PDA

View Full Version : malware not been able to remove POST 2 with all reports


leskgr
2021-07-19, 13:46
Please help me again, this is the same notebook I asked before for help, but now I was able to run all tests and now that i had it proved that I have 2 viruses:
C:\Windows\SysWOW64\GamePanel.exe **INFECTED** Win32:MalOb-CA [Cryp]
C:\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.19041.746_none_2703bed0ba809808\GamePanel.exe **INFECTED** Win32:MalOb-CA [Cryp]
... anda bunch of decompression bombs (see last report from preboot Avast) ...
Here are full reports:===***===
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021
Ran by Lewy (administrator) on LEWY-T61 (LENOVO 6460D6G) (19-07-2021 12:18:34)
Running from C:\Users\Lewy\Desktop
Loaded Profiles: Lewy
Platform: Windows 10 Education Version 21H1 19043.1110 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\SugarSync\SugarSyncSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Opera Software AS -> Opera Software) C:\Program Files\Opera\assistant\browser_assistant.exe <2>
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [4080336 2021-07-14] (Opera Software AS -> Opera Software)
HKLM\...\Run: => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [123672 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Run: [SuuntolinkLauncher] => C:\Users\Lewy\AppData\Local\Suuntolink\app-3.6.1\resources\app\LaunchAgents\SuuntolinkLauncher.exe [831832 2021-07-11] (Suunto Oy -> )
HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388304 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\...\Print\Monitors\CutePDF Writer Monitor v4.0: C:\Windows\system32\cpwmon64_v40.dll [89584 2019-10-20] (Acro Software Inc -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-02] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * bddel.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05AE8C68-50B2-481B-A3F1-2CC62541FFDF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {1B518B8D-F289-4E88-88F6-A11F9B632AFA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-07-14] (Avast Software s.r.o. -> Avast Software)
Task: {20AD4D2D-1D00-4C97-8BCB-8798C0BBC32A} - System32\Tasks\Opera scheduled assistant Autoupdate 1621107088 => C:\Program Files\Opera\launcher.exe [2264784 2021-07-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {231D852E-314A-4EEA-A961-96B1102879E2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {26594A8F-743F-461E-91CE-90CEFD1BB327} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3156AAFE-51A7-4951-B2F9-FBD6CE19FE21} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {76B19E68-4D13-4530-A475-5F00A01E4D7E} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Spybot Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9469648 2021-04-29] (Safer-Networking Ltd. -> )
Task: {955FABE3-EBBA-47FB-A42C-6AFBD07E4709} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {AA75CE81-A3F3-4CB8-9D89-5285525B035F} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4903192 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
Task: {CF083C10-3C84-4272-9590-E04603D43858} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-15] (Google LLC -> Google LLC)
Task: {E2C9F71B-4582-44F9-8FDC-6C8DB56D549E} - System32\Tasks\Opera scheduled Autoupdate 1621107074 => C:\Program Files\Opera\launcher.exe [2264784 2021-07-14] (Opera Software AS -> Opera Software)
Task: {F9D6FB9F-4367-4DF9-BF54-D8AAFCB91755} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-15] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{246b3cd0-4f87-4e0d-8144-c134806beac4}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9998636a-9278-4fe9-a9dc-651fd662a520}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e8abb69c-6cda-47ab-83b7-c960956b95f0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{fd739b55-5b00-4063-8e03-0db564833618}: [DhcpNameServer] 192.168.2.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lewy\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-19]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Lewy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-14]
Edge Extension: (uBlock Origin) - C:\Users\Lewy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2021-07-19]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: sxjcljno.default
FF ProfilePath: C:\Users\Lewy\AppData\Roaming\Mozilla\Firefox\Profiles\sxjcljno.default [2021-06-24]
FF ProfilePath: C:\Users\Lewy\AppData\Roaming\Mozilla\Firefox\Profiles\kingwiiv.default-release [2021-07-18]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Lewy\AppData\Roaming\Mozilla\Firefox\Profiles\kingwiiv.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-07-02]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-07-19] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-07-19] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default [2021-07-19]
CHR Notifications: Default -> hxxps://www.nkbm.si; hxxps://www.youtube.com
CHR Extension: (Slides) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-16]
CHR Extension: (Docs) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-16]
CHR Extension: (Google Drive) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-16]
CHR Extension: (YouTube) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-16]
CHR Extension: (uBlock Origin) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-13]
CHR Extension: (Sheets) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-16]
CHR Extension: (Gmail) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-26]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\Lewy\AppData\Roaming\Opera Software\Opera Stable [2021-07-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8249936 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [625432 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [373528 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14280 2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [7477704 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SugarSync Service; C:\Program Files (x86)\SugarSync\SugarSyncSvc.exe [173056 2020-11-30] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [410624 2006-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S3 CredentialEnrollmentManagerUserSvc; %SystemRoot%\system32\CredentialEnrollmentManager.exe [X]
S3 CredentialEnrollmentManagerUserSvc_4a307; C:\Windows\system32\CredentialEnrollmentManager.exe [X]
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Lewy\AppData\Roaming\Zoom"

===================== Drivers (All) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [266240 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 3ware; C:\Windows\System32\drivers\3ware.sys [107320 2019-12-07] (Microsoft Windows -> LSI)
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [809288 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [139792 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [14336 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [18432 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [16384 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 Acx01000; C:\Windows\System32\drivers\Acx01000.sys [415232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [1135416 2019-12-07] (Microsoft Windows -> PMC-Sierra)
R1 AFD; C:\Windows\system32\drivers\afd.sys [655688 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R1 afunix; C:\Windows\system32\drivers\afunix.sys [41984 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [292352 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [18432 2019-12-07] (Microsoft Windows -> Advanced Micro Devices, Inc)
S3 amdi2c; C:\Windows\System32\drivers\amdi2c.sys [45568 2019-12-07] (Microsoft Windows -> Advanced Micro Devices, Inc)
S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [207160 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [211256 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S0 amdsata; C:\Windows\System32\drivers\amdsata.sys [83256 2019-12-07] (Microsoft Windows -> Advanced Micro Devices)
S0 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259384 2019-12-07] (Microsoft Windows -> AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\drivers\amdxata.sys [26936 2019-12-07] (Microsoft Windows -> Advanced Micro Devices)
S3 AppID; C:\Windows\System32\drivers\appid.sys [208712 2021-06-23] (Microsoft Windows -> Microsoft Windows)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [18432 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [138040 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [174392 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [154936 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 arcsas; C:\Windows\System32\drivers\arcsas.sys [131896 2019-12-07] (Microsoft Windows -> PMC-Sierra, Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [216928 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [366616 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99352 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17328 2021-07-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41352 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [182600 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [524400 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107848 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82912 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851192 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [471920 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215384 2021-07-14] (Avast Software s.r.o. -> AVAST Software)
R3 AsyncMac; C:\Windows\System32\drivers\asyncmac.sys [31232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 atapi; C:\Windows\System32\drivers\atapi.sys [30024 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533816 2019-12-07] (Microsoft Windows -> QLogic Corporation)
R1 bam; C:\Windows\System32\drivers\bam.sys [78136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 BasicDisplay; C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys [68608 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R1 BasicRender; C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys [38912 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [41272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 BCM43XX; C:\Windows\System32\drivers\bcmwl63al.sys [5170176 2019-12-07] (Microsoft Windows -> Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [9728 2019-12-07] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 bindflt; C:\Windows\system32\drivers\bindflt.sys [148816 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [117760 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [113664 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [65536 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [106496 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [45568 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 BthPan; C:\Windows\System32\drivers\bthpan.sys [133632 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [1563136 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [110592 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 bttflt; C:\Windows\System32\drivers\bttflt.sys [43832 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [44032 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 CAD; C:\Windows\System32\drivers\CAD.sys [66576 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [300032 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [100864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 cdrom; C:\Windows\System32\drivers\cdrom.sys [181248 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S0 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [319800 2019-12-07] (Microsoft Windows -> Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [1853752 2019-12-07] (Microsoft Windows -> Chelsio Communications)
R1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [97792 2021-06-23] (Microsoft Windows -> )
S3 circlass; C:\Windows\System32\drivers\circlass.sys [52224 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [496128 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R0 CLFS; C:\Windows\System32\drivers\CLFS.sys [411464 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [36864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 CNG; C:\Windows\System32\Drivers\cng.sys [746400 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [40968 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys [41984 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 condrv; C:\Windows\System32\drivers\condrv.sys [57144 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R1 CSC; C:\Windows\System32\drivers\csc.sys [580608 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S1 dam; C:\Windows\System32\drivers\dam.sys [97096 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [152064 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 disk; C:\Windows\System32\drivers\disk.sys [98624 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [59192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [16128 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R1 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [3784504 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 e1express; C:\Windows\System32\drivers\e1e6032e.sys [300544 2019-12-07] (Microsoft Windows -> Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3418936 2019-12-07] (Microsoft Windows -> QLogic Corporation)
S0 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [95032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [124728 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 epp; C:\EEK\bin64\epp.sys [155112 2021-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [15872 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [421696 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [425272 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 fdc; C:\Windows\System32\drivers\fdc.sys [34816 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [59392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [94736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [40448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [28672 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [430392 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [69968 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [33592 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [800056 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [23864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [183112 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [430080 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [139776 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [39440 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [120320 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [57344 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [55824 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [48640 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 hidspi; C:\Windows\System32\drivers\hidspi.sys [66560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [44032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64312 2019-12-07] (Microsoft Windows -> Hewlett-Packard Company)
R3 HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [1511936 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [1576272 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
S4 hvcrash; C:\Windows\System32\drivers\hvcrash.sys [35128 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [95056 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [30208 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [33096 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [27448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 HyperVideo; C:\Windows\System32\drivers\HyperVideo.sys [41784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [118272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [36352 2019-12-07] (Microsoft Windows -> Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [91136 2019-12-07] (Microsoft Windows -> Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [79360 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [93184 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [171520 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [175104 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [177152 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2019-12-07] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [113152 2019-12-07] (Microsoft Windows -> Intel Corporation)
S0 iaStorAVC; C:\Windows\System32\drivers\iaStorAVC.sys [884752 2019-12-07] (Microsoft Windows -> Intel Corporation)
S0 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412176 2019-12-07] (Microsoft Windows -> Intel Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [558904 2019-12-07] (Microsoft Windows -> Mellanox)
R3 IBMPMDRV; C:\Windows\System32\drivers\ibmpmdrv.sys [80144 2019-12-11] (Lenovo -> Lenovo.)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [47104 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R0 intelide; C:\Windows\System32\drivers\intelide.sys [19784 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [418800 2021-05-13] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 intelpmax; C:\Windows\System32\drivers\intelpmax.sys [30720 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 intelppm; C:\Windows\System32\drivers\intelppm.sys [230728 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [57168 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [90112 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [117584 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [225280 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 IPT; C:\Windows\System32\drivers\ipt.sys [59704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 isapnp; C:\Windows\System32\drivers\isapnp.sys [22856 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [292672 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [172344 2019-12-07] (Microsoft Windows -> Avago Technologies)
R3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [71480 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [46592 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [29000 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 kdnic; C:\Windows\System32\drivers\kdnic.sys [33296 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [147280 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [180024 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [29696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 lltdio; C:\Windows\System32\drivers\lltdio.sys [72704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [108856 2019-12-07] (Microsoft Windows -> LSI Corporation)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [124216 2019-12-07] (Microsoft Windows -> LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [135992 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82744 2019-12-07] (Microsoft Windows -> LSI Corporation)
R2 luafv; C:\Windows\system32\drivers\luafv.sys [140800 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 mausbhost; C:\Windows\System32\drivers\mausbhost.sys [537608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 mausbip; C:\Windows\System32\drivers\mausbip.sys [64016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-06-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-06-26] (Malwarebytes Inc -> Malwarebytes)
S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [391168 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R2 mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [17024 2006-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59704 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [81720 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 megasas35i; C:\Windows\System32\drivers\megasas35i.sys [105480 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 megasr; C:\Windows\System32\drivers\megasr.sys [575800 2019-12-07] (Microsoft Windows -> LSI Corporation, Inc.)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [65024 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [1131320 2019-12-07] (Microsoft Windows -> Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [53248 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 Modem; C:\Windows\System32\drivers\modem.sys [47104 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 monitor; C:\Windows\System32\drivers\monitor.sys [80896 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 mouclass; C:\Windows\System32\drivers\mouclass.sys [67600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 mouhid; C:\Windows\System32\drivers\mouhid.sys [35328 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [110392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [80896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [157696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [577864 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [264008 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 MsBridge; C:\Windows\System32\drivers\bridge.sys [127488 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [44048 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [56120 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [12288 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [20296 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [34816 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R2 MsLldp; C:\Windows\System32\drivers\mslldp.sys [78848 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 MsQuic; C:\Windows\System32\drivers\msquic.sys [322376 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [382792 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R0 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [296264 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [47928 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [12288 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [17920 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 Mup; C:\Windows\System32\Drivers\mup.sys [132920 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 mvumis; C:\Windows\System32\drivers\mvumis.sys [63800 2019-12-07] (Microsoft Windows -> Marvell Semiconductor, Inc.)
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [742400 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [146232 2019-12-07] (Microsoft Windows -> Mellanox)
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [1478984 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R1 NdisCap; C:\Windows\System32\drivers\ndiscap.sys [54272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [135168 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [28672 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 Ndisuio; C:\Windows\System32\drivers\ndisuio.sys [70656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 NdisWan; C:\Windows\System32\drivers\ndiswan.sys [206848 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 ndiswanlegacy; C:\Windows\System32\DRIVERS\ndiswan.sys [206848 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 NDKPing; C:\Windows\System32\drivers\NDKPing.sys [72720 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 ndproxy; C:\Windows\System32\DRIVERS\NDProxy.sys [93696 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [131584 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [207360 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R1 NetBIOS; C:\Windows\System32\drivers\netbios.sys [64312 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [341504 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [250192 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 netwlv64; C:\Windows\System32\drivers\netwlv64.sys [7530496 2019-12-07] (Microsoft Windows -> Intel Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [87568 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [27648 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [48640 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [2851656 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [7680 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 nvdimm; C:\Windows\System32\drivers\nvdimm.sys [168464 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [12914360 2016-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150328 2019-12-07] (Microsoft Windows -> NVIDIA Corporation)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166200 2019-12-07] (Microsoft Windows -> NVIDIA Corporation)
R3 Parport; C:\Windows\System32\drivers\parport.sys [109056 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [182584 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R0 pci; C:\Windows\System32\drivers\pci.sys [469304 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R0 pciide; C:\Windows\System32\drivers\pciide.sys [16696 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [127800 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 pcw; C:\Windows\System32\drivers\pcw.sys [57656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 pdc; C:\Windows\System32\drivers\pdc.sys [159056 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [823296 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58680 2019-12-07] (Microsoft Windows -> Avago Technologies)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [68408 2019-12-07] (Microsoft Windows -> Avago Technologies)
S3 PktMon; C:\Windows\System32\drivers\PktMon.sys [129872 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
S0 pmem; C:\Windows\System32\drivers\pmem.sys [138040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 PNPMEM; C:\Windows\System32\drivers\pnpmem.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 portcfg; C:\Windows\System32\drivers\portcfg.sys [27136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 PptpMiniport; C:\Windows\System32\drivers\raspptp.sys [101888 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 Processor; C:\Windows\System32\drivers\processr.sys [216376 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R1 Psched; C:\Windows\System32\drivers\pacer.sys [161608 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [53248 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [42296 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [20480 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 RasAgileVpn; C:\Windows\System32\drivers\AgileVpn.sys [113152 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 Rasl2tp; C:\Windows\System32\drivers\rasl2tp.sys [110080 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 RasPppoe; C:\Windows\System32\drivers\raspppoe.sys [87552 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 RasSstp; C:\Windows\System32\drivers\rassstp.sys [86016 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [455480 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [28672 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [169984 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [31544 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [297784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [2003792 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [990008 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [213504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [115712 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 rspndr; C:\Windows\System32\drivers\rspndr.sys [89088 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [18960 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [118096 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [44032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [158736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 sdbus; C:\Windows\System32\drivers\sdbus.sys [305472 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [35128 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [82848 2019-07-31] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 sdstor; C:\Windows\System32\drivers\sdstor.sys [104248 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [86328 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [173072 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 Serenum; C:\Windows\System32\drivers\serenum.sys [27648 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 Serial; C:\Windows\System32\drivers\serial.sys [90624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [29184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [19456 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 SgrmAgent; C:\Windows\System32\drivers\SgrmAgent.sys [88080 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44856 2019-12-07] (Microsoft Windows -> Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81720 2019-12-07] (Microsoft Windows -> Silicon Integrated Systems)
S0 SmartSAMD; C:\Windows\System32\drivers\SmartSAMD.sys [209720 2019-12-07] (Microsoft Windows -> Microsemi Corportation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [172544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 spaceparser; C:\Windows\System32\drivers\spaceparser.sys [26624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 spaceport; C:\Windows\System32\drivers\spaceport.sys [678736 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 SpatialGraphFilter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [90936 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [87352 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [787968 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [315392 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S0 stexstor; C:\Windows\System32\drivers\stexstor.sys [31032 2019-12-07] (Microsoft Windows -> Promise Technology, Inc.)
S0 storahci; C:\Windows\System32\drivers\storahci.sys [186184 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [54080 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [155960 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [92984 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [61256 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S0 storvsc; C:\Windows\System32\drivers\storvsc.sys [44048 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys [18952 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [6656 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [460528 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2992440 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 Tcpip6; C:\Windows\System32\drivers\tcpip.sys [2992440 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [54784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [117560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 Telemetry; C:\Windows\System32\drivers\IntelTA.sys [26608 2020-11-19] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [41272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 TPM; C:\Windows\System32\drivers\tpm.sys [255288 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [66560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [37888 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [141824 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 tunnel; C:\Windows\System32\drivers\tunnel.sys [129024 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UASPStor; C:\Windows\System32\drivers\uaspstor.sys [79160 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [166400 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [188416 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [36864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [113152 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 Ucx01000; C:\Windows\System32\drivers\ucx01000.sys [259896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [52736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [344064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UEFI; C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys [34104 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [41272 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [330056 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys [110608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [168264 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 umbus; C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys [58368 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [15360 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UrsChipidea; C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys [32056 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [76304 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys [29496 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [201728 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 usbaudio2; C:\Windows\System32\drivers\usbaudio2.sys [260608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 usbccgp; C:\Windows\System32\drivers\usbccgp.sys [185664 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [107520 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 usbehci; C:\Windows\System32\drivers\usbehci.sys [86544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 usbhub; C:\Windows\System32\drivers\usbhub.sys [528184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [653136 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [35328 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24064 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 usbser; C:\Windows\System32\drivers\usbser.sys [88064 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [136504 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [39424 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [329040 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [608568 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [67384 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S4 VerifierExt; C:\Windows\System32\drivers\VerifierExt.sys [347448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [820560 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 vhf; C:\Windows\System32\drivers\vhf.sys [47616 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 Vid; C:\Windows\System32\drivers\Vid.sys [644424 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 VirtualRender; C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [160080 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [36664 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [19768 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [90960 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [389432 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [429880 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 vpci; C:\Windows\System32\drivers\vpci.sys [89400 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [166712 2019-12-07] (Microsoft Windows -> VIA Technologies Inc.,Ltd)
S0 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305464 2019-12-07] (Microsoft Windows -> VIA Corporation)
R3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [29184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 vwififlt; C:\Windows\System32\drivers\vwififlt.sys [77824 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 vwifimp; C:\Windows\System32\drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [31232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [93184 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [93184 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [202568 2021-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [93184 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [832832 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [421112 2021-05-29] (Microsoft Windows -> Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [958976 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdmCompanionFilter; C:\Windows\System32\drivers\WdmCompanionFilter.sys [23560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-29] (Microsoft Windows -> Microsoft Corporation)
R0 WFPLWFS; C:\Windows\System32\drivers\wfplwfs.sys [180024 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [39736 2019-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [731648 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [76984 2019-12-07] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [18920 2019-12-07] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [36152 2019-12-07] (Microsoft Windows -> Mellanox)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [259584 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [107008 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [73016 2019-12-07] (Microsoft Windows -> Mellanox)
R3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [19456 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [234296 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
R3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [32568 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [25088 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [136192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFWpdFs; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [9728 2006-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [329216 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [51712 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-19 12:18 - 2021-07-19 12:19 - 000065933 _____ C:\Users\Lewy\Desktop\FRST.txt
2021-07-19 12:16 - 2021-07-19 12:17 - 002300416 _____ (Farbar) C:\Users\Lewy\Desktop\FRST64.exe
2021-07-19 12:01 - 2021-07-19 12:04 - 000048046 _____ C:\Users\Lewy\Desktop\Addition.txt
2021-07-19 11:51 - 2021-07-19 11:51 - 000002308 _____ C:\Users\Lewy\Desktop\Tweaking.com - Registry Backup.lnk
2021-07-19 11:41 - 2021-07-19 11:41 - 008553680 _____ (Malwarebytes) C:\Users\Lewy\Desktop\adwcleaner_8.3.0.exe
2021-07-19 11:36 - 2021-07-19 11:37 - 000668148 _____ C:\Windows\Minidump\071921-14828-01.dmp
2021-07-19 11:32 - 2021-07-19 11:32 - 000001962 _____ C:\Users\Lewy\Desktop\aswMBR.txt
2021-07-19 11:32 - 2021-07-19 11:32 - 000000512 _____ C:\Users\Lewy\Desktop\MBR.dat
2021-07-19 10:46 - 2021-07-19 10:47 - 000615260 _____ C:\Windows\Minidump\071921-12921-01.dmp
2021-07-19 09:09 - 2021-07-19 09:10 - 000464380 _____ C:\Windows\Minidump\071921-13578-01.dmp
2021-07-19 09:07 - 2021-07-19 09:07 - 000000000 _____ C:\Windows\Minidump\071921-12750-01.dmp
2021-07-18 23:36 - 2021-07-18 23:36 - 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-07-18 23:34 - 2021-07-18 23:26 - 000001314 _____ C:\Users\Lewy\Desktop\aswBoot.txt
2021-07-18 22:37 - 2021-07-18 22:37 - 000000000 ___HD C:\$AV_ASW
2021-07-18 22:29 - 2021-07-18 22:30 - 000764124 _____ C:\Windows\Minidump\071821-14562-01.dmp
2021-07-18 19:53 - 2021-07-18 19:44 - 000480643 _____ C:\Windows\system32\Drivers\etc\hosts.20210718-195342.backup
2021-07-18 19:33 - 2021-07-18 19:33 - 005198336 _____ (AVAST Software) C:\Users\Lewy\Desktop\aswMBR.exe
2021-07-18 19:31 - 2021-07-18 19:31 - 000000000 ____D C:\TDSSKiller_Quarantine
2021-07-18 19:30 - 2021-07-18 19:31 - 000216250 _____ C:\TDSSKiller.2.8.16.0_18.07.2021_19.30.53_log.txt
2021-07-18 19:30 - 2021-07-18 19:30 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Lewy\Downloads\tdsskiller.exe
2021-07-18 19:30 - 2021-07-18 19:30 - 000208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\06341792.sys
2021-07-18 19:14 - 2021-07-18 19:14 - 005659583 _____ (Swearware) C:\Users\Lewy\Downloads\ComboFix.exe
2021-07-15 16:37 - 2021-07-15 16:37 - 000106719 _____ C:\Users\Lewy\Downloads\21-1305.pdf
2021-07-15 16:09 - 2021-07-15 16:09 - 000000000 ____D C:\Users\Lewy\Documents\SPANISH
2021-07-15 16:08 - 2021-07-15 16:08 - 000000000 ____D C:\ProgramData\Canneverbe Limited
2021-07-15 16:07 - 2021-07-15 16:07 - 000425304 _____ (Secure By Design Inc.) C:\Users\Lewy\Downloads\Ninite CDBurnerXP Installer.exe
2021-07-15 16:07 - 2021-07-15 16:07 - 000001775 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2021-07-15 16:07 - 2021-07-15 16:07 - 000001733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2021-07-15 16:07 - 2021-07-15 16:07 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Canneverbe Limited
2021-07-15 16:07 - 2021-07-15 16:07 - 000000000 ____D C:\Program Files\CDBurnerXP
2021-07-15 15:25 - 2021-07-15 15:25 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Macromedia
2021-07-14 18:14 - 2021-07-14 18:22 - 000000000 ____D C:\Users\Lewy\Documents\Leadership
2021-07-14 18:10 - 2021-07-14 18:16 - 000000000 ____D C:\Users\Lewy\Documents\Scientology and Effective Knowledge
2021-07-14 18:04 - 2021-07-14 18:09 - 000000000 ____D C:\Users\Lewy\Documents\Increasing Efficiency
2021-07-14 18:02 - 2021-07-14 18:02 - 000000000 ____D C:\Users\Lewy\AppData\Local\Avast Software
2021-07-14 17:42 - 2021-07-14 17:42 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Avast Software
2021-07-14 17:35 - 2021-07-14 17:58 - 000000000 ____D C:\Users\Lewy\Documents\The Five Conditions
2021-07-14 17:33 - 2021-07-14 18:24 - 000001528 _____ C:\Windows\cdplayer.ini
2021-07-14 17:31 - 2021-07-14 17:31 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-07-14 17:31 - 2021-07-14 17:31 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-07-14 17:29 - 2021-07-19 11:38 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-07-14 17:29 - 2021-07-14 17:29 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-07-14 17:29 - 2021-07-14 17:29 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-07-14 17:29 - 2021-07-14 17:28 - 000851192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000524400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000471920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000366616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000339736 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-07-14 17:29 - 2021-07-14 17:28 - 000327536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000250392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000216928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000215384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000182600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000107848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000099352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000082912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000041352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000035720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-07-14 17:29 - 2021-07-14 17:28 - 000017328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-07-14 17:28 - 2021-07-18 23:36 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-14 17:28 - 2021-07-14 17:28 - 000000000 ____D C:\Program Files\Avast Software
2021-07-14 17:27 - 2021-07-14 17:34 - 000001067 _____ C:\Users\Lewy\Desktop\FreeRIP MP3 Converter.lnk
2021-07-14 17:27 - 2021-07-14 17:27 - 002248468 _____ (GreenTree Applications SRL) C:\Users\Lewy\Downloads\FreeRipPlus.exe
2021-07-14 17:27 - 2021-07-14 17:27 - 000001534 _____ C:\ProgramData\ss.ini
2021-07-14 17:27 - 2021-07-14 17:27 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2021-07-14 17:27 - 2021-07-14 17:27 - 000000000 ____D C:\ProgramData\FreeRIP MP3 Converter
2021-07-14 17:27 - 2021-07-14 17:27 - 000000000 ____D C:\Program Files (x86)\FreeRIP
2021-07-13 21:00 - 2021-07-13 21:00 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-13 21:00 - 2021-07-13 21:00 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-13 21:00 - 2021-07-13 21:00 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-13 21:00 - 2021-07-13 21:00 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-13 20:59 - 2021-07-13 20:59 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-13 20:59 - 2021-07-13 20:59 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-13 20:29 - 2021-07-13 20:29 - 000082850 _____ C:\Users\Lewy\Downloads\Cenik nadomestil za posle s potrošniki_veljavnost 1. julij 2021.pdf
2021-07-02 13:48 - 2021-07-02 13:48 - 016203121 _____ C:\Users\Lewy\Downloads\drive-download-20210702T114821Z-001.zip
2021-07-02 13:10 - 2021-07-02 13:10 - 019646156 _____ C:\Users\Lewy\Downloads\drive-download-20210702T111035Z-001.zip
2021-07-02 02:15 - 2021-07-14 21:27 - 000004156 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1621107088
2021-06-29 15:02 - 2021-06-29 15:02 - 003977315 _____ C:\Users\Lewy\Downloads\Leskovsek28221-1322.pdf
2021-06-26 20:01 - 2021-06-26 20:02 - 000000400 __RSH C:\ProgramData\ntuser.pol
2021-06-26 19:34 - 2021-06-26 19:34 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK
2021-06-26 19:34 - 2021-06-26 19:34 - 000000000 ____D C:\Program Files\Windows Imaging
2021-06-26 19:08 - 2021-06-26 19:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-06-26 19:08 - 2021-06-26 19:08 - 000000000 ____D C:\Program Files\MSBuild
2021-06-26 19:08 - 2021-06-26 19:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-06-26 19:08 - 2021-06-26 19:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-06-26 18:50 - 2021-06-26 19:34 - 000000000 ____D C:\Program Files\Windows AIK
2021-06-26 17:53 - 2021-06-26 18:46 - 1789542400 _____ C:\Users\Lewy\Downloads\KB3AIK_EN (2).iso
2021-06-26 17:12 - 2021-06-26 17:20 - 293035326 _____ C:\Users\Lewy\Downloads\Unconfirmed 355883.crdownload
2021-06-25 17:46 - 2021-06-25 17:46 - 000001525 _____ C:\Users\Lewy\Desktop\emsisoftreport.txt
2021-06-25 10:28 - 2021-06-25 10:28 - 000000000 ____D C:\ProgramData\Emsisoft
2021-06-25 10:27 - 2021-06-25 10:27 - 000001100 _____ C:\Users\Lewy\Desktop\Start Emergency Kit Scanner.exe - Shortcut.lnk
2021-06-25 10:26 - 2021-07-19 10:48 - 000000000 ____D C:\EEK
2021-06-25 10:26 - 2021-06-25 10:24 - 295204800 _____ C:\Users\Lewy\Desktop\EmsisoftEmergencyKit.exe
2021-06-25 10:22 - 2021-06-25 10:24 - 295204800 _____ C:\Users\Lewy\Downloads\EmsisoftEmergencyKit.exe
2021-06-24 23:18 - 2021-06-24 23:16 - 000467379 _____ C:\Windows\system32\Drivers\etc\hosts.20210624-231815.backup
2021-06-24 22:56 - 2021-06-24 22:56 - 000001530 _____ C:\Users\Lewy\Desktop\0MalwareBytesscanreport.txt
2021-06-24 22:40 - 2021-07-18 22:46 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-24 22:39 - 2021-06-26 17:10 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-06-24 22:39 - 2021-06-24 21:08 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-06-24 20:54 - 2021-07-18 22:46 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-06-24 20:54 - 2021-06-24 21:08 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-06-24 20:54 - 2021-06-24 20:54 - 000000000 ____D C:\Users\Lewy\AppData\Local\mbamtray
2021-06-24 20:54 - 2021-06-24 20:54 - 000000000 ____D C:\Users\Lewy\AppData\Local\mbam
2021-06-24 20:54 - 2021-06-24 20:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-24 20:54 - 2021-06-24 20:54 - 000000000 ____D C:\Program Files\Malwarebytes
2021-06-24 20:51 - 2021-06-24 20:52 - 064333800 _____ (Malwarebytes ) C:\Users\Lewy\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe
2021-06-24 20:49 - 2021-06-24 20:49 - 000002247 _____ C:\Users\Lewy\Desktop\0AdwCleaner[C00].txt
2021-06-24 20:47 - 2021-06-24 20:49 - 000000000 ____D C:\AdwCleaner
2021-06-24 20:18 - 2021-06-24 20:35 - 000002656 _____ C:\Users\Lewy\Desktop\0Fixlog.txt
2021-06-24 13:44 - 2021-07-13 22:33 - 000000000 ____D C:\Users\Lewy\AppData\Local\ElevatedDiagnostics
2021-06-24 13:39 - 2021-06-26 17:07 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-06-24 13:24 - 2021-06-24 13:27 - 000045880 _____ C:\Users\Lewy\Desktop\0Addition.txt
2021-06-24 13:22 - 2021-07-19 12:01 - 000158119 _____ C:\Users\Lewy\Desktop\0FRST.txt
2021-06-24 13:18 - 2021-06-24 13:20 - 005198336 _____ (AVAST Software) C:\Users\Lewy\Downloads\aswMBR.exe
2021-06-23 21:38 - 2021-06-23 21:38 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-06-23 21:38 - 2021-06-23 21:38 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-06-23 21:38 - 2021-06-23 21:38 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-06-23 21:38 - 2021-06-23 21:38 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-06-23 21:38 - 2021-06-23 21:38 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-06-23 21:38 - 2021-06-23 21:38 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-06-23 21:38 - 2021-06-23 21:38 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-06-23 21:37 - 2021-06-23 21:37 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-06-23 21:37 - 2021-06-23 21:37 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-06-23 21:37 - 2021-06-23 21:37 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-06-23 21:32 - 2021-06-23 21:32 - 000000000 ___HD C:\$Windows.~WS
2021-06-23 21:30 - 2021-06-23 20:20 - 000230743 _____ C:\Windows\system32\Drivers\etc\hosts.20210623-213007.backup
2021-06-23 20:29 - 2021-06-23 20:31 - 001173560 _____ (Akeo Consulting) C:\Users\Lewy\Downloads\rufus-3.14.exe
2021-06-23 20:27 - 2021-06-23 20:27 - 000000000 _____ C:\Users\Lewy\Downloads\Unconfirmed 369227.crdownload
2021-06-23 20:25 - 2021-06-23 20:25 - 000000000 _____ C:\Users\Lewy\Downloads\Unconfirmed 608991.crdownload
2021-06-22 18:05 - 2021-06-23 22:13 - 000000000 ____D C:\ESD
2021-06-22 18:01 - 2021-06-22 18:01 - 000000000 ____D C:\$WINDOWS.~BT
2021-06-22 18:00 - 2021-06-22 18:00 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2021-06-22 18:00 - 2021-06-22 18:00 - 000000719 _____ C:\Users\Lewy\Desktop\Windows 10 Update Assistant.lnk
2021-06-22 18:00 - 2021-06-22 18:00 - 000000000 ____D C:\Windows10Upgrade
2021-06-21 21:02 - 2021-06-21 21:02 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-06-21 20:56 - 2021-06-21 20:56 - 000000000 ____D C:\Users\Lewy\AppData\Local\D3DSCache
2021-06-21 20:02 - 2021-07-18 21:47 - 000013870 _____ C:\Windows\SysWOW64\bddel.dat
2021-06-21 12:51 - 2021-06-21 12:51 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-06-21 12:51 - 2021-06-21 12:51 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-06-21 12:51 - 2021-06-21 12:51 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-06-21 12:51 - 2021-06-21 12:51 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-06-21 12:51 - 2021-06-21 12:51 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-06-21 12:51 - 2021-06-21 12:51 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-06-21 12:50 - 2021-06-21 12:50 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-06-21 12:50 - 2021-06-21 12:50 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-06-21 12:50 - 2021-06-21 12:50 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-06-21 12:50 - 2021-06-21 12:50 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-06-21 12:50 - 2021-06-21 12:50 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-06-21 12:39 - 2021-06-21 12:38 - 000468175 ____R C:\Windows\system32\Drivers\etc\hosts.20210621-123946.backup
2021-06-21 12:38 - 2021-06-21 12:35 - 000468175 _____ C:\Windows\system32\Drivers\etc\hosts.20210621-123851.backup

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-19 12:18 - 2021-06-15 22:07 - 000000000 ____D C:\FRST
2021-07-19 11:56 - 2021-05-15 21:31 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-19 11:53 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-19 11:51 - 2021-06-15 22:04 - 000074021 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2021-07-19 11:44 - 2021-05-15 21:31 - 000003944 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1621107074
2021-07-19 11:44 - 2021-05-15 21:31 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-07-19 11:44 - 2021-05-15 21:30 - 000000000 ____D C:\Program Files\Opera
2021-07-19 11:44 - 2020-11-19 09:54 - 000841126 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-19 11:44 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-07-19 11:43 - 2021-06-15 22:03 - 007333288 _____ (Tweaking.com) C:\Users\Lewy\Desktop\tweaking.com_registry_backup_setup.exe
2021-07-19 11:37 - 2021-05-15 22:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-07-19 11:37 - 2021-05-13 08:05 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-07-19 11:36 - 2021-06-17 20:47 - 1757392203 _____ C:\Windows\MEMORY.DMP
2021-07-19 11:36 - 2021-06-17 20:47 - 000000000 ____D C:\Windows\Minidump
2021-07-19 11:36 - 2021-05-12 19:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-19 11:36 - 2020-11-19 09:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-19 11:36 - 2020-11-19 09:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-19 10:46 - 2021-05-12 19:37 - 000000000 ____D C:\Users\Lewy
2021-07-19 09:11 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-19 00:12 - 2021-05-13 08:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-07-18 22:46 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-07-18 20:30 - 2021-05-13 15:02 - 000000000 ____D C:\SpybotBootCD
2021-07-17 15:10 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-17 15:08 - 2020-11-19 09:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-17 15:08 - 2020-11-19 09:46 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-17 15:08 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-16 03:50 - 2021-05-15 21:31 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-16 03:50 - 2021-05-15 21:31 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-14 17:29 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-07-13 21:49 - 2021-05-25 14:50 - 000000000 ____D C:\Users\Lewy\AppData\Local\CrashDumps
2021-07-13 21:27 - 2020-11-19 09:43 - 000458272 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-13 21:26 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-13 21:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-13 21:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-13 21:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-13 21:26 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-13 21:03 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-13 20:46 - 2021-05-13 08:23 - 000000000 ____D C:\Windows\system32\MRT
2021-07-13 20:41 - 2021-05-13 08:23 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-11 15:26 - 2021-05-12 19:43 - 000003360 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2620606096-767457063-359015763-1001
2021-07-11 15:26 - 2021-05-12 19:43 - 000000000 ___RD C:\Users\Lewy\OneDrive
2021-07-11 15:26 - 2021-05-12 19:37 - 000002376 _____ C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-11 14:23 - 2021-05-13 07:59 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Suuntolink
2021-07-11 11:49 - 2021-05-13 07:57 - 000000000 ____D C:\Users\Lewy\AppData\Local\Suuntolink
2021-07-08 23:52 - 2021-05-15 21:46 - 000002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2021-07-08 23:52 - 2021-05-15 21:46 - 000002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2021-07-08 23:52 - 2021-05-15 21:46 - 000002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2021-07-08 23:52 - 2021-05-15 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-07-02 22:12 - 2021-06-07 10:47 - 000000000 ____D C:\Users\Lewy\AppData\LocalLow\Mozilla
2021-07-02 22:11 - 2021-06-07 10:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-02 18:52 - 2021-05-15 21:32 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-02 18:52 - 2021-05-15 21:32 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-02 12:03 - 2020-11-19 09:46 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-02 12:03 - 2020-11-19 09:46 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-26 20:01 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-06-26 20:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2021-06-26 18:38 - 2021-05-15 21:32 - 000000000 ____D C:\Program Files\Google
2021-06-26 18:30 - 2021-06-04 16:30 - 000000000 ____D C:\Program Files (x86)\SoundSpectrum
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-06-23 22:13 - 2021-05-13 05:06 - 000000000 ____D C:\Windows\Panther
2021-06-23 20:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2021-06-21 21:08 - 2021-05-15 21:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-21 21:02 - 2021-05-15 21:29 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-21 21:02 - 2021-05-15 21:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-21 20:55 - 2021-06-16 01:28 - 000061345 _____ C:\Users\Lewy\Downloads\FRST.txt
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE

==================== Files in the root of some directories ========

2021-05-25 14:50 - 2021-05-25 14:50 - 000001495 _____ () C:\Users\Lewy\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by Lewy (19-07-2021 12:21:23)
Running from C:\Users\Lewy\Desktop
Windows 10 Education Version 21H1 19043.1110 (X64) (2021-05-12 17:12:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2620606096-767457063-359015763-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2620606096-767457063-359015763-503 - Limited - Disabled)
Guest (S-1-5-21-2620606096-767457063-359015763-501 - Limited - Disabled)
Lewy (S-1-5-21-2620606096-767457063-359015763-1001 - Administrator - Enabled) => C:\Users\Lewy
WDAGUtilityAccount (S-1-5-21-2620606096-767457063-359015763-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Application Compatibility Toolkit (HKLM\...\{3BD6A529-0C2A-1EE9-A123-3EF4D804A1D1}) (Version: 10.1.19041.1 - Microsoft) Hidden
Appman Auto Sequencer (HKLM-x32\...\{2942F2D5-2A6D-2061-A152-A736B3277068}) (Version: 10.1.19041.1 - Microsoft) Hidden
Appman Sequencer on amd64 (HKLM\...\{7A394A81-957E-FA00-5F3F-46CF5DDEAA4A}) (Version: 10.1.19041.1 - Microsoft) Hidden
Assessments on Client (HKLM-x32\...\{2C100366-FCBF-7B21-5E61-015CDFBBEF25}) (Version: 10.1.19041.1 - Microsoft) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.)
Blender (HKLM\...\{D6E38255-FB12-4724-A6FF-075B43272C66}) (Version: 2.92.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
CutePDF Writer (HKLM\...\CutePDF Writer Installation) (Version: 4.0 - Acro Software Inc.)
FreeRIP MP3 Converter 5.7.1.5 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 5.7.1.5 - GreenTree Applications SRL)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
Google Chrome (HKLM\...\{C208811C-385C-3C16-BE72-20618CB11F29}) (Version: 91.0.4472.124 - Google LLC)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.54.0) (Version: 9.54.0 - Artifex Software Inc.)
Imaging And Configuration Designer (HKLM-x32\...\{8072F2F3-C269-A639-4626-9209FFF6DEDB}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{2852AE0C-1EEB-72F9-1C5D-FACF6C9304DE}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{30C24881-949F-D09C-5376-9F0DC6B412CD}) (Version: 10.1.19041.1 - Microsoft) Hidden
Inkscape (HKLM\...\{8E094247-4FB9-47F4-AF01-BF66AD9781C8}) (Version: 1.0.2 - Inkscape)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Kits Configuration Installer (HKLM-x32\...\{8867E8B9-1539-18F3-54AB-B1F1E641AC14}) (Version: 10.1.19041.1 - Microsoft) Hidden
Krita (x64) 4.4.3 (HKLM\...\Krita_x64) (Version: 4.4.3.0 - Krita Foundation)
LibreOffice 7.1.3.2 (HKLM\...\{76B2DBF3-5773-4463-9EEB-D4A099EB6265}) (Version: 7.1.3.2 - The Document Foundation)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Malwarebytes version 4.4.3.125 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.3.125 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.70 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.56.2 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla)
MXAx64 (HKLM-x32\...\{53B28ABA-8EFB-7BFB-603D-9B1334BBD881}) (Version: 10.1.19041.1 - Microsoft) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
OEM Test Certificates (HKLM-x32\...\{DAF67B85-47AE-B13B-5C22-3A7149E46EB8}) (Version: 10.1.19041.1 - Microsoft) Hidden
Opera Stable 77.0.4054.254 (HKLM-x32\...\Opera 77.0.4054.254) (Version: 77.0.4054.254 - Opera Software)
paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
PuTTY release 0.75 (64-bit) (HKLM\...\{06DB09EC-52D5-47FA-A0F3-D70ED6407481}) (Version: 0.75.0.0 - Simon Tatham)
Python 3.9.5 (64-bit) (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\{f3d4ed4c-f434-41ef-8469-ffadd80c4ccf}) (Version: 3.9.5150.0 - Python Software Foundation)
Python 3.9.5 Core Interpreter (64-bit) (HKLM\...\{FBB6299D-CB58-4177-B6A0-63BFB1C8C3AE}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Development Libraries (64-bit) (HKLM\...\{AEE58901-97A1-422A-B964-4FD9BF3327B8}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Documentation (64-bit) (HKLM\...\{4EFE695B-F377-4CB0-90E3-6AEEE22DEFEB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Executables (64-bit) (HKLM\...\{843C07B6-040E-4E83-B244-5383247D70AB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 pip Bootstrap (64-bit) (HKLM\...\{7559EB6B-36F9-4AE8-8970-532E4DC0ECA3}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Standard Library (64-bit) (HKLM\...\{F4DC18F4-6323-4BE8-A322-38268831BC24}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Tcl/Tk Support (64-bit) (HKLM\...\{351016A7-AED4-4824-8D2E-2F9ED497CF77}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Test Suite (64-bit) (HKLM\...\{605117B9-EE12-4498-A089-A63219191799}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python 3.9.5 Utility Scripts (64-bit) (HKLM\...\{420E50F6-A8E8-4098-A321-7DF6B3C3BA82}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B6EF11B6-0882-43B1-AA75-4D3BD32A144A}) (Version: 3.9.7427.0 - Python Software Foundation)
Skype version 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.7 - Safer-Networking Ltd.)
SugarSync (HKLM-x32\...\SugarSync) (Version: 4.0.3.3 - KeepItSafe, Inc.)
Suuntolink (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Suuntolink) (Version: 3.6.1 - Suunto)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.18.5 - TeamViewer)
ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Toolkit Documentation (HKLM-x32\...\{1978CD82-5D9C-F9BD-4FA3-17AFA5AE12B2}) (Version: 10.1.19041.1 - Microsoft) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
UEV Tools on amd64 (HKLM\...\{91339917-AF30-9EC7-D5AA-05919BB21DB9}) (Version: 10.1.19041.1 - Microsoft) Hidden
User State Migration Tool (HKLM-x32\...\{2AD80B8E-9213-FEA7-BA85-0EFED76D6F11}) (Version: 10.1.19041.1 - Microsoft) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Volume Activation Management Tool (HKLM-x32\...\{4B43C47D-8870-ACFA-C414-6C0884876EB0}) (Version: 10.1.19041.1 - Microsoft) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{9346016b-6620-4841-8ea4-ad91d3ea02b5}) (Version: 10.1.19041.1 - Microsoft Corporation)
Windows Assessment and Deployment Kit Windows Preinstallation Environment Add-ons - Windows 10 (HKLM-x32\...\{353df250-4ecc-4656-a950-4df93078a5fd}) (Version: 10.1.19041.1 - Microsoft Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)
WPT Redistributables (HKLM-x32\...\{AE00264D-F001-A1D3-F3B8-74A9D2193E7F}) (Version: 10.1.19041.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{FD439F85-AD64-B3E5-9FC5-444AE8C8AF7B}) (Version: 10.1.19041.1 - Microsoft) Hidden
Zoom (HKLM-x32\...\{325D3FAA-C519-40F3-9423-DE74994B7B80}) (Version: 5.6.823 - Zoom)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-14] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2015-06-29] (NVIDIA Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-05-15 21:36 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-12-06 19:37 - 2019-12-06 19:37 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2020-11-30 22:46 - 2020-11-30 22:46 - 003060224 _____ (SugarSync, Inc.) [File not signed] C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25845787.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25845787.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2620606096-767457063-359015763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)

There are 7942 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2021-07-19 11:39 - 000467116 ____N C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)

There are 15980 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2620606096-767457063-359015763-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\StartupApproved\Run: => "SuuntolinkLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{6C9BAD30-E75B-4B02-8205-702CD4289285}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{93E726A5-8872-4EAD-AD18-C85ADBB7D106}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A2A4DBAA-CD61-4720-8B62-335F2466FCC7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B62211A-3155-4EF8-837A-55E47F561C05}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{2B8A53BF-0B23-4E41-982C-D4CC01257694}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{DB906621-3B3D-4EEF-8747-BF85EB682C4D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{E164E1F8-2309-42DF-957D-35D4D74DF947}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{15177D09-89A2-4CBC-8E8D-5A74E06941E3}] => (Allow) C:\Program Files (x86)\SugarSync\SugarSync.exe (KeepItSafe, Inc.) [File not signed]
FirewallRules: [{6760AB53-900C-4ECA-AFAD-C3446D3AB6F3}] => (Allow) C:\Program Files (x86)\SugarSync\SugarSync.exe (KeepItSafe, Inc.) [File not signed]
FirewallRules: [{79A5CBFB-333C-4D5A-8D77-2618F7E2B8B7}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{25F65549-883E-4388-9DFA-01656737201A}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{853C167E-1E7E-4C77-8534-3711FBCE56D4}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7108E88C-00D9-4813-887B-54DCC319C16D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E31A36D9-2C41-4A45-AFD3-269D033EB0BD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2CBC8CF9-39FC-4574-9AD4-62711346EB75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9689789E-14C7-47DE-A1B8-ABE0AAA271E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E44A3438-1202-4603-8D26-253ECC0799DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C7532C0-0E40-4DD3-B721-BD1222F27000}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3FABD95B-5A7E-405E-870F-C350472FBAFA}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5B97CA4-CDE7-457C-A0A1-D1153C64F0AA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B1B4EF68-FB1E-4DB1-B322-1D085ABB6A40}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{30EA4684-9A4A-4BBF-B5D6-1514F7AFF6B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{116D42E5-26D4-496D-8916-5DFC626ACD53}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{366912F1-31C6-41FE-BC10-4DC031C7EFC7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5F411457-CF74-4679-8682-873A42299FA4}] => (Allow) C:\Program Files\Opera\77.0.4054.203\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{A74F231B-10F3-47EE-A7C3-45A39DFD7E96}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{70506BDB-5FE9-4F08-9371-4FF344862947}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B84407EE-E4A8-42B7-85B5-57DE5C4A66CC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84314276-9589-4EBB-BCC3-23F31C570061}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6279D287-FC72-4ADE-949F-DFC5F68ED12A}] => (Allow) C:\Program Files\Opera\77.0.4054.254\opera.exe (Opera Software AS -> Opera Software)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

26-06-2021 19:33:31 Installed Windows Automated Installation Kit
05-07-2021 10:09:15 Scheduled Checkpoint
07-07-2021 18:07:09 Windows Modules Installer
07-07-2021 21:26:55 Windows Modules Installer
13-07-2021 20:53:40 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2021 12:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x26e0
Faulting application start time: 0x01d77c87c81b9040
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 2c3dd927-16f3-4fc8-81e9-fa20060e375e
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 12:18:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x2694
Faulting application start time: 0x01d77c84fce88c7c
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: df45c06a-ab46-475b-8c26-643d2d6d7b91
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 12:01:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2694
Faulting application start time: 0x01d77c84fce88c7c
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 3028e6a3-d2dd-4a12-9f4d-fe24a4d54605
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 11:58:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x57c
Faulting application start time: 0x01d77c83971f55b2
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: 363de8eb-db59-4297-b2e6-0ff1d430ba01
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 11:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x57c
Faulting application start time: 0x01d77c83971f55b2
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 159d9f5e-0cd4-43eb-b6de-63f51f9bba8d
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 11:44:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x480
Faulting application start time: 0x01d77c823184c385
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: 37c4b66f-a5c7-4ef6-8d48-96b4bebf2f3e
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 11:41:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x480
Faulting application start time: 0x01d77c823184c385
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 687a0c03-64a9-4911-99e1-382a5cb6fa38
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2021 10:50:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x924
Faulting application start time: 0x01d77c7b0aa0ca3e
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 827e5df4-c832-4768-b0f8-2fe3181e3be3
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (07/19/2021 11:44:14 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/19/2021 11:38:36 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2021 11:38:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2021 11:37:43 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffff82012cfcd010, 0x00000000000000ff, 0x0000000000000000, 0xfffff804054095ae). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: db320ab5-46e1-4434-b2ba-dfbb31426502.

Error: (07/19/2021 11:36:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:46:22 on ‎19/‎07/‎2021 was unexpected.

Error: (07/19/2021 11:32:07 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/19/2021 11:32:07 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/19/2021 10:48:30 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Windows Defender:
================
Date: 2021-07-17 15:02:44
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Avast Software\Avast\setup\instup.exe
Security intelligence Version: AV: 1.339.1708.0, AS: 1.339.1708.0, NIS: 1.339.1708.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-07-13 22:33:55
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSpybotLab.exe
Security intelligence Version: AV: 1.339.1708.0, AS: 1.339.1708.0, NIS: 1.339.1708.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-07-13 22:29:32
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Security intelligence Version: AV: 1.339.1708.0, AS: 1.339.1708.0, NIS: 1.339.1708.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-07-13 22:25:57
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Security intelligence Version: AV: 1.339.1708.0, AS: 1.339.1708.0, NIS: 1.339.1708.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-07-13 22:19:03
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0
Name: SettingsModifier:Win32/PossibleHostsFileHijack
Severity: Medium
Category: Settings Modifier
Path: file:_C:\Windows\System32\drivers\etc\hosts
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe
Security intelligence Version: AV: 1.339.1708.0, AS: 1.339.1708.0, NIS: 1.339.1708.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-07-13 22:21:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.1708.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2021-07-13 22:21:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.1708.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2021-05-12 21:41:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-05-12 21:41:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-05-12 21:41:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.303.25.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2021-07-19 12:23:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-07-19 12:23:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2021-07-19 12:23:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-07-19 12:18:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Avast Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 7LETC9WW (2.29 ) 03/18/2011
Motherboard: LENOVO 6460D6G
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 91%
Total physical RAM: 4030.29 MB
Available physical RAM: 345.45 MB
Total Virtual: 18474.29 MB
Available Virtual: 14764.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:140.52 GB) (Free:43.46 GB) NTFS
Drive f: () (Removable) (Total:233.19 GB) (Free:119.78 GB) FAT32

\\?\Volume{6dd9e22f-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{6dd9e22f-0000-0000-0000-902423000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6DD9E22F)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=499 MB) - (Type=27)
Partition 4: (Not Active) - (Size=97.4 GB) - (Type=05)

==========================================================
Disk: 1 (Size: 233.3 GB) (Disk ID: 6F7A4A05)
Partition 1: (Not Active) - (Size=233.2 GB) - (Type=0C)

==================== End of Addition.txt =======================

===================================START OF ASWMBR report:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2021-07-19 10:49:46
-----------------------------
10:49:46.698 OS Version: Windows x64 6.2.9200
10:49:46.698 Number of processors: 2 586 0x1706
10:49:46.714 ComputerName: LEWY-T61 UserName: Lewy
10:49:47.776 Initialize success
10:50:36.992 AVAST engine defs: 17030301
10:50:43.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
10:50:43.492 Disk 0 Vendor: Vi550_S3_SSD SBFMJ1.3 Size: 244198MB BusType: 3
10:50:43.523 Disk 0 MBR read successfully
10:50:43.523 Disk 0 MBR scan
10:50:43.523 Disk 0 unknown MBR code
10:50:43.539 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50 MB offset 2048
10:50:43.539 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 143893 MB offset 104448
10:50:43.554 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 499 MB offset 294799360
10:50:43.554 Disk 0 Partition - 00 05 Extended 99754 MB offset 295821312
10:50:43.570 Disk 0 Partition 4 00 83 Linux B 555 MB offset 295823360
10:50:43.570 Disk 0 Partition - 00 05 Extended 14444 MB offset 296961525
10:50:43.601 Disk 0 scanning C:\Windows\system32\drivers
10:51:01.227 Service scanning
10:51:35.570 Modules scanning
10:51:36.039 AVAST engine scan C:\
11:18:23.613 File: C:\Windows\SysWOW64\GamePanel.exe **INFECTED** Win32:MalOb-CA [Cryp]
11:29:42.582 File: C:\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.19041.746_none_2703bed0ba809808\GamePanel.exe **INFECTED** Win32:MalOb-CA [Cryp]
11:30:46.082 Disk 0 statistics 28847298/0/0 @ 27,90 MB/s
11:30:46.097 Scan finished successfully
11:32:28.318 Disk 0 MBR has been saved successfully to "C:\Users\Lewy\Desktop\MBR.dat"
11:32:28.334 The log file has been saved successfully to "C:\Users\Lewy\Desktop\aswMBR0.txt"
===================================END OF ASWMBR report.

==========EXTRA Avast free preboot report:

07/18/2021 22:47
Scan of all local drives

File C:\Program Files\GIMP 2\lib\python2.7\test\test_zipfile.pyc|>afile Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\GIMP 2\lib\python2.7\test\test_zipfile.pyo|>afile Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Krita (x64)\share\krita\templates\design\.source\Designcinema16_10_2484x1200_96dpiRGB_8bit_.kra|>mergedimage.png Error 42110 {The file is a decompression bomb.}
File C:\Program Files\Krita (x64)\share\krita\templates\design\.source\Designcinema2.39_1_2484x1040_96dpiRGB_8bit_.kra|>mergedimage.png Error 42110 {The file is a decompression bomb.}
File C:\Program Files\Krita (x64)\share\krita\templates\design\.source\DesignpresentationA3Landscape_4960x3508_300dpiRGB_8bit_.kra|>mergedimage.png Error 42110 {The file is a decompression bomb.}
File C:\Program Files\Krita (x64)\share\krita\templates\design\.source\DesignpresentationA4portrait_2480x3508_300dpiRGB_8bit_.kra|>mergedimage.png Error 42110 {The file is a decompression bomb.}
File C:\Program Files\Krita (x64)\share\krita\templates\design\.source\Designscreen4_3_2250x1680_96dpiRGB_8bit_.kra|>mergedimage.png Error 42110 {The file is a decompression bomb.}
Number of searched folders: 131314
Number of tested files: 2066121
Number of infected files: 0

==========EXTRA Avast free preboot report END ***





Do I need to keep my notebook running in Windows environment in order that You help me?
Please help me again, I know I took a lot of Your precious time, but kindly bear with me.
Thanks in advance, sincerely, Grega Leskovšek from Slovenia, EU

-----------------------------------------------------------------
[I]Previous topic: https://forums.spybot.info/showthread.php?77595-malware-not-been-able-to-remove/page2
Juliet
2021-07-20, 01:27
Chances are the files alerted to by that scan are not infected

Test the file, at one or two of the below sites so that we're not looking at a false positive.

Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\Windows\SysWOW64\GamePanel.exe


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Also, see if you can find the below file and have it scanned too

C:\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.19041.746_none_2703bed0ba809808\GamePanel.exe

~~~~~~~~~~~~

https://forum.avast.com/index.php?topic=186816.0
Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive)
This is a frequently asked question - no action is required.
Decompression Bomb, a file that is highly compressed, which could be very large when decompressed.
mergedimage.png Error==> 42110 {The file is a decompression bomb.}




Now I see 2 tools downloaded and used?
ComboFix.exe <== do not use this tool without supervision
TDSSKiller <== do not use this tool without supervision

See if you can locate this file, I want to see whats in it.
C:\TDSSKiller.2.8.16.0_18.07.2021_19.30.53_log.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All I actually saw were items we could tidy up on and some restrictions set by your onboard Antivirus security.

Please reply back the information I requested on the files to have scanned out.
leskgr
2021-07-21, 00:39
It was malware ... Avast, Avg and another antivirus have reported it as such. I deleted all related files as well and uninstalled xbox (I do not play computer games - it was in that directory).
Thanks for Your help, I hope this will suffice.
It is great to have such a helper as You, Juliet.
Good luck on whatever You do in Your Life and may all Your relationships be happy, compassionate, loving as well. Thanks again!
Sincerely, Grega from Slovenia


Chances are the files alerted to by that scan are not infected

Test the file, at one or two of the below sites so that we're not looking at a false positive.

Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\Windows\SysWOW64\GamePanel.exe


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Also, see if you can find the below file and have it scanned too

C:\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.19041.746_none_2703bed0ba809808\GamePanel.exe

~~~~~~~~~~~~

https://forum.avast.com/index.php?topic=186816.0
Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive)
This is a frequently asked question - no action is required.
Decompression Bomb, a file that is highly compressed, which could be very large when decompressed.
mergedimage.png Error==> 42110 {The file is a decompression bomb.}




Now I see 2 tools downloaded and used?
ComboFix.exe <== do not use this tool without supervision
TDSSKiller <== do not use this tool without supervision

See if you can locate this file, I want to see whats in it.
C:\TDSSKiller.2.8.16.0_18.07.2021_19.30.53_log.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All I actually saw were items we could tidy up on and some restrictions set by your onboard Antivirus security.

Please reply back the information I requested on the files to have scanned out.
Juliet
2021-07-21, 01:40
Thank you Grega from Slovenia

Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.