznanih zlonamernih elementov)
Podatki registra: 0
(Ni zaznanih zlonamernih elementov)
Podatkovni tok: 0
(Ni zaznanih zlonamernih elementov)
Mapa: 0
(Ni zaznanih zlonamernih elementov)
Datoteka: 0
(Ni zaznanih zlonamernih elementov)
Fizični sektor: 0
(Ni zaznanih zlonamernih elementov)
WMI: 0
(Ni zaznanih zlonamernih elementov)
(end)
Please download Emsisoft Emergency Kit (https://www.bleepingcomputer.com/download/emsisoft-emergency-kit/) and save it to your desktop.
Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here (http://deeprybka.trojaner-board.de/bausteine/emsisoft/1.png).
After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
http://i.imgur.com/rxYDlQ1.png
When asked to run an online update, click Yes.
http://i.imgur.com/dQaKPnk.png
.
When the update is finished, click the Back to Security Status link in the left corner.
On the main screen click the Scan PC button.
Select Smart Scan, then click the Scan button.
When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
http://i.imgur.com/g5ojhHp.png
.
Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
Copy and paste the contents of that logfile in your next reply.
Please download Emsisoft Emergency Kit (https://www.bleepingcomputer.com/download/emsisoft-emergency-kit/) and save it to your desktop.
Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here (http://deeprybka.trojaner-board.de/bausteine/emsisoft/1.png).
After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
http://i.imgur.com/rxYDlQ1.png
When asked to run an online update, click Yes.
http://i.imgur.com/dQaKPnk.png
.
When the update is finished, click the Back to Security Status link in the left corner.
On the main screen click the Scan PC button.
Select Smart Scan, then click the Scan button.
When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
http://i.imgur.com/g5ojhHp.png
.
Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
Copy and paste the contents of that logfile in your next reply.
Malwarebytes
www.malwarebytes.com
-Podrobnosti dnevnika-
Datum pregledovanja: 25. 06. 21
Čas pregledovanja: 02:57
Dnevniška datoteka: 52f6bdc3-d550-11eb-b818-001a6bcef9b4.json
-Podatki o programski opremi-
Različica: 4.4.0.117
Različica komponent: 1.0.1344
Različica s paketom posodobitve: 1.0.42201
Licenca: Preizkusna različica
-Informacije o sistemu-
OS: Windows 10 (Build 19043.1081)
Procesor: x64
Datotečni sistem: NTFS
Uporabnik: System
-Povzetek pregledovanja-
Vrsta pregledovanja: Pregledovanje groženj
Pregledovanje je sprožil: Dnevnik
Rezultat: Dokončano
Število pregledanih predmetov: 337577
Število zaznanih groženj: 0
Število groženj v karanteni: 0
Pretečeni čas: 10 min, 28 s
-Možnosti pregledovanja-
Pomnilnik: Omogočeno
Zagon: Omogočeno
Datotečni sistem: Omogočeno
Arhivi: Omogočeno
Korenska orodja: Onemogočeno
Hevristika: Omogočeno
PUP: Zaznaj
PUM: Zaznaj
-Podrobnosti pregledovanja-
Proces: 0
(Ni zaznanih zlonamernih elementov)
Modul: 0
(Ni zaznanih zlonamernih elementov)
Registrski ključ: 0
(Ni zaznanih zlonamernih elementov)
Vrednost registra: 0
(Ni zaznanih zlonamernih elementov)
Podatki registra: 0
(Ni zaznanih zlonamernih elementov)
Podatkovni tok: 0
(Ni zaznanih zlonamernih elementov)
Mapa: 0
(Ni zaznanih zlonamernih elementov)
Datoteka: 0
(Ni zaznanih zlonamernih elementov)
Fizični sektor: 0
(Ni zaznanih zlonamernih elementov)
WMI: 0
(Ni zaznanih zlonamernih elementov)
(end)
EMSISOFT found only Tweaking.com false positives.
Do I quarantine it (have backed up registry).13287
EMSISOFT found only Tweaking.com false positives.
Do I quarantine it (have backed up registry).emsisoftreport.png
No, thats a false positive.
Tell me what the computer is doing at the moment.
We're not finding malware, my suspicions are apps on the computer causing issues.
No, thats a false positive.
Tell me what the computer is doing at the moment.
We're not finding malware, my suspicions are apps on the computer causing issues.
It is turned on. The computer is notebook Lenovo T61, it is now turned on. I received an email some months ago that somebody installed malware on it and wants $BITCOIN.
Everytime I lanuch aswMBR.exe after I choose Virtualization or start scanning the computer ends in blue screen restart.
Please let me know how can I create spyboot boot usb and start aswMBr from there (i have Windows 10).
Can I create bootable usb with cd image or i need to stick with CD(do not have burner here on vacations)?
Thanks in advance, Grega
1.) A question (can I create boot usb instead of cd)?
2.) Installed WAIK and all the libraries, but can not create boot cd.
3.)Does it matter if I create boot cd from a another clean installation of windows OR it is necessary to create BOOT CD from SAME computer?
Thank You in advance, sincerely, Grega from Slovenia
Report:
Started creating CD...
Cleaning up apps preparation folder...
----------------------------------------
Deleted C:\SpybotBootCD\Apps.
Preparing application collection...
----------------------------------------
Copied C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPEStart.exe to C:\SpybotBootCD\Apps.
Copied C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll to C:\SpybotBootCD\Apps.
Copied C:\Program Files (x86)\Spybot - Search & Destroy 2\*.bpl to C:\SpybotBootCD\Apps.
----------------------------------------
Copied C:\Program Files (x86)\Spybot - Search & Destroy 2\Help\Licence-CE.rtf to C:\SpybotBootCD\Apps\Help.
----------------------------------------
Copied C:\Program Files (x86)\Spybot - Search & Destroy 2\Help\Licence-PE.rtf to C:\SpybotBootCD\Apps\Help.
Copying spybotsd2 from C:\Program Files (x86)\Spybot - Search & Destroy 2\...
Application menu created.
Application menu created.
----------------------------------------
Deleted C:\SpybotBootCD\Mount.
----------------------------------------
Deleted C:\SpybotBootCD\winpe.wim.
Copying operating system files...
----------------------------------------
Copied C:\Program Files\Windows AIK\Tools\PETools\x86\bootmgr to C:\SpybotBootCD\ISO\bootmgr.
Copied C:\Program Files\Windows AIK\Tools\PETools\x86\boot\etfsboot.com to C:\SpybotBootCD\ISO\bootmgr.
Copied C:\Program Files\Windows AIK\Tools\PETools\x86\boot to C:\SpybotBootCD\ISO\bootmgr.
Copied C:\Program Files\Windows AIK\Tools\PETools\x86\EFI to C:\SpybotBootCD\ISO\bootmgr.
Copied C:\Program Files\Windows AIK\Tools\PETools\x86\winpe.wim to C:\SpybotBootCD\ISO\bootmgr.
----------------------------------------
Copied C:\Program Files\Windows AIK\Tools\PETools\x86\winpe.wim to C:\SpybotBootCD\ISO\sources\boot.wim.
Mounting image file system...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /Mount-Wim /WimFile:winpe.wim /index:1 /MountDir:C:\SpybotBootCD\Mount...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Mounting image
The operation completed successfully.
Installing package WinPE-HTA-Package...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-hta.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-HTA-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package WinPE-Scripting-Package...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-scripting.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-Scripting-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package WinPE-WMI-Package...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-wmi.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-WMI-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package winpe-legacysetup...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-legacysetup.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-LegacySetup-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package winpe-setup...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-setup.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-Setup-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package winpe-setup-client...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-setup-client.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-Setup-Client-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package winpe-setup-server...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-setup-server.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-Setup-Server-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package winpe-pppoe...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-pppoe.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-PPPoE-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package winpe-mdac...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-mdac.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-MDAC-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
Installing package winpe-wds-tools...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Package /PackagePath:"C:\Program Files\Windows AIK\Tools\PETools\x86\WinPE_FPs\winpe-wds-tools.cab"...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Processing 1 of 1 - Adding package WinPE-WDS-Tools-Package~31bf3856ad364e35~x86~~6.1.7600.16385
The operation completed successfully.
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Set-InputLocale:0409:00000409...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Input locale has been set to: 0409:00000409
The operation completed successfully.
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Set-ScratchSpace:128...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Scratch Space : 128MB
The operation completed successfully.
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /image:C:\SpybotBootCD\Mount /Add-Driver /driver:C:\SpybotBootCD\Drivers /recurse...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image Version: 6.1.7600.16385
Error: 2
Cannot find the specified file 'C:\SpybotBootCD\Drivers'
The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
Loading registry hives...
Copying apps to mounted folder...
About to copy the MISSING file C:\SpybotBootCD\Apps...
----------------------------------------
Copied C:\SpybotBootCD\Apps to C:\SpybotBootCD\Mount\Apps.
----------------------------------------
Could not copy C:\Windows\winhlp32.exe to C:\SpybotBootCD\Mount\Windows\System32!
Could not copy C:\Windows\system32\winver.exe to C:\SpybotBootCD\Mount\Windows\System32!
Could not copy C:\Windows\system32\notepad.exe to C:\SpybotBootCD\Mount\Windows\System32!
Could not copy C:\Windows\system32\xchm.exe to C:\SpybotBootCD\Mount\Windows\System32!
File operation failed (error 0x02)!
Saving shell options...
Copying system libraries from running system...
----------------------------------------
Could not copy C:\Windows\system32\oledlg.dll to C:\SpybotBootCD\Mount\Windows\System32!
File operation failed (error 0x78)!
----------------------------------------
Copied C:\Windows\system32\shfolder.dll to C:\SpybotBootCD\Mount\Windows\System32.
----------------------------------------
Copied C:\Windows\system32\IEAdvPack.dll to C:\SpybotBootCD\Mount\Windows\System32.
----------------------------------------
Could not copy C:\Windows\system32\oledlg.dll to C:\SpybotBootCD\Mount\Windows\System32!
File operation failed (error 0x78)!
----------------------------------------
Copied C:\Windows\system32\shfolder.dll to C:\SpybotBootCD\Mount\Windows\System32.
----------------------------------------
Copied C:\Windows\system32\IEAdvPack.dll to C:\SpybotBootCD\Mount\Windows\System32.
----------------------------------------
Could not copy C:\Windows\system32\oledlg.dll to C:\SpybotBootCD\Mount\Windows\System32!
Could not copy C:\Windows\system32\shfolder.dll to C:\SpybotBootCD\Mount\Windows\System32!
Could not copy C:\Windows\system32\IEAdvPack.dll to C:\SpybotBootCD\Mount\Windows\System32!
Could not copy C:\Windows\system32\oledlg.dll to C:\SpybotBootCD\Mount\Windows\System32!
Could not copy C:\Windows\system32\shfolder.dll to C:\SpybotBootCD\Mount\Windows\System32!
Could not copy C:\Windows\system32\IEAdvPack.dll to C:\SpybotBootCD\Mount\Windows\System32!
File operation failed (error 0x78)!
Unloading registry hives...
Preparing CD image file system...
----------------------------------------
Unmounting image file system...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\Servicing\dism.exe /Unmount-Wim /MountDir:C:\SpybotBootCD\Mount /commit...
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385
Image File : C:\SpybotBootCD\winpe.wim
Image Index : 1
Saving image
Unmounting image
The operation completed successfully.
----------------------------------------
Copied C:\SpybotBootCD\WinPE.wim to C:\SpybotBootCD\ISO\sources\boot.wim.
Creating ISO image file...
----------------------------------------
Executing C:\Program Files\Windows AIK\Tools\x86\oscdimg.exe -n -h -lSpybotBootCD -bC:\SpybotBootCD\etfsboot.com C:\SpybotBootCD\ISO C:\SpybotBootCD\SpybotBootCD.iso...
OSCDIMG 2.55 CD-ROM and DVD-ROM Premastering Utility
Copyright (C) Microsoft, 1993-2007. All rights reserved.
Licensed only for producing Microsoft authorized content.
Scanning source tree
Scanning source tree complete (16 files in 8 directories)
Computing directory information
Computing directory information complete
Image file is 752486400 bytes
ERROR: Image is 70502400 bytes too large (681984000)
(use -m to override or try -o to optimize storage)
Check the above for error messages, we could not create a valid ISO file.
I received an email some months ago that somebody installed malware on it and wants $BITCOIN.
Everytime I lanuch aswMBR.exe after I choose Virtualization or start scanning the computer ends in blue screen restart.
Ok, when you mention money is requested it points me towards a ransomware infection.
if that warning came through an email there was some type of ransomware installed or placed on your computer you would had seen several symptoms of it.
Don't worry over trying to run aswMBR, it's showing not to be compatible with your machine.
~~~~~
Effects of a ransomware infection include:
Make it so that you can not execute programs other than ones required to pay the ransom.
Terminate any non-essential programs that may be running.
Encrypt your data so that you can no longer access it or open it with programs.
Remove your ability to browse the Internet other than to locations that will allow you to pay the ransom
https://www.bleepingcomputer.com/virus-removal/threat/ransomware/
~~~~~~~~~~~~~~~~~~~
1.) A question (can I create boot usb instead of cd)?
2.) Installed WAIK and all the libraries, but can not create boot cd.
3.)Does it matter if I create boot cd from a another clean installation of windows OR it is necessary to create BOOT CD from SAME computer?
Thank You in advance, sincerely, Grega from Slovenia
The above questions I cannot help with but I can direct you to another forum that deals with tech issues.
You will need to create an account/register like you did here => create a new topic with the above questions. Also you can read over topics already started asking something similar.
If you like you can copy and paste this topic to your thread you start to give them an idea of the complications your having.
https://www.sysnative.com/forums/forums/windows-10.148/
AFTER TRYING TO UPLOAD Farbar RS, I can not do it, because even I followed the rulls for unchecking and more the size is still 70kB what does it no allow me to upload FRST.txt file.
PLEASE HELP ME RESOLVE THIS TOO for sake of other users as well - I splitted files in part1 and part2.txt 13281132821328313284Thanks!
usb malfunction, corrupting and overwriting usb drives, not being able to unmount usb drives
I run Spyboot Rootkit and many many times I have the same malware and each and every time I delete them they later reappear with the same key {} as seen in printscreen.
Please also teach me how to make a bootable windows 10 boot drive so I am empowered in the future.
I needed to reinstall FARBAR RT, because my first .txt file was too large(70kB), yes I followed the rulls. I had to uncheck one more option and I unchecked "One month"
Please help me, thanks in advance, sincerely, Grega from Slovenia
Please *DO* send me to another website where I could receive more help. Please do answer my question regarding how to create bootable spybot cd (if can from another computer where do not have spybot pro, if can create usb instead of cd, if can run asw... diagnostic tool from bootable spybot cd (if I run it everytime on my infected notebook it freezes every time.
Any yes, my notebook is infected.
Thank You in advance, sincerely, Grega
P.S.
I am running this from dual boot red hat, if I need Your help do I need to be up and in windows 10?
I'm checking with another colleague, but do check into this as well
I can direct you to another forum that deals with tech issues.
You will need to create an account/register like you did here => create a new topic with the above questions. Also you can read over topics already started asking something similar.
If you like you can copy and paste this topic to your thread you start to give them an idea of the complications your having.
https://www.sysnative.com/forums/forums/windows-10.148/
I have finished checking
You started a topic here
https://forums.spybot.info/showthread.php?77603-creation-of-spybot-boot-cd
I do not know if things are in development or if you should reach out to other resources.
Sysnative's forum information posted here
You will need to create an account/register like you did here => create a new topic with the above questions. Also you can read over topics already started asking something similar.
If you like you can copy and paste this topic to your thread you start to give them an idea of the complications your having.
https://www.sysnative.com/forums/forums/windows-10.148/
and I have confidence that they would be able to assist with the questions you have asked.
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.