Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: malware not been able to remove

  1. #1
    Junior Member
    Join Date
    Dec 2020
    Posts
    13

    Default malware not been able to remove

    AFTER TRYING TO UPLOAD Farbar RS, I can not do it, because even I followed the rulls for unchecking and more the size is still 70kB what does it no allow me to upload FRST.txt file.
    PLEASE HELP ME RESOLVE THIS TOO for sake of other users as well - I splitted files in part1 and part2.txt printscreen-rootkit.pngFRST_part1.txtFRST_part2.txtAddition.txtThanks!

    usb malfunction, corrupting and overwriting usb drives, not being able to unmount usb drives
    I run Spyboot Rootkit and many many times I have the same malware and each and every time I delete them they later reappear with the same key {} as seen in printscreen.
    Please also teach me how to make a bootable windows 10 boot drive so I am empowered in the future.

    I needed to reinstall FARBAR RT, because my first .txt file was too large(70kB), yes I followed the rulls. I had to uncheck one more option and I unchecked "One month"
    Please help me, thanks in advance, sincerely, Grega from Slovenia

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    You don't have to upload, just copy and paste the logs into your replies.


    ******
    I found what Windows Defender is picking up on and it's Spybot - Search & Destroy because it edits host files, which is now throwing out errors since Windows Defender finds it as malicious.
    This is common for one anti malware device to find another device on the machine when there are no exclusions set to allow it to run.

    Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

    ******
    As for your USB drives I found the below. No idea if you go to your computer manufacturer web site to search for driver updates and see if that solves the issues.

    Name: PCI Serial Port
    Description: PCI Serial Port
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    Please also teach me how to make a bootable windows 10 boot drive so I am empowered in the future.
    I can send you to another web site, you'll have to register and create a new thread and ask this question and receive help.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    AlternateDataStreams: C:\Users\Lewy\Downloads\FRST64.exe:SpybotOnAccess [245]
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.
    you can download AdwCleaner here: https://malwarebytes.com/adwcleaner
    • run AdwCleaner by clicking on Scan Now
    • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
    • if it asks to reboot, allow the reboot
    • on reboot, click on View Log File; please copy and paste the content of the log to your next reply.

    ============================================
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Dec 2020
    Posts
    13

    Default malware not been able to run aswMBR (blue screen, reset), uploaded First and Addition

    Here are the logs from FRST64.
    I could NOT append the logs from aswMBR as the malware did NOT let it. I tried to run aswMBR from safe mode and networking as well as boot>command prompt.
    The first try ended in blue screen and reboot if I choosed Virtualization Technology (and if I did NOT it reset during update and/or scan) and the second (cmd in boot)
    said that I do not have correct version of windows and that it can not run aswMBR.

    I will be VERY grateful for further instructions and if You can help me. Thank You in advance, sincerely, Grega Leskovšek from Slovenia.
    P.S.
    I am retired computer scientist any/if additional income I use computer. Please help me get my system back in order. Multiple thanks in advance!!

    Quote Originally Posted by leskgr View Post
    AFTER TRYING TO UPLOAD Farbar RS, I can not do it, because even I followed the rulls for unchecking and more the size is still 70kB what does it no allow me to upload FRST.txt file.
    PLEASE HELP ME RESOLVE THIS TOO for sake of other users as well - I splitted files in part1 and part2.txt printscreen-rootkit.pngFRST_part1.txtFRST_part2.txtAddition.txtThanks!

    usb malfunction, corrupting and overwriting usb drives, not being able to unmount usb drives
    I run Spyboot Rootkit and many many times I have the same malware and each and every time I delete them they later reappear with the same key {} as seen in printscreen.
    Please also teach me how to make a bootable windows 10 boot drive so I am empowered in the future.

    I needed to reinstall FARBAR RT, because my first .txt file was too large(70kB), yes I followed the rulls. I had to uncheck one more option and I unchecked "One month"
    Please help me, thanks in advance, sincerely, Grega from Slovenia
    ***FIRST.TXT
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021
    Ran by Lewy (administrator) on LEWY-T61 (LENOVO 6460D6G) (24-06-2021 13:22:38)
    Running from C:\Users\Lewy\Desktop
    Loaded Profiles: Lewy
    Platform: Windows 10 Education Version 21H1 19043.1081 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files (x86)\SugarSync\SugarSyncSvc.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
    (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Suunto Oy -> ) C:\Users\Lewy\AppData\Local\Suuntolink\app-3.5.2\resources\app\LaunchAgents\SuuntolinkLauncher.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
    HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
    HKLM\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3989200 2021-06-24] (Opera Software AS -> Opera Software)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Run: [SuuntolinkLauncher] => C:\Users\Lewy\AppData\Local\Suuntolink\app-3.5.2\resources\app\LaunchAgents\SuuntolinkLauncher.exe [831816 2021-05-13] (Suunto Oy -> )
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388304 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKLM\...\Print\Monitors\CutePDF Writer Monitor v4.0: C:\Windows\system32\cpwmon64_v40.dll [89584 2019-10-20] (Acro Software Inc -> )
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-17] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2021-05-13]
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
    BootExecute: autocheck autochk * sdnclean64.exebddel.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05AE8C68-50B2-481B-A3F1-2CC62541FFDF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {231D852E-314A-4EEA-A961-96B1102879E2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {26594A8F-743F-461E-91CE-90CEFD1BB327} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {3156AAFE-51A7-4951-B2F9-FBD6CE19FE21} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-07] (Mozilla Corporation -> Mozilla Foundation)
    Task: {4926CBF4-09F3-49DD-B466-2CE151DAE8F0} - System32\Tasks\Opera scheduled Autoupdate 1621107074 => C:\Program Files\Opera\launcher.exe [2264784 2021-06-17] (Opera Software AS -> Opera Software)
    Task: {76B19E68-4D13-4530-A475-5F00A01E4D7E} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Spybot Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9469648 2021-04-29] (Safer-Networking Ltd. -> )
    Task: {7BF7733E-C6AD-4C3B-B40B-1310F9820CF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
    Task: {8E1B2B9B-8E6E-493D-8E48-1275C7990617} - System32\Tasks\Opera scheduled assistant Autoupdate 1621107088 => C:\Program Files\Opera\launcher.exe [2264784 2021-06-17] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
    Task: {955FABE3-EBBA-47FB-A42C-6AFBD07E4709} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {CF083C10-3C84-4272-9590-E04603D43858} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-15] (Google LLC -> Google LLC)
    Task: {F9D6FB9F-4367-4DF9-BF54-D8AAFCB91755} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-15] (Google LLC -> Google LLC)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
    Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{246b3cd0-4f87-4e0d-8144-c134806beac4}: [DhcpNameServer] 172.16.0.1
    Tcpip\..\Interfaces\{9998636a-9278-4fe9-a9dc-651fd662a520}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{e8abb69c-6cda-47ab-83b7-c960956b95f0}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{fd739b55-5b00-4063-8e03-0db564833618}: [DhcpNameServer] 192.168.43.1

    Edge:
    =======
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Lewy\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-24]
    Edge Extension: (uBlock Origin) - C:\Users\Lewy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2021-05-19]

    FireFox:
    ========
    FF DefaultProfile: sxjcljno.default
    FF ProfilePath: C:\Users\Lewy\AppData\Roaming\Mozilla\Firefox\Profiles\sxjcljno.default [2021-06-07]
    FF ProfilePath: C:\Users\Lewy\AppData\Roaming\Mozilla\Firefox\Profiles\kingwiiv.default-release [2021-06-24]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-06-24] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-06-24] <==== ATTENTION

    Chrome:
    =======
    CHR Profile: C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default [2021-06-24]
    CHR Notifications: Default -> hxxps://www.nkbm.si; hxxps://www.youtube.com
    CHR Extension: (Slides) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-16]
    CHR Extension: (Docs) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-16]
    CHR Extension: (Google Drive) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-16]
    CHR Extension: (YouTube) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-16]
    CHR Extension: (Sheets) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-16]
    CHR Extension: (Google Docs Offline) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-16]
    CHR Extension: (Gmail) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-16]
    CHR Extension: (Chrome Media Router) - C:\Users\Lewy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-26]

    Opera:
    =======
    OPR Profile: C:\Users\Lewy\AppData\Roaming\Opera Software\Opera Stable [2021-06-24]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
    R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14280 2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
    S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395360 2021-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 SugarSync Service; C:\Program Files (x86)\SugarSync\SugarSyncSvc.exe [173056 2020-11-30] () [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-29] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [410624 2006-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Lewy\AppData\Roaming\Zoom"

    ===================== Drivers (All) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [266240 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 3ware; C:\Windows\System32\drivers\3ware.sys [107320 2019-12-07] (Microsoft Windows -> LSI)
    R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [809288 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [139792 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [14336 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [18432 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [16384 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 Acx01000; C:\Windows\System32\drivers\Acx01000.sys [415232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [1135416 2019-12-07] (Microsoft Windows -> PMC-Sierra)
    R1 AFD; C:\Windows\system32\drivers\afd.sys [655688 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R1 afunix; C:\Windows\system32\drivers\afunix.sys [41984 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [292352 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [18432 2019-12-07] (Microsoft Windows -> Advanced Micro Devices, Inc)
    S3 amdi2c; C:\Windows\System32\drivers\amdi2c.sys [45568 2019-12-07] (Microsoft Windows -> Advanced Micro Devices, Inc)
    S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [207160 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [211256 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S0 amdsata; C:\Windows\System32\drivers\amdsata.sys [83256 2019-12-07] (Microsoft Windows -> Advanced Micro Devices)
    S0 amdsbs; C:\Windows\System32\drivers\amdsbs.sys [259384 2019-12-07] (Microsoft Windows -> AMD Technologies Inc.)
    S0 amdxata; C:\Windows\System32\drivers\amdxata.sys [26936 2019-12-07] (Microsoft Windows -> Advanced Micro Devices)
    S3 AppID; C:\Windows\System32\drivers\appid.sys [208712 2021-06-23] (Microsoft Windows -> Microsoft Windows)
    S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [18432 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [138040 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [174392 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [154936 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S0 arcsas; C:\Windows\System32\drivers\arcsas.sys [131896 2019-12-07] (Microsoft Windows -> PMC-Sierra, Inc.)
    R3 AsyncMac; C:\Windows\System32\drivers\asyncmac.sys [31232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 atapi; C:\Windows\System32\drivers\atapi.sys [30024 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533816 2019-12-07] (Microsoft Windows -> QLogic Corporation)
    R1 bam; C:\Windows\System32\drivers\bam.sys [78136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 BasicDisplay; C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys [68608 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R1 BasicRender; C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys [38912 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    U5 BattC; C:\Windows\System32\Drivers\BattC.sys [41272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 BCM43XX; C:\Windows\System32\drivers\bcmwl63al.sys [5170176 2019-12-07] (Microsoft Windows -> Broadcom Corporation)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [9728 2019-12-07] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
    R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R2 bindflt; C:\Windows\system32\drivers\bindflt.sys [148816 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [117760 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [113664 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [65536 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 BthLEEnum; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [106496 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [45568 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 BthPan; C:\Windows\System32\drivers\bthpan.sys [133632 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [1563136 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [110592 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S0 bttflt; C:\Windows\System32\drivers\bttflt.sys [43832 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [44032 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 CAD; C:\Windows\System32\drivers\CAD.sys [66576 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [300032 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [100864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 cdrom; C:\Windows\System32\drivers\cdrom.sys [181248 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S0 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [319800 2019-12-07] (Microsoft Windows -> Chelsio Communications)
    S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [1853752 2019-12-07] (Microsoft Windows -> Chelsio Communications)
    R1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [97792 2021-06-23] (Microsoft Windows -> )
    S3 circlass; C:\Windows\System32\drivers\circlass.sys [52224 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [496128 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    R0 CLFS; C:\Windows\System32\drivers\CLFS.sys [411464 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    R3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [36864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 CNG; C:\Windows\System32\Drivers\cng.sys [746400 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [40968 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys [41984 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 condrv; C:\Windows\System32\drivers\condrv.sys [57160 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R1 CSC; C:\Windows\System32\drivers\csc.sys [580608 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S1 dam; C:\Windows\System32\drivers\dam.sys [97096 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    R1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [152064 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R0 disk; C:\Windows\System32\drivers\disk.sys [98624 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [59192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [16128 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R1 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [3784504 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R3 e1express; C:\Windows\System32\drivers\e1e6032e.sys [300544 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3418936 2019-12-07] (Microsoft Windows -> QLogic Corporation)
    S0 EhStorClass; C:\Windows\System32\drivers\EhStorClass.sys [95032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S0 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [124728 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [15872 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 exfat; C:\Windows\System32\Drivers\exfat.sys [421696 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [425272 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 fdc; C:\Windows\System32\drivers\fdc.sys [34816 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [59392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [94736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [40448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [28672 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [430392 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [69968 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [33592 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [800056 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [23864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 genericusbfn; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [183112 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [430080 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [139776 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [39440 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [120320 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [57344 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [55824 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 HidIr; C:\Windows\System32\drivers\hidir.sys [48640 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 hidspi; C:\Windows\System32\drivers\hidspi.sys [66560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [44032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S0 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [64312 2019-12-07] (Microsoft Windows -> Hewlett-Packard Company)
    R3 HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [1511936 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [1564984 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S4 hvcrash; C:\Windows\System32\drivers\hvcrash.sys [35128 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [95056 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [30208 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [33096 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [27448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 HyperVideo; C:\Windows\System32\drivers\HyperVideo.sys [41784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [118272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [36352 2019-12-07] (Microsoft Windows -> Intel(R) Corporation)
    S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [91136 2019-12-07] (Microsoft Windows -> Intel(R) Corporation)
    S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [79360 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 iaLPSS2i_GPIO2_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [93184 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 iaLPSS2i_GPIO2_CNL; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 iaLPSS2i_GPIO2_GLK; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [171520 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 iaLPSS2i_I2C_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [175104 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 iaLPSS2i_I2C_CNL; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [177152 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 iaLPSS2i_I2C_GLK; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2019-12-07] (Intel Corporation - Client Components Group -> Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [113152 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S0 iaStorAVC; C:\Windows\System32\drivers\iaStorAVC.sys [884752 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S0 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [412176 2019-12-07] (Microsoft Windows -> Intel Corporation)
    S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [558904 2019-12-07] (Microsoft Windows -> Mellanox)
    R3 IBMPMDRV; C:\Windows\System32\drivers\ibmpmdrv.sys [80144 2019-12-11] (Lenovo -> Lenovo.)
    S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [47104 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R0 intelide; C:\Windows\System32\drivers\intelide.sys [19784 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [418800 2021-05-13] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
    S3 intelpmax; C:\Windows\System32\drivers\intelpmax.sys [30720 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 intelppm; C:\Windows\System32\drivers\intelppm.sys [230728 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R0 iorate; C:\Windows\System32\drivers\iorate.sys [57168 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [90112 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [117584 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [225280 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 IPT; C:\Windows\System32\drivers\ipt.sys [59704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 isapnp; C:\Windows\System32\drivers\isapnp.sys [22856 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [292672 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S0 ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [172344 2019-12-07] (Microsoft Windows -> Avago Technologies)
    R3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [71480 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [46592 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [29000 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 kdnic; C:\Windows\System32\drivers\kdnic.sys [33296 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [147280 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [180048 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [29696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R2 lltdio; C:\Windows\System32\drivers\lltdio.sys [72704 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [108856 2019-12-07] (Microsoft Windows -> LSI Corporation)
    S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [124216 2019-12-07] (Microsoft Windows -> LSI Corporation)
    S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [135992 2019-12-07] (Microsoft Windows -> Avago Technologies)
    S0 LSI_SSS; C:\Windows\System32\drivers\lsi_sss.sys [82744 2019-12-07] (Microsoft Windows -> LSI Corporation)
    R2 luafv; C:\Windows\system32\drivers\luafv.sys [140800 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 mausbhost; C:\Windows\System32\drivers\mausbhost.sys [537608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 mausbip; C:\Windows\System32\drivers\mausbip.sys [64016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [391168 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R2 mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [17024 2006-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
    S0 megasas; C:\Windows\System32\drivers\megasas.sys [59704 2019-12-07] (Microsoft Windows -> Avago Technologies)
    S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [81720 2019-12-07] (Microsoft Windows -> Avago Technologies)
    S0 megasas35i; C:\Windows\System32\drivers\megasas35i.sys [105480 2019-12-07] (Microsoft Windows -> Avago Technologies)
    S0 megasr; C:\Windows\System32\drivers\megasr.sys [575800 2019-12-07] (Microsoft Windows -> LSI Corporation, Inc.)
    S3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [65024 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [1131320 2019-12-07] (Microsoft Windows -> Mellanox)
    R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [53248 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R3 Modem; C:\Windows\System32\drivers\modem.sys [47104 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 monitor; C:\Windows\System32\drivers\monitor.sys [80896 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R3 mouclass; C:\Windows\System32\drivers\mouclass.sys [67600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 mouhid; C:\Windows\System32\drivers\mouhid.sys [35328 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [110392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [80896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [157696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [577864 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [264008 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 MsBridge; C:\Windows\System32\drivers\bridge.sys [127488 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [44048 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [56120 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [12288 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [20296 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [34816 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R2 MsLldp; C:\Windows\System32\drivers\mslldp.sys [78848 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 MsQuic; C:\Windows\System32\drivers\msquic.sys [322376 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [382792 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R0 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [296264 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    R1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [47928 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [12288 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [17920 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 Mup; C:\Windows\System32\Drivers\mup.sys [132920 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S0 mvumis; C:\Windows\System32\drivers\mvumis.sys [63800 2019-12-07] (Microsoft Windows -> Marvell Semiconductor, Inc.)
    R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [742400 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [146232 2019-12-07] (Microsoft Windows -> Mellanox)
    R0 NDIS; C:\Windows\System32\drivers\ndis.sys [1478984 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R1 NdisCap; C:\Windows\System32\drivers\ndiscap.sys [54272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [135168 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [28672 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R3 Ndisuio; C:\Windows\System32\drivers\ndisuio.sys [70656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [23040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 NdisWan; C:\Windows\System32\drivers\ndiswan.sys [206848 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 ndiswanlegacy; C:\Windows\System32\DRIVERS\ndiswan.sys [206848 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 NDKPing; C:\Windows\System32\drivers\NDKPing.sys [72720 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 ndproxy; C:\Windows\System32\DRIVERS\NDProxy.sys [93696 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R2 Ndu; C:\Windows\System32\drivers\Ndu.sys [131584 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [207360 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R1 NetBIOS; C:\Windows\System32\drivers\netbios.sys [64312 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [341504 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [250192 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 netwlv64; C:\Windows\System32\drivers\netwlv64.sys [7530496 2019-12-07] (Microsoft Windows -> Intel Corporation)
    R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [87568 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [27648 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [48640 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [2851656 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R1 Null; C:\Windows\System32\Drivers\Null.sys [7680 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 nvdimm; C:\Windows\System32\drivers\nvdimm.sys [168464 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [12914360 2016-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
    S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150328 2019-12-07] (Microsoft Windows -> NVIDIA Corporation)
    S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166200 2019-12-07] (Microsoft Windows -> NVIDIA Corporation)
    S3 Parport; C:\Windows\System32\drivers\parport.sys [109056 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [182592 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R0 pci; C:\Windows\System32\drivers\pci.sys [469304 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R0 pciide; C:\Windows\System32\drivers\pciide.sys [16696 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [127800 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 pcw; C:\Windows\System32\drivers\pcw.sys [57656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 pdc; C:\Windows\System32\drivers\pdc.sys [159056 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [823296 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58680 2019-12-07] (Microsoft Windows -> Avago Technologies)
    S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [68408 2019-12-07] (Microsoft Windows -> Avago Technologies)
    S3 PktMon; C:\Windows\System32\drivers\PktMon.sys [129872 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
    S0 pmem; C:\Windows\System32\drivers\pmem.sys [138040 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 PNPMEM; C:\Windows\System32\drivers\pnpmem.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 portcfg; C:\Windows\System32\drivers\portcfg.sys [27136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 PptpMiniport; C:\Windows\System32\drivers\raspptp.sys [101888 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 Processor; C:\Windows\System32\drivers\processr.sys [216376 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R1 Psched; C:\Windows\System32\drivers\pacer.sys [161608 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [53248 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [42296 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [20480 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R3 RasAgileVpn; C:\Windows\System32\drivers\AgileVpn.sys [113152 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 Rasl2tp; C:\Windows\System32\drivers\rasl2tp.sys [110080 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R3 RasPppoe; C:\Windows\System32\drivers\raspppoe.sys [87552 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 RasSstp; C:\Windows\System32\drivers\rassstp.sys [86016 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [455480 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [28672 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [169984 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [31544 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [297784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [2003792 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [990008 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [213504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [115712 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R2 rspndr; C:\Windows\System32\drivers\rspndr.sys [89088 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [18960 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [118096 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [44032 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [158736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 sdbus; C:\Windows\System32\drivers\sdbus.sys [305472 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [35128 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [82848 2019-07-31] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S3 sdstor; C:\Windows\System32\drivers\sdstor.sys [104248 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 SerCx; C:\Windows\System32\drivers\SerCx.sys [86328 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [173072 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 Serenum; C:\Windows\System32\drivers\serenum.sys [27648 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 Serial; C:\Windows\System32\drivers\serial.sys [90624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [29184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [19456 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 SgrmAgent; C:\Windows\System32\drivers\SgrmAgent.sys [88080 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44856 2019-12-07] (Microsoft Windows -> Silicon Integrated Systems Corp.)
    S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81720 2019-12-07] (Microsoft Windows -> Silicon Integrated Systems)
    S0 SmartSAMD; C:\Windows\System32\drivers\SmartSAMD.sys [209720 2019-12-07] (Microsoft Windows -> Microsemi Corportation)
    S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [172544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 spaceparser; C:\Windows\System32\drivers\spaceparser.sys [26624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 spaceport; C:\Windows\System32\drivers\spaceport.sys [678728 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 SpatialGraphFilter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [90936 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 SpbCx; C:\Windows\System32\drivers\SpbCx.sys [87352 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
    R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [787968 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
    S3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
    S3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
    R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [315392 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S0 stexstor; C:\Windows\System32\drivers\stexstor.sys [31032 2019-12-07] (Microsoft Windows -> Promise Technology, Inc.)
    R0 storahci; C:\Windows\System32\drivers\storahci.sys [186184 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [54080 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [155960 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [92984 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 storufs; C:\Windows\System32\drivers\storufs.sys [61256 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S0 storvsc; C:\Windows\System32\drivers\storvsc.sys [44048 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys [18952 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [6656 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [460528 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
    R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [2992968 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 Tcpip6; C:\Windows\System32\drivers\tcpip.sys [2992968 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [54784 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [117560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 Telemetry; C:\Windows\System32\drivers\IntelTA.sys [26608 2020-11-19] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
    S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [41272 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 TPM; C:\Windows\System32\drivers\tpm.sys [255288 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [66560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [37888 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [141824 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S3 tunnel; C:\Windows\System32\drivers\tunnel.sys [129024 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UASPStor; C:\Windows\System32\drivers\uaspstor.sys [79160 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [166400 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [188416 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [36864 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [113152 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 Ucx01000; C:\Windows\System32\drivers\ucx01000.sys [259896 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [52736 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [344064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UEFI; C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys [34104 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [41272 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [330056 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 UfxChipidea; C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys [110608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [168264 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 umbus; C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys [58368 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UmPass; C:\Windows\System32\drivers\umpass.sys [15360 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UrsChipidea; C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys [32056 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [76304 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 UrsSynopsys; C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys [29496 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [201728 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 usbaudio2; C:\Windows\System32\drivers\usbaudio2.sys [260608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 usbccgp; C:\Windows\System32\drivers\usbccgp.sys [185664 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [107520 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 usbehci; C:\Windows\System32\drivers\usbehci.sys [86544 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 usbhub; C:\Windows\System32\drivers\usbhub.sys [528184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [653136 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [40448 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24064 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 usbser; C:\Windows\System32\drivers\usbser.sys [88064 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [136504 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [39424 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [329040 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [608568 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [67384 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S4 VerifierExt; C:\Windows\System32\drivers\VerifierExt.sys [347448 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [820560 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 vhf; C:\Windows\System32\drivers\vhf.sys [47616 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 Vid; C:\Windows\System32\drivers\Vid.sys [644424 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S3 VirtualRender; C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [160072 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [36664 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [19768 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [90960 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [389432 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [429880 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R0 volume; C:\Windows\System32\drivers\volume.sys [16696 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 vpci; C:\Windows\System32\drivers\vpci.sys [89400 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S0 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [166712 2019-12-07] (Microsoft Windows -> VIA Technologies Inc.,Ltd)
    S0 VSTXRAID; C:\Windows\System32\drivers\vstxraid.sys [305464 2019-12-07] (Microsoft Windows -> VIA Corporation)
    R3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [29184 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R1 vwififlt; C:\Windows\System32\drivers\vwififlt.sys [77824 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 vwifimp; C:\Windows\System32\drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [31232 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R2 wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [93184 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    S3 wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [93184 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
    R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [202544 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [93184 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [832832 2021-06-21] (Microsoft Windows -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [421112 2021-05-29] (Microsoft Windows -> Microsoft Corporation)
    S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [958976 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 WdmCompanionFilter; C:\Windows\System32\drivers\WdmCompanionFilter.sys [23560 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-29] (Microsoft Windows -> Microsoft Corporation)
    R0 WFPLWFS; C:\Windows\System32\drivers\wfplwfs.sys [180024 2021-06-23] (Microsoft Windows -> Microsoft Corporation)
    S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [39736 2019-12-06] (Microsoft Windows -> Microsoft Corporation)
    R3 winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [731648 2006-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [76984 2019-12-07] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
    R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [18920 2019-12-07] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
    S3 WinMad; C:\Windows\System32\drivers\winmad.sys [36152 2019-12-07] (Microsoft Windows -> Mellanox)
    S3 WinNat; C:\Windows\System32\drivers\winnat.sys [259584 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [107008 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [73016 2019-12-07] (Microsoft Windows -> Mellanox)
    R3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [19456 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R0 Wof; C:\Windows\System32\Drivers\Wof.sys [234296 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    R3 WpdUpFltr; C:\Windows\System32\drivers\WpdUpFltr.sys [32568 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [25088 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [136192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 WUDFWpdFs; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    R2 XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [9728 2006-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [329216 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
    S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [51712 2021-05-13] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-06-24 13:22 - 2021-06-24 13:23 - 000061663 _____ C:\Users\Lewy\Desktop\FRST.txt
    2021-06-24 13:20 - 2021-06-24 13:17 - 002300416 _____ (Farbar) C:\Users\Lewy\Desktop\FRST64.exe
    2021-06-24 13:18 - 2021-06-24 13:20 - 005198336 _____ (AVAST Software) C:\Users\Lewy\Downloads\aswMBR.exe
    2021-06-24 13:17 - 2021-06-24 13:17 - 002300416 _____ (Farbar) C:\Users\Lewy\Downloads\FRST64.exe
    2021-06-23 21:38 - 2021-06-23 21:38 - 002371072 _____ C:\Windows\system32\rdpnano.dll
    2021-06-23 21:38 - 2021-06-23 21:38 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
    2021-06-23 21:38 - 2021-06-23 21:38 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2021-06-23 21:38 - 2021-06-23 21:38 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2021-06-23 21:38 - 2021-06-23 21:38 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
    2021-06-23 21:38 - 2021-06-23 21:38 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
    2021-06-23 21:38 - 2021-06-23 21:38 - 000060928 _____ C:\Windows\system32\runexehelper.exe
    2021-06-23 21:38 - 2021-06-23 21:38 - 000011333 _____ C:\Windows\system32\DrtmAuthTxt.wim
    2021-06-23 21:37 - 2021-06-23 21:37 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
    2021-06-23 21:37 - 2021-06-23 21:37 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2021-06-23 21:37 - 2021-06-23 21:37 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2021-06-23 21:37 - 2021-06-23 21:37 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
    2021-06-23 21:32 - 2021-06-23 21:32 - 000000000 ___HD C:\$Windows.~WS
    2021-06-23 21:30 - 2021-06-23 20:20 - 000230743 _____ C:\Windows\system32\Drivers\etc\hosts.20210623-213007.backup
    2021-06-23 20:32 - 2021-06-23 20:32 - 000000400 __RSH C:\ProgramData\ntuser.pol
    2021-06-23 20:29 - 2021-06-23 20:31 - 001173560 _____ (Akeo Consulting) C:\Users\Lewy\Downloads\rufus-3.14.exe
    2021-06-23 20:27 - 2021-06-23 20:27 - 000000000 _____ C:\Users\Lewy\Downloads\Unconfirmed 369227.crdownload
    2021-06-23 20:25 - 2021-06-23 20:25 - 000000000 _____ C:\Users\Lewy\Downloads\Unconfirmed 608991.crdownload
    2021-06-23 20:18 - 2021-06-23 20:19 - 000726052 _____ C:\Windows\Minidump\062321-12031-01.dmp
    2021-06-23 10:55 - 2021-06-23 10:56 - 000761492 _____ C:\Windows\Minidump\062321-12500-01.dmp
    2021-06-22 18:05 - 2021-06-23 22:13 - 000000000 ____D C:\ESD
    2021-06-22 18:01 - 2021-06-22 18:01 - 000000000 ____D C:\$WINDOWS.~BT
    2021-06-22 18:00 - 2021-06-22 18:00 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
    2021-06-22 18:00 - 2021-06-22 18:00 - 000000719 _____ C:\Users\Lewy\Desktop\Windows 10 Update Assistant.lnk
    2021-06-22 18:00 - 2021-06-22 18:00 - 000000000 ____D C:\Windows10Upgrade
    2021-06-22 17:56 - 2021-06-22 17:57 - 000829260 _____ C:\Windows\Minidump\062221-11843-01.dmp
    2021-06-21 23:07 - 2021-06-21 23:08 - 000779212 _____ C:\Windows\Minidump\062121-12640-01.dmp
    2021-06-21 23:02 - 2021-06-21 23:03 - 000667516 _____ C:\Windows\Minidump\062121-13265-01.dmp
    2021-06-21 22:54 - 2021-06-24 13:20 - 005198336 _____ (AVAST Software) C:\Users\Lewy\Desktop\aswMBR.exe
    2021-06-21 21:15 - 2021-06-21 21:18 - 000045465 _____ C:\Users\Lewy\Desktop\Addition.old.txt
    2021-06-21 21:13 - 2021-06-21 21:18 - 000075191 _____ C:\Users\Lewy\Desktop\FRST.old.txt
    2021-06-21 21:02 - 2021-06-21 21:02 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
    2021-06-21 20:56 - 2021-06-21 20:56 - 000000000 ____D C:\Users\Lewy\AppData\Local\D3DSCache
    2021-06-21 20:02 - 2021-06-21 20:02 - 000013506 _____ C:\Windows\SysWOW64\bddel.dat
    2021-06-21 12:51 - 2021-06-21 12:51 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2021-06-21 12:51 - 2021-06-21 12:51 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2021-06-21 12:51 - 2021-06-21 12:51 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
    2021-06-21 12:51 - 2021-06-21 12:51 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
    2021-06-21 12:51 - 2021-06-21 12:51 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
    2021-06-21 12:51 - 2021-06-21 12:51 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
    2021-06-21 12:50 - 2021-06-21 12:50 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
    2021-06-21 12:50 - 2021-06-21 12:50 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
    2021-06-21 12:50 - 2021-06-21 12:50 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
    2021-06-21 12:50 - 2021-06-21 12:50 - 000287232 _____ C:\Windows\system32\CoreMas.dll
    2021-06-21 12:50 - 2021-06-21 12:50 - 000272384 _____ C:\Windows\system32\TpmTool.exe
    2021-06-21 12:39 - 2021-06-21 12:38 - 000468175 ____R C:\Windows\system32\Drivers\etc\hosts.20210621-123946.backup
    2021-06-21 12:38 - 2021-06-21 12:35 - 000468175 _____ C:\Windows\system32\Drivers\etc\hosts.20210621-123851.backup
    2021-06-17 22:03 - 2021-06-17 20:49 - 000468175 _____ C:\Windows\system32\Drivers\etc\hosts.20210617-220307.backup
    2021-06-17 20:52 - 2021-06-17 21:26 - 1789542400 _____ C:\Users\Lewy\Downloads\KB3AIK_EN (1).iso
    2021-06-17 20:47 - 2021-06-23 20:18 - 468432153 _____ C:\Windows\MEMORY.DMP
    2021-06-17 20:47 - 2021-06-23 20:18 - 000000000 ____D C:\Windows\Minidump
    2021-06-16 01:44 - 2021-06-16 01:44 - 000037250 _____ C:\Users\Lewy\Downloads\FRST_part2.txt
    2021-06-16 01:43 - 2021-06-16 01:43 - 000033710 _____ C:\Users\Lewy\Downloads\FRST_part1.txt
    2021-06-16 01:30 - 2021-06-16 01:39 - 000045625 _____ C:\Users\Lewy\Downloads\Addition.txt
    2021-06-16 01:28 - 2021-06-21 20:55 - 000061345 _____ C:\Users\Lewy\Downloads\FRST.txt
    2021-06-15 22:07 - 2021-06-24 13:23 - 000000000 ____D C:\FRST
    2021-06-15 22:04 - 2021-06-24 13:01 - 000002308 _____ C:\Users\Lewy\Desktop\Tweaking.com - Registry Backup.lnk
    2021-06-15 22:04 - 2021-06-16 00:07 - 000021659 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2021-06-15 22:04 - 2021-06-15 22:04 - 000000207 _____ C:\Windows\tweaking.com-regbackup-LEWY-T61-Windows-10-Education-(64-bit).dat
    2021-06-15 22:04 - 2021-06-15 22:04 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2021-06-15 22:04 - 2021-06-15 22:04 - 000000000 ____D C:\RegBackup
    2021-06-15 22:04 - 2021-06-15 22:04 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2021-06-15 22:03 - 2021-06-15 22:03 - 007333288 _____ (Tweaking.com) C:\Users\Lewy\Downloads\tweaking.com_registry_backup_setup.exe
    2021-06-15 22:03 - 2021-06-15 22:03 - 007333288 _____ (Tweaking.com) C:\Users\Lewy\Desktop\tweaking.com_registry_backup_setup.exe
    2021-06-15 21:22 - 2021-06-15 21:22 - 000000000 ____D C:\Users\Lewy\AppData\Local\Opera Software
    2021-06-15 20:07 - 2021-06-15 20:02 - 000468175 _____ C:\Windows\system32\Drivers\etc\hosts.20210615-200759.backup
    2021-06-07 10:54 - 2021-06-21 22:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2021-06-07 10:47 - 2021-06-21 21:02 - 000000000 ____D C:\Users\Lewy\AppData\LocalLow\Mozilla
    2021-06-07 10:47 - 2021-06-07 10:47 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Mozilla
    2021-06-07 10:47 - 2021-06-07 10:47 - 000000000 ____D C:\Users\Lewy\AppData\Local\Mozilla
    2021-06-04 16:30 - 2021-06-04 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force
    2021-06-04 16:30 - 2021-06-04 16:30 - 000000000 ____D C:\Program Files (x86)\SoundSpectrum
    2021-05-31 20:01 - 2021-05-31 20:01 - 000000000 ____D C:\Users\Lewy\AppData\Local\TeamViewer
    2021-05-30 23:57 - 2021-05-30 23:45 - 000014458 _____ C:\Windows\system32\Drivers\etc\hosts.20210530-235745.backup
    2021-05-29 11:52 - 2021-05-29 11:52 - 000302137 _____ C:\Users\Lewy\Downloads\rkhunter-1.4.6.tar.gz
    2021-05-28 21:42 - 2021-05-28 21:42 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2021-05-28 20:13 - 2021-05-28 20:13 - 000000194 _____ C:\Users\Lewy\Downloads\prod.repo
    2021-05-28 20:12 - 2021-05-28 20:28 - 000000932 _____ C:\Users\Lewy\Downloads\delta-mde-rhel
    2021-05-28 18:35 - 2021-05-28 18:35 - 000000000 _____ C:\Users\Lewy\Downloads\install_mdatp_dnf.yml
    2021-05-28 18:33 - 2021-05-28 18:33 - 000000983 _____ C:\Users\Lewy\Downloads\microsoft.asc
    2021-05-28 18:18 - 2021-05-28 18:18 - 000040050 _____ C:\Users\Lewy\Downloads\mde-urls.xlsx
    2021-05-28 18:14 - 2021-05-28 17:45 - 000468195 _____ C:\Windows\system32\Drivers\etc\hosts.20210528-181409.backup
    2021-05-26 22:58 - 2021-05-26 22:58 - 008770144 _____ (ENC Security Systems BV) C:\Users\Lewy\Downloads\SanDiskSecureAccessV3_win.exe
    2021-05-26 18:08 - 2021-05-26 18:07 - 000468195 ____R C:\Windows\system32\Drivers\etc\hosts.20210526-180823.backup
    2021-05-26 18:07 - 2021-05-26 18:07 - 000468195 ____R C:\Windows\system32\Drivers\etc\hosts.20210526-180747.backup
    2021-05-26 18:07 - 2021-05-24 16:43 - 000468195 _____ C:\Windows\system32\Drivers\etc\hosts.20210526-180709.backup
    2021-05-26 17:52 - 2021-05-26 17:52 - 000208821 _____ (Igor Pavlov) C:\Users\Lewy\Downloads\sigen-ca g2 2457237012068.exe
    2021-05-26 17:45 - 2021-05-26 17:45 - 000003469 _____ C:\Users\Lewy\Downloads\sigen-ca g2 2457237012068.p12
    2021-05-25 14:50 - 2021-06-24 01:07 - 000000000 ____D C:\Users\Lewy\AppData\Local\CrashDumps
    2021-05-25 14:50 - 2021-05-25 14:50 - 000001495 _____ C:\Users\Lewy\AppData\Local\recently-used.xbel
    2021-05-25 14:43 - 2021-05-25 14:50 - 000000000 ____D C:\Users\Lewy\AppData\Local\gtk-2.0
    2021-05-25 14:43 - 2021-05-25 14:43 - 000000000 ____D C:\Users\Lewy\.cache
    2021-05-25 14:39 - 2021-05-26 17:39 - 000000000 ____D C:\Users\Lewy\AppData\Local\babl-0.1
    2021-05-25 14:39 - 2021-05-25 14:39 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\GIMP
    2021-05-25 14:39 - 2021-05-25 14:39 - 000000000 ____D C:\Users\Lewy\AppData\Local\GIMP
    2021-05-25 14:39 - 2021-05-25 14:39 - 000000000 ____D C:\Users\Lewy\AppData\Local\gegl-0.4

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-06-24 13:04 - 2021-05-15 21:31 - 000004156 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1621107088
    2021-06-24 13:03 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-06-24 12:58 - 2020-11-19 09:43 - 000000000 ____D C:\Windows\system32\SleepStudy
    2021-06-24 01:06 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
    2021-06-24 01:05 - 2021-05-13 08:05 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2021-06-24 01:04 - 2021-05-15 22:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2021-06-24 01:04 - 2021-05-12 19:07 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-06-24 01:04 - 2020-11-19 09:43 - 000458272 _____ C:\Windows\system32\FNTCACHE.DAT
    2021-06-24 01:04 - 2020-11-19 09:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2021-06-24 00:13 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
    2021-06-24 00:12 - 2021-05-12 19:37 - 000000000 ____D C:\Users\Lewy
    2021-06-24 00:12 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
    2021-06-24 00:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
    2021-06-24 00:12 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
    2021-06-23 22:13 - 2021-05-13 05:06 - 000000000 ____D C:\Windows\Panther
    2021-06-23 21:43 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
    2021-06-23 21:21 - 2020-11-19 09:54 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
    2021-06-23 20:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
    2021-06-23 20:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2021-06-23 20:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
    2021-06-23 11:21 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-06-22 20:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
    2021-06-21 21:08 - 2021-05-15 21:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2021-06-21 21:02 - 2021-05-15 21:29 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2021-06-21 21:02 - 2021-05-15 21:29 - 000000000 ____D C:\ProgramData\Mozilla
    2021-06-21 15:21 - 2021-05-15 21:30 - 000000000 ____D C:\Program Files\Opera
    2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
    2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
    2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
    2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
    2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
    2021-06-21 15:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
    2021-06-21 13:28 - 2021-05-15 21:31 - 000003944 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1621107074
    2021-06-21 13:28 - 2021-05-15 21:31 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
    2021-06-21 13:10 - 2020-11-19 09:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-06-21 13:10 - 2020-11-19 09:46 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2021-06-21 13:10 - 2020-11-19 09:46 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2021-06-21 13:09 - 2021-05-12 19:43 - 000003360 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2620606096-767457063-359015763-1001
    2021-06-21 13:09 - 2021-05-12 19:43 - 000000000 ___RD C:\Users\Lewy\OneDrive
    2021-06-21 13:09 - 2021-05-12 19:37 - 000002360 _____ C:\Users\Lewy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-06-17 21:51 - 2021-05-15 21:32 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-06-17 21:51 - 2021-05-15 21:32 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2021-06-17 21:51 - 2021-05-15 21:32 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2021-06-15 20:04 - 2021-05-13 08:23 - 000000000 ____D C:\Windows\system32\MRT
    2021-06-15 20:00 - 2021-05-13 08:23 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2021-06-04 16:30 - 2021-05-15 22:05 - 000000000 ____D C:\Program Files\iTunes
    2021-06-04 16:30 - 2021-05-15 21:36 - 000000000 ____D C:\Program Files (x86)\Winamp
    2021-06-02 18:30 - 2021-05-13 08:19 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2021-05-31 20:14 - 2021-05-15 22:44 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\TeamViewer
    2021-05-30 23:44 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
    2021-05-29 08:56 - 2020-11-19 09:43 - 000000000 ____D C:\Windows\system32\Drivers\wd
    2021-05-28 20:29 - 2021-05-15 21:36 - 000000000 ____D C:\Users\Lewy\AppData\Roaming\Notepad++
    2021-05-26 18:06 - 2021-05-15 21:46 - 000000000 ____D C:\Users\Lewy\AppData\Local\Google
    2021-05-25 07:48 - 2021-05-13 08:19 - 000725304 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
    2021-05-25 07:48 - 2021-05-13 08:19 - 000470328 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll

    ==================== Files in the root of some directories ========

    2021-05-25 14:50 - 2021-05-25 14:50 - 000001495 _____ () C:\Users\Lewy\AppData\Local\recently-used.xbel

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================
    ***
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
    Ran by Lewy (24-06-2021 13:24:56)
    Running from C:\Users\Lewy\Desktop
    Windows 10 Education Version 21H1 19043.1081 (X64) (2021-05-12 17:12:08)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2620606096-767457063-359015763-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2620606096-767457063-359015763-503 - Limited - Disabled)
    Guest (S-1-5-21-2620606096-767457063-359015763-501 - Limited - Disabled)
    Lewy (S-1-5-21-2620606096-767457063-359015763-1001 - Administrator - Enabled) => C:\Users\Lewy
    WDAGUtilityAccount (S-1-5-21-2620606096-767457063-359015763-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    AdoptOpenJDK JRE with Hotspot 11.0.11+9 (x64) (HKLM\...\{8709B56A-ED95-4A8B-AE25-6214DFBAE863}) (Version: 11.0.11.9 - AdoptOpenJDK)
    AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2248, 04.04.2021 - AIMP DevTeam)
    Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
    Application Compatibility Toolkit (HKLM\...\{3BD6A529-0C2A-1EE9-A123-3EF4D804A1D1}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Appman Auto Sequencer (HKLM-x32\...\{2942F2D5-2A6D-2061-A152-A736B3277068}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Appman Sequencer on amd64 (HKLM\...\{7A394A81-957E-FA00-5F3F-46CF5DDEAA4A}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Assessments on Client (HKLM-x32\...\{2C100366-FCBF-7B21-5E61-015CDFBBEF25}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
    Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
    Blender (HKLM\...\{D6E38255-FB12-4724-A6FF-075B43272C66}) (Version: 2.92.0 - Blender Foundation)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CutePDF Writer (HKLM\...\CutePDF Writer Installation) (Version: 4.0 - Acro Software Inc.)
    FileZilla Client 3.54.1 (HKLM-x32\...\FileZilla Client) (Version: 3.54.1 - Tim Kosse)
    G-Force (HKLM-x32\...\G-Force) (Version: 5.8.3 - SoundSpectrum)
    GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
    Google Chrome (HKLM\...\{C208811C-385C-3C16-BE72-20618CB11F29}) (Version: 91.0.4472.114 - Google LLC)
    Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
    GPL Ghostscript (HKLM\...\GPL Ghostscript 9.54.0) (Version: 9.54.0 - Artifex Software Inc.)
    Imaging And Configuration Designer (HKLM-x32\...\{8072F2F3-C269-A639-4626-9209FFF6DEDB}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Imaging Designer (HKLM-x32\...\{2852AE0C-1EEB-72F9-1C5D-FACF6C9304DE}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Imaging Tools Support (HKLM-x32\...\{30C24881-949F-D09C-5376-9F0DC6B412CD}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Inkscape (HKLM\...\{8E094247-4FB9-47F4-AF01-BF66AD9781C8}) (Version: 1.0.2 - Inkscape)
    iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
    Kits Configuration Installer (HKLM-x32\...\{8867E8B9-1539-18F3-54AB-B1F1E641AC14}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Krita (x64) 4.4.3 (HKLM\...\Krita_x64) (Version: 4.4.3.0 - Krita Foundation)
    LibreOffice 7.1.3.2 (HKLM\...\{76B2DBF3-5773-4463-9EEB-D4A099EB6265}) (Version: 7.1.3.2 - The Document Foundation)
    Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.54 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
    Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.56.2 - Microsoft Corporation)
    Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla)
    MXAx64 (HKLM-x32\...\{53B28ABA-8EFB-7BFB-603D-9B1334BBD881}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.5 - Notepad++ Team)
    NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
    NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
    OEM Test Certificates (HKLM-x32\...\{DAF67B85-47AE-B13B-5C22-3A7149E46EB8}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Opera Stable 77.0.4054.90 (HKLM-x32\...\Opera 77.0.4054.90) (Version: 77.0.4054.90 - Opera Software)
    paint.net (HKLM\...\{1A59F8A6-6AB4-4522-9340-F420B9155A31}) (Version: 4.2.16 - dotPDN LLC)
    PuTTY release 0.75 (64-bit) (HKLM\...\{06DB09EC-52D5-47FA-A0F3-D70ED6407481}) (Version: 0.75.0.0 - Simon Tatham)
    Python 3.9.5 (64-bit) (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\{f3d4ed4c-f434-41ef-8469-ffadd80c4ccf}) (Version: 3.9.5150.0 - Python Software Foundation)
    Python 3.9.5 Core Interpreter (64-bit) (HKLM\...\{FBB6299D-CB58-4177-B6A0-63BFB1C8C3AE}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python 3.9.5 Development Libraries (64-bit) (HKLM\...\{AEE58901-97A1-422A-B964-4FD9BF3327B8}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python 3.9.5 Documentation (64-bit) (HKLM\...\{4EFE695B-F377-4CB0-90E3-6AEEE22DEFEB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python 3.9.5 Executables (64-bit) (HKLM\...\{843C07B6-040E-4E83-B244-5383247D70AB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python 3.9.5 pip Bootstrap (64-bit) (HKLM\...\{7559EB6B-36F9-4AE8-8970-532E4DC0ECA3}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python 3.9.5 Standard Library (64-bit) (HKLM\...\{F4DC18F4-6323-4BE8-A322-38268831BC24}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python 3.9.5 Tcl/Tk Support (64-bit) (HKLM\...\{351016A7-AED4-4824-8D2E-2F9ED497CF77}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python 3.9.5 Test Suite (64-bit) (HKLM\...\{605117B9-EE12-4498-A089-A63219191799}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python 3.9.5 Utility Scripts (64-bit) (HKLM\...\{420E50F6-A8E8-4098-A321-7DF6B3C3BA82}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{B6EF11B6-0882-43B1-AA75-4D3BD32A144A}) (Version: 3.9.7427.0 - Python Software Foundation)
    Skype version 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
    Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.7 - Safer-Networking Ltd.)
    SugarSync (HKLM-x32\...\SugarSync) (Version: 4.0.3.3 - KeepItSafe, Inc.)
    Suuntolink (HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\Suuntolink) (Version: 3.5.2 - Suunto)
    TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.18.5 - TeamViewer)
    ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
    Toolkit Documentation (HKLM-x32\...\{1978CD82-5D9C-F9BD-4FA3-17AFA5AE12B2}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
    UEV Tools on amd64 (HKLM\...\{91339917-AF30-9EC7-D5AA-05919BB21DB9}) (Version: 10.1.19041.1 - Microsoft) Hidden
    User State Migration Tool (HKLM-x32\...\{2AD80B8E-9213-FEA7-BA85-0EFED76D6F11}) (Version: 10.1.19041.1 - Microsoft) Hidden
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
    Volume Activation Management Tool (HKLM-x32\...\{4B43C47D-8870-ACFA-C414-6C0884876EB0}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
    Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{9346016b-6620-4841-8ea4-ad91d3ea02b5}) (Version: 10.1.19041.1 - Microsoft Corporation)
    Windows Assessment and Deployment Kit Windows Preinstallation Environment Add-ons - Windows 10 (HKLM-x32\...\{353df250-4ecc-4656-a950-4df93078a5fd}) (Version: 10.1.19041.1 - Microsoft Corporation)
    WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)
    WPT Redistributables (HKLM-x32\...\{AE00264D-F001-A1D3-F3B8-74A9D2193E7F}) (Version: 10.1.19041.1 - Microsoft) Hidden
    WPTx64 (HKLM-x32\...\{FD439F85-AD64-B3E5-9FC5-444AE8C8AF7B}) (Version: 10.1.19041.1 - Microsoft) Hidden
    Zoom (HKLM-x32\...\{325D3FAA-C519-40F3-9423-DE74994B7B80}) (Version: 5.6.823 - Zoom)

    Packages:
    =========
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-13] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-13] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
    ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
    ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
    ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
    ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2021-05-15] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> )
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2021-05-15] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
    ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2015-06-29] (NVIDIA Corporation -> )
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2020-11-30] (SugarSync, Inc.) [File not signed]

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2021-05-15 21:36 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
    2019-12-06 19:37 - 2019-12-06 19:37 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
    2020-11-30 22:46 - 2020-11-30 22:46 - 003060224 _____ (SugarSync, Inc.) [File not signed] C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2620606096-767457063-359015763-1001\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-12-07 11:14 - 2021-06-24 01:08 - 000467379 _____ C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15988 more lines.


    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\AdoptOpenJDK\jre-11.0.11.9-hotspot\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft VS Code\bin;C:\Program Files\PuTTY\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer\
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
    FirewallRules: [{6C9BAD30-E75B-4B02-8205-702CD4289285}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
    FirewallRules: [{93E726A5-8872-4EAD-AD18-C85ADBB7D106}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{A2A4DBAA-CD61-4720-8B62-335F2466FCC7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{5B62211A-3155-4EF8-837A-55E47F561C05}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
    FirewallRules: [{2B8A53BF-0B23-4E41-982C-D4CC01257694}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
    FirewallRules: [{DB906621-3B3D-4EEF-8747-BF85EB682C4D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
    FirewallRules: [{E164E1F8-2309-42DF-957D-35D4D74DF947}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
    FirewallRules: [{15177D09-89A2-4CBC-8E8D-5A74E06941E3}] => (Allow) C:\Program Files (x86)\SugarSync\SugarSync.exe (KeepItSafe, Inc.) [File not signed]
    FirewallRules: [{6760AB53-900C-4ECA-AFAD-C3446D3AB6F3}] => (Allow) C:\Program Files (x86)\SugarSync\SugarSync.exe (KeepItSafe, Inc.) [File not signed]
    FirewallRules: [{79A5CBFB-333C-4D5A-8D77-2618F7E2B8B7}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{25F65549-883E-4388-9DFA-01656737201A}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{853C167E-1E7E-4C77-8534-3711FBCE56D4}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{7108E88C-00D9-4813-887B-54DCC319C16D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E31A36D9-2C41-4A45-AFD3-269D033EB0BD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{2CBC8CF9-39FC-4574-9AD4-62711346EB75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{9689789E-14C7-47DE-A1B8-ABE0AAA271E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{E44A3438-1202-4603-8D26-253ECC0799DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{2C7532C0-0E40-4DD3-B721-BD1222F27000}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{3FABD95B-5A7E-405E-870F-C350472FBAFA}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{D5B97CA4-CDE7-457C-A0A1-D1153C64F0AA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{B1B4EF68-FB1E-4DB1-B322-1D085ABB6A40}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{30EA4684-9A4A-4BBF-B5D6-1514F7AFF6B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{116D42E5-26D4-496D-8916-5DFC626ACD53}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
    FirewallRules: [{E9B01D31-0CE8-4FD1-9830-3E82DE918D8E}] => (Allow) C:\Program Files\Opera\76.0.4017.177\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [{11B6B3F8-9619-40E4-B11D-E4F3F3C035C5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{60460550-1596-480A-A407-A902A49E584F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{0EBFB665-58E5-43C1-98D4-14D98C0A435C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{72207830-CF95-49C0-BE09-168394ABCC62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{DC2844A6-8AA5-4FC2-99D1-ED5FAF013B84}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{F323AF87-555E-4B89-B828-504EBA8BE75E}] => (Allow) C:\Program Files\Opera\77.0.4054.90\opera.exe (Opera Software AS -> Opera Software)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

    ==================== Restore Points =========================

    15-06-2021 20:04:59 Windows Modules Installer
    21-06-2021 12:33:36 Windows Modules Installer
    23-06-2021 21:26:24 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: PCI Serial Port
    Description: PCI Serial Port
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (06/24/2021 01:21:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x70ed60b6
    Faulting process id: 0x3178
    Faulting application start time: 0x01d768eae1eb46ea
    Faulting application path: bad_module_info
    Faulting module path: unknown
    Report Id: bbdeebf6-0f8f-43e5-a0d5-010bc04c35f8
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/24/2021 01:20:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x3178
    Faulting application start time: 0x01d768eae1eb46ea
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: 50e5d0c4-89cd-48ac-8d3f-ee906cd1b8e1
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/24/2021 01:10:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x3394
    Faulting application start time: 0x01d768e97c4e3dd0
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: 52f523a8-966b-4a81-98a1-a217c14655d9
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/24/2021 01:03:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x2ef8
    Faulting application start time: 0x01d768e88eafa15c
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: c5801f88-ae94-460a-b833-8e8f3500996f
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/24/2021 01:10:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x1b18
    Faulting application start time: 0x01d76884e73af533
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: fc72b44e-3f1b-4909-ada3-c699e824627d
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/24/2021 01:07:25 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: LogiOptionsMgr.exe, version: 8.10.84.0, time stamp: 0x5ddeae0d
    Faulting module name: LogiOptionsMgr.exe, version: 8.10.84.0, time stamp: 0x5ddeae0d
    Exception code: 0xc0000005
    Fault offset: 0x00000000003f3430
    Faulting process id: 0x294
    Faulting application start time: 0x01d768847028b37c
    Faulting application path: C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
    Faulting module path: C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
    Report Id: c658b1c7-7125-451c-915f-9913500d5e32
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/23/2021 10:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x24e8
    Faulting application start time: 0x01d7686e1b2dbd61
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: 9dd87d9e-5905-4a20-ac9b-1b6a5d2c2949
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (06/23/2021 09:53:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x3d5c
    Faulting application start time: 0x01d7686967f92e9d
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: e42b2277-2c2a-4d6b-82a2-4623a155f74d
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (06/24/2021 01:02:47 PM) (Source: disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (06/23/2021 09:17:08 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device, {f6341c04-9543-4499-9b96-95283a5d485b}, had event 76

    Error: (06/23/2021 08:21:57 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (06/23/2021 08:21:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (06/23/2021 08:21:14 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (06/23/2021 08:19:32 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffff980043049080, 0x0000000000000002, 0x0000000000000000, 0xfffff804678319d4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 90c9cd1f-bc50-4bdd-b529-181ddafe4f0f.

    Error: (06/23/2021 08:18:30 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 16:55:57 on ‎23/‎06/‎2021 was unexpected.

    Error: (06/23/2021 10:56:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Windows Defender:
    ================
    Date: 2021-05-30 23:44:55
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...4&enterprise=0
    Name: SettingsModifier:Win32/PossibleHostsFileHijack
    Severity: Medium
    Category: Settings Modifier
    Path: file:_C:\Windows\System32\drivers\etc\hosts
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    Security intelligence Version: AV: 1.339.1708.0, AS: 1.339.1708.0, NIS: 1.339.1708.0
    Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

    Date: 2021-05-30 23:27:21
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...4&enterprise=0
    Name: SettingsModifier:Win32/PossibleHostsFileHijack
    Severity: Medium
    Category: Settings Modifier
    Path: file:_C:\Windows\System32\drivers\etc\hosts
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Security intelligence Version: AV: 1.339.1645.0, AS: 1.339.1645.0, NIS: 1.339.1645.0
    Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

    Date: 2021-05-29 20:42:18
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...4&enterprise=0
    Name: SettingsModifier:Win32/PossibleHostsFileHijack
    Severity: Medium
    Category: Settings Modifier
    Path: file:_C:\Windows\System32\drivers\etc\hosts
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Security intelligence Version: AV: 1.339.1620.0, AS: 1.339.1620.0, NIS: 1.339.1620.0
    Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

    Date: 2021-05-29 08:48:35
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...4&enterprise=0
    Name: SettingsModifier:Win32/PossibleHostsFileHijack
    Severity: Medium
    Category: Settings Modifier
    Path: file:_C:\Windows\System32\drivers\etc\hosts
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Security intelligence Version: AV: 1.339.596.0, AS: 1.339.596.0, NIS: 1.339.596.0
    Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

    Date: 2021-05-13 15:09:57
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...4&enterprise=0
    Name: SettingsModifier:Win32/PossibleHostsFileHijack
    Severity: Medium
    Category: Settings Modifier
    Path: file:_C:\Windows\System32\drivers\etc\hosts
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    Security intelligence Version: AV: 1.339.596.0, AS: 1.339.596.0, NIS: 1.339.596.0
    Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

    Date: 2021-05-12 21:41:35
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.303.25.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16400.2
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2021-05-12 21:41:35
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.303.25.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16400.2
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2021-05-12 21:41:35
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.303.25.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16400.2
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2021-05-12 21:41:35
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.303.25.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16400.2
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2021-05-12 21:41:35
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.303.25.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16400.2
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===============
    Date: 2021-06-24 13:20:55
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

    Date: 2021-06-24 13:18:58
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


    ==================== Memory info ===========================

    BIOS: LENOVO 7LETC9WW (2.29 ) 03/18/2011
    Motherboard: LENOVO 6460D6G
    Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
    Percentage of memory in use: 84%
    Total physical RAM: 4030.29 MB
    Available physical RAM: 638.66 MB
    Total Virtual: 18474.29 MB
    Available Virtual: 15145.35 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:140.52 GB) (Free:62.57 GB) NTFS
    Drive e: (ESD-USB) (Removable) (Total:31.99 GB) (Free:27.73 GB) FAT32
    Drive f: () (Removable) (Total:233.19 GB) (Free:119.79 GB) FAT32

    \\?\Volume{6dd9e22f-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
    \\?\Volume{6dd9e22f-0000-0000-0000-902423000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 6DD9E22F)
    Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=499 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=97.4 GB) - (Type=05)

    ==========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 117.2 GB) (Disk ID: BAA8C257)
    Partition 1: (Active) - (Size=32 GB) - (Type=0C)

    ==========================================================
    Disk: 2 (Size: 233.3 GB) (Disk ID: 6F7A4A05)
    Partition 1: (Not Active) - (Size=233.2 GB) - (Type=0C)

    ==================== End of Addition.txt =======================

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    BootExecute: autocheck autochk * sdnclean64.exebddel.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-06-24] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-06-24] <==== ATTENTION
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.
    you can download AdwCleaner here: https://malwarebytes.com/adwcleaner
    • run AdwCleaner by clicking on Scan Now
    • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
    • if it asks to reboot, allow the reboot
    • on reboot, click on View Log File; please copy and paste the content of the log to your next reply.

    ============================================

    Run Malwarebytes Anti-Malware

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard


    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Dec 2020
    Posts
    13

    Default Fixlog.txt Adwclean malware bytes report

    Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
    Ran by Lewy (24-06-2021 20:33:55) Run:2
    Running from C:\Users\Lewy\Desktop
    Loaded Profiles: Lewy
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    BootExecute: autocheck autochk * sdnclean64.exebddel.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-06-24] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-06-24] <==== ATTENTION
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\System\CurrentControlSet\Control\Session Manager\"BootExecute"="autocheck autochk *" => value restored successfully
    "C:\Windows\system32\GroupPolicy\Machine" => not found
    C:\ProgramData\NTUSER.pol => moved successfully
    HKLM\SOFTWARE\Policies\Mozilla => removed successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully
    HKU\S-1-5-21-2620606096-767457063-359015763-1001\SOFTWARE\Policies\Google => removed successfully
    C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js => moved successfully
    C:\Program Files\mozilla firefox\mozilla.cfg => moved successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\assistant_installer_20210624202817.log => moved successfully
    C:\Windows\Temp\CProgram FilesOpera77.0.4054.90opera_autoupdate.download.lock => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8937472 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8507636 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 46776975 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 16692 B
    NetworkService => 16692 B
    Lewy => 2759026 B

    RecycleBin => 0 B
    EmptyTemp: => 63.9 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 20:35:43 ====

    ADWCLEAN:
    # -------------------------------
    # Malwarebytes AdwCleaner 8.2.0.0
    # -------------------------------
    # Build: 03-22-2021
    # Database: 2021-05-17.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 06-24-2021
    # Duration: 00:00:02
    # OS: Windows 10 Education
    # Cleaned: 6
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2167 octets] - [24/06/2021 20:49:05]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    Malwarebytes
    www.malwarebytes.com

    -Podrobnosti dnevnika-
    Datum pregledovanja: 24. 06. 21
    Čas pregledovanja: 22:41
    Dnevniška datoteka: 935cc7e0-d52c-11eb-8fb8-001a6bcef9b4.json

    -Podatki o programski opremi-
    Različica: 4.4.0.117
    Različica komponent: 1.0.1344
    Različica s paketom posodobitve: 1.0.42191
    Licenca: Preizkusna različica

    -Informacije o sistemu-
    OS: Windows 10 (Build 19043.1081)
    Procesor: x64
    Datotečni sistem: NTFS
    Uporabnik: Lewy-T61\Lewy

    -Povzetek pregledovanja-
    Vrsta pregledovanja: Pregledovanje groženj
    Pregledovanje je sprožil: Ročno
    Rezultat: Dokončano
    Število pregledanih predmetov: 337666
    Število zaznanih groženj: 0
    Število groženj v karanteni: 0
    Pretečeni čas: 9 min, 28 s

    -Možnosti pregledovanja-
    Pomnilnik: Omogočeno
    Zagon: Omogočeno
    Datotečni sistem: Omogočeno
    Arhivi: Omogočeno
    Korenska orodja: Onemogočeno
    Hevristika: Omogočeno
    PUP: Zaznaj
    PUM: Zaznaj

    -Podrobnosti pregledovanja-
    Proces: 0
    (Ni zaznanih zlonamernih elementov)

    Modul: 0
    (Ni zaznanih zlonamernih elementov)

    Registrski ključ: 0
    (Ni zaznanih zlonamernih elementov)

    Vrednost registra: 0
    (Ni zaznanih zlonamernih elementov)

    Podatki registra: 0
    (Ni zaznanih zlonamernih elementov)

    Podatkovni tok: 0
    (Ni zaznanih zlonamernih elementov)

    Mapa: 0
    (Ni zaznanih zlonamernih elementov)

    Datoteka: 0
    (Ni zaznanih zlonamernih elementov)

    Fizični sektor: 0
    (Ni zaznanih zlonamernih elementov)

    WMI: 0
    (Ni zaznanih zlonamernih elementov)


    (end)

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    Please download Emsisoft Emergency Kit and save it to your desktop.
    • Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
    • Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
    • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
    • When asked to run an online update, click Yes.

      .
    • When the update is finished, click the Back to Security Status link in the left corner.
    • On the main screen click the Scan PC button.
    • Select Smart Scan, then click the Scan button.
    • When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.

      .
    • Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
    • Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
    • Copy and paste the contents of that logfile in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Dec 2020
    Posts
    13

    Default EMSISOFT 2 false positives no other malware found

    Quote Originally Posted by Juliet View Post
    Please download Emsisoft Emergency Kit and save it to your desktop.
    • Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
    • Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
    • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
    • When asked to run an online update, click Yes.

      .
    • When the update is finished, click the Back to Security Status link in the left corner.
    • On the main screen click the Scan PC button.
    • Select Smart Scan, then click the Scan button.
    • When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.

      .
    • Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
    • Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
    • Copy and paste the contents of that logfile in your next reply.
    Malwarebytes
    www.malwarebytes.com

    -Podrobnosti dnevnika-
    Datum pregledovanja: 25. 06. 21
    Čas pregledovanja: 02:57
    Dnevniška datoteka: 52f6bdc3-d550-11eb-b818-001a6bcef9b4.json

    -Podatki o programski opremi-
    Različica: 4.4.0.117
    Različica komponent: 1.0.1344
    Različica s paketom posodobitve: 1.0.42201
    Licenca: Preizkusna različica

    -Informacije o sistemu-
    OS: Windows 10 (Build 19043.1081)
    Procesor: x64
    Datotečni sistem: NTFS
    Uporabnik: System

    -Povzetek pregledovanja-
    Vrsta pregledovanja: Pregledovanje groženj
    Pregledovanje je sprožil: Dnevnik
    Rezultat: Dokončano
    Število pregledanih predmetov: 337577
    Število zaznanih groženj: 0
    Število groženj v karanteni: 0
    Pretečeni čas: 10 min, 28 s

    -Možnosti pregledovanja-
    Pomnilnik: Omogočeno
    Zagon: Omogočeno
    Datotečni sistem: Omogočeno
    Arhivi: Omogočeno
    Korenska orodja: Onemogočeno
    Hevristika: Omogočeno
    PUP: Zaznaj
    PUM: Zaznaj

    -Podrobnosti pregledovanja-
    Proces: 0
    (Ni zaznanih zlonamernih elementov)

    Modul: 0
    (Ni zaznanih zlonamernih elementov)

    Registrski ključ: 0
    (Ni zaznanih zlonamernih elementov)

    Vrednost registra: 0
    (Ni zaznanih zlonamernih elementov)

    Podatki registra: 0
    (Ni zaznanih zlonamernih elementov)

    Podatkovni tok: 0
    (Ni zaznanih zlonamernih elementov)

    Mapa: 0
    (Ni zaznanih zlonamernih elementov)

    Datoteka: 0
    (Ni zaznanih zlonamernih elementov)

    Fizični sektor: 0
    (Ni zaznanih zlonamernih elementov)

    WMI: 0
    (Ni zaznanih zlonamernih elementov)


    (end)

    EMSISOFT found only Tweaking.com false positives.
    Do I quarantine it (have backed up registry).emsisoftreport.png

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,987

    Default

    EMSISOFT found only Tweaking.com false positives.
    Do I quarantine it (have backed up registry).emsisoftreport.png
    No, thats a false positive.

    Tell me what the computer is doing at the moment.
    We're not finding malware, my suspicions are apps on the computer causing issues.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Dec 2020
    Posts
    13

    Default

    Quote Originally Posted by Juliet View Post
    No, thats a false positive.

    Tell me what the computer is doing at the moment.
    We're not finding malware, my suspicions are apps on the computer causing issues.
    It is turned on. The computer is notebook Lenovo T61, it is now turned on. I received an email some months ago that somebody installed malware on it and wants $BITCOIN.
    Everytime I lanuch aswMBR.exe after I choose Virtualization or start scanning the computer ends in blue screen restart.

    Please let me know how can I create spyboot boot usb and start aswMBr from there (i have Windows 10).

  10. #10
    Junior Member
    Join Date
    Dec 2020
    Posts
    13

    Default

    Can I create bootable usb with cd image or i need to stick with CD(do not have burner here on vacations)?
    Thanks in advance, Grega

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •