Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020 Ran by SYSTEM on MININT-LJK9TE3 (16-12-2020 15:33:06) Running from D:\ Platform: Windows 10 Home Version 2004 19041.572 (X64) Language: English (United States) Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot) HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6544000 2020-03-25] (Paramount Software UK Ltd -> Paramount Software UK Ltd) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [704720 2020-10-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331040 2020-09-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKU\david\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3424032 2020-10-28] (Valve -> Valve Corporation) HKU\david\...\Run: [Discord] => C:\Users\david\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.) HKU\david\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9230256 2020-03-13] (Support.com Inc -> SUPERAntiSpyware) HKU\david\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30885360 2020-03-04] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) HKU\david\...\Run: [com.squirrel.Teams.Teams] => C:\Users\david\AppData\Local\Microsoft\Teams\Update.exe [2324624 2020-04-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\david\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23842112 2020-10-29] (Microsoft Corporation -> Microsoft Corporation) HKU\david\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91591032 2020-04-14] (Skype Software Sarl -> Skype Technologies S.A.) HKU\david\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33102224 2020-11-05] (Epic Games Inc. -> Epic Games, Inc.) HKU\david\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14766664 2020-10-02] (GOG Sp. z o.o. -> GOG.com) HKU\david\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [8331232 2020-08-14] (GlassWire -> SecureMix LLC) HKU\david\...\Run: [Opera Browser Assistant] => C:\Users\david\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3152920 2020-11-09] (Opera Software AS -> Opera Software) HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Corporation) HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk [2020-05-21] ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe () ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {12DF3F8A-9612-48CA-AE38-2818FA70CA73} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [507392 2020-10-17] () Task: {13AC7C53-3865-442F-A773-BCFC9DC21DFD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612216 2020-10-09] (Microsoft Corporation -> Microsoft Corporation) Task: {1D7A8F70-CE2C-41DB-A9D8-ED86C4AFE15D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {25EC0FA1-500C-4E88-878D-A70FC06B82AD} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Passport for Work alert created by enrollment client => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {2DFC28A5-3035-4555-A9E6-CE6D44EB1DB3} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {2F1B66BE-E904-42C0-B92D-804B8A0B7F67} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-20] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {33A051DD-6D6E-4268-A5FE-D19E48716680} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-03-04] (Garmin International, Inc. -> ) Task: {3EF1021A-F26E-4FB4-B468-D3456BA926C6} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-571042849-946074931-4105758761-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {3F652F96-92F3-487C-B40D-A43797122424} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\OS Edition Upgrade event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {426F8174-F41E-4EC3-90CC-808CDC3BEE21} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Schedule #1 created by enrollment client => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {458FD64D-9B72-4446-A268-1AA43E4C16B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612216 2020-10-09] (Microsoft Corporation -> Microsoft Corporation) Task: {468BCB20-81FE-4833-AB68-969456AFAAF9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {4BCE6391-0B05-40B4-B642-910B37FB1CE6} - System32\Tasks\Microsoft\Windows\PushToInstall\Registration Task: {4F2030CE-BA8E-4122-B9A8-29AA5858973E} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache Task: {625E4156-7F05-4C77-A5BE-81BE85D5EBE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC) Task: {66D0C3C0-2611-466B-B077-7F6AA7EDCB21} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Schedule to run OMADMClient by server => C:\Windows\system32\omadmclient.exe [434176 2020-09-12] (Microsoft Corporation) Task: {6720C476-3AA2-46DE-A0A6-B26AE31A58CD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-08] (Mozilla Corporation -> Mozilla Foundation) Task: {6C1CAC17-7FFA-43A7-878B-EB36549EEF01} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Schedule created by enrollment client for renewal of certificate warning => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {808A2CFA-4FAB-4FF8-9258-623180867051} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-20] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {820C819B-3929-479F-B79F-E50382631CC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC) Task: {881D0301-C301-430F-A066-5E5403F14CA0} - System32\Tasks\Opera scheduled Autoupdate 1601088888 => C:\Users\david\AppData\Local\Programs\Opera\launcher.exe [1529368 2020-11-09] (Opera Software AS -> Opera Software) Task: {8FF5DE67-C947-4488-997B-4184221E7D50} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start Task: {931C3C86-86A8-41AD-B4DF-A01F671BD43F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1443736 2020-10-29] (Microsoft Corporation -> Microsoft Corporation) Task: {9581FF35-D4DD-40A9-BFBC-A87333318D6D} - System32\Tasks\Opera scheduled assistant Autoupdate 1601088899 => C:\Users\david\AppData\Local\Programs\Opera\launcher.exe [1529368 2020-11-09] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\david\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {9C92433E-AF2A-43BB-991C-2BB5F47BD3EC} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [30106496 2020-10-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {A407CE17-2514-4B76-8FEC-A09033F2A23E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\PushRenewal Task: {A7962453-972A-47B9-9CCA-C280C4E02A7C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {B3B16074-F30B-4C18-A605-B668A2C6094E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan Task: {C120AD60-B3BB-4B79-AF59-E2E74D2C6363} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {D0C5586F-830B-4285-A676-7C0B04FF4277} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371864 2020-10-29] (Microsoft Corporation -> Microsoft Corporation) Task: {D0C76BB2-5B74-4EA7-806E-627C72DA8BB2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\PushUpgrade => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {D3A15148-CA69-4755-A9B9-820DBC95D92B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Schedule to run OMADMClient by client => C:\Windows\system32\omadmclient.exe [434176 2020-09-12] (Microsoft Corporation) Task: {DC21C106-07CE-45A4-9D82-F6083C277438} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Schedule #2 created by enrollment client => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {DF62DC37-05B1-4D84-B297-FDD167789440} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work Task: {E18DD802-DD1A-474E-ABD9-5CB78EDDF220} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Schedule #3 created by enrollment client => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {E27FAD8E-9CBE-4C9C-B25C-B55672845029} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\PushLaunch => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {E4946F13-36E2-4FBB-96DE-14FA65E1D10E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-10-29] (Microsoft Corporation -> Microsoft Corporation) Task: {E53C5EED-53A0-4C1E-B5E4-BEFCBD5C265D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-05] (Adobe Inc. -> Adobe Inc.) Task: {E64A4CFA-1FE0-422C-A79B-4F7D96E995B0} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [231136 2020-11-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {EB74D264-FAFE-419D-9CB9-151392B27321} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-10-29] (Microsoft Corporation -> Microsoft Corporation) Task: {ECA8BF40-0A8A-46C5-BACC-3AF72716EE01} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Provisioning initiated session => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {ED21195F-D8F1-4F06-AFAB-65602C0C339B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371864 2020-10-29] (Microsoft Corporation -> Microsoft Corporation) Task: {F60A3840-39C0-49BF-BF73-9BB2D61D6719} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\F1ED86B4-4601-4339-9C2F-4709D1753E4B\Win10 S Mode event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [459776 2020-09-12] (Microsoft Corporation) Task: {FE0D1A0D-22DF-40B4-8475-8ABCD08F64A4} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2649200 2020-10-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-05] (Adobe Inc. -> Adobe Inc.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1205960 2020-10-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2020-10-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483432 2020-10-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483432 2020-10-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573960 2020-10-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636080 2020-10-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384544 2020-10-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [245912 2020-11-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161376 2020-08-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-20] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-20] (Brave Software, Inc. -> BraveSoftware Inc.) S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1728072 2020-10-02] (GOG Sp. z o.o. -> GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. z o.o. -> GOG.com) S2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [5422048 2020-08-14] (GlassWire -> SecureMix LLC) S2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [446600 2020-01-08] (Logitech Inc -> Logitech) S2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6447840 2020-03-25] (Paramount Software UK Ltd -> Paramount Software UK Ltd) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7185288 2020-09-18] (Malwarebytes Inc -> Malwarebytes) S2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4489352 2019-06-12] (Logitech Inc -> Logitech) S2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-05-28] (Cisco Consumer Products LLC -> Cisco Consumer Products LLC) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [384512 2019-10-15] () S2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2020-03-20] () S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation) S2 ClickToRunSvc; "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [X] S2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_90685a092bcf58c7\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [18432 2019-12-07] (Microsoft Corporation) S1 afunix; C:\Windows\system32\drivers\afunix.sys [41984 2020-09-12] (Microsoft Corporation) S1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2020-09-12] (Microsoft Corporation) S1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [292864 2019-12-07] (Microsoft Corporation) S3 AM10; C:\Windows\System32\drivers\am10w7.sys [1101600 2010-03-22] (Ralink Technology Corporation -> Ralink Technology Corp.) S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [18432 2020-10-17] (Microsoft Corporation) S0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [207424 2020-11-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-05-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [9728 2019-12-07] (Windows (R) Win 7 DDK provider) S1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2019-12-07] (Microsoft Corporation) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) S3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [113664 2020-09-12] (Microsoft Corporation) S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [106496 2020-09-12] (Microsoft Corporation) S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [45568 2020-09-12] (Microsoft Corporation) S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) S3 BthPan; C:\Windows\System32\drivers\bthpan.sys [133632 2019-12-07] (Microsoft Corporation) S3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [1548288 2020-09-12] (Microsoft Corporation) S3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [110592 2020-09-12] (Microsoft Corporation) S1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [91136 2019-12-07] () S3 circlass; C:\Windows\System32\drivers\circlass.sys [52224 2019-12-07] (Microsoft Corporation) S2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [491520 2020-09-12] (Microsoft Corporation) S1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [59392 2019-12-07] (Microsoft Corporation) S1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8704 2019-12-07] (Microsoft Corporation) S1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (GlassWire -> SecureMix LLC) S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [120320 2020-09-12] (Microsoft Corporation) S3 HidIr; C:\Windows\System32\drivers\hidir.sys [48640 2019-12-07] (Microsoft Corporation) S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [30208 2019-12-07] (Microsoft Corporation) S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [47104 2020-10-17] (Microsoft Corporation) S3 intelpmax; C:\Windows\System32\drivers\intelpmax.sys [30720 2019-12-07] (Microsoft Corporation) S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [90112 2019-12-07] (Microsoft Corporation) S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [225280 2019-12-07] (Microsoft Corporation) S2 lltdio; C:\Windows\System32\drivers\lltdio.sys [72704 2019-12-07] (Microsoft Corporation) S2 luafv; C:\Windows\system32\drivers\luafv.sys [140288 2019-12-07] (Microsoft Corporation) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-09-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-10-25] (Malwarebytes Inc -> Malwarebytes) S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [386048 2020-09-12] (Microsoft Corporation) S3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [65024 2019-12-07] (Microsoft Corporation) S3 Modem; C:\Windows\System32\drivers\modem.sys [47104 2019-12-07] (Microsoft Corporation) S3 monitor; C:\Windows\System32\drivers\monitor.sys [80896 2020-09-12] (Microsoft Corporation) S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [157696 2019-12-07] (Microsoft Corporation) S3 MsBridge; C:\Windows\System32\drivers\bridge.sys [127488 2019-12-07] (Microsoft Corporation) S3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [12288 2019-12-07] (Microsoft Corporation) S2 MsLldp; C:\Windows\System32\drivers\mslldp.sys [78848 2019-12-07] (Microsoft Corporation) S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [733696 2020-09-12] (Microsoft Corporation) S1 NdisCap; C:\Windows\System32\drivers\ndiscap.sys [54272 2019-12-07] (Microsoft Corporation) S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [135168 2020-10-17] (Microsoft Corporation) S2 Ndu; C:\Windows\System32\drivers\Ndu.sys [131584 2019-12-07] (Microsoft Corporation) S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [8695808 2019-12-07] (Intel Corporation) S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [822784 2020-09-12] (Microsoft Corporation) S3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project) S3 PNPMEM; C:\Windows\System32\drivers\pnpmem.sys [17408 2019-12-07] (Microsoft Corporation) S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [53248 2019-12-07] (Microsoft Corporation) S3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [28672 2019-12-07] (Microsoft Corporation) S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [168448 2019-12-07] (Microsoft Corporation) S3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [213504 2019-12-07] (Microsoft Corporation) S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [115712 2019-12-07] (Microsoft Corporation) S2 rspndr; C:\Windows\System32\drivers\rspndr.sys [89088 2019-12-07] (Microsoft Corporation) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [44032 2020-09-12] (Microsoft Corporation) S3 spaceparser; C:\Windows\System32\drivers\spaceparser.sys [26624 2019-12-07] (Microsoft Corporation) S3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [67072 2019-12-07] (Microsoft Corporation) S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [54784 2019-12-07] (Microsoft Corporation) S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [66560 2019-12-07] (Microsoft Corporation) S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [37888 2019-12-07] (Microsoft Corporation) S3 tunnel; C:\Windows\System32\drivers\tunnel.sys [129024 2019-12-07] (Microsoft Corporation) S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [160256 2019-12-07] (Microsoft Corporation) S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [188416 2019-12-07] (Microsoft Corporation) S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [36864 2019-12-07] (Microsoft Corporation) S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [113152 2020-09-12] (Microsoft Corporation) S3 usbaudio2; C:\Windows\System32\drivers\usbaudio2.sys [260608 2019-12-07] (Microsoft Corporation) S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [107520 2019-12-07] (Microsoft Corporation) S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [35328 2019-12-07] (Microsoft Corporation) S3 usbscan; C:\Windows\System32\drivers\usbscan.sys [49152 2020-09-12] (Microsoft Corporation) S3 VirtualRender; C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [11264 2019-12-07] (Microsoft Corporation) S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [29184 2019-12-07] (Microsoft Corporation) S1 vwififlt; C:\Windows\System32\drivers\vwififlt.sys [77824 2019-12-07] (Microsoft Corporation) S3 vwifimp; C:\Windows\System32\drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Corporation) S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [93184 2019-12-07] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation) S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [951808 2020-09-12] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation) S3 WinNat; C:\Windows\System32\drivers\winnat.sys [259584 2020-09-12] (Microsoft Corporation) S3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [107008 2019-12-07] (Microsoft Corporation) S3 WN111v2; C:\Windows\System32\drivers\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.) S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [136192 2019-12-07] (Microsoft Corporation) S3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Corporation) S3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [315392 2019-12-07] (Microsoft Corporation) S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [324608 2019-12-07] (Microsoft Corporation) S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [48640 2019-12-07] (Microsoft Corporation) UpperFilters: [{71A27CDD-812A-11D0-BEC7-08002BE2092F}] -> [volsnap avusbflt] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (All) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2020-12-16 15:32 - 2020-12-16 15:33 - 000000000 ____D C:\FRST 2020-12-14 19:54 - 2020-12-14 20:50 - 000016384 _____ C:\bcdbackup 2020-12-14 19:36 - 2020-12-14 19:36 - 000000000 ____D C:\Temp 2020-12-14 15:16 - 2020-12-14 16:40 - 000398156 _____ C:\bootmgr 2020-12-13 20:55 - 2020-12-13 20:55 - 000000000 ___HD C:\$SysReset 2020-12-07 21:31 - 2020-12-07 21:31 - 000000000 ____D C:\$Windows.~BT 2020-12-07 19:23 - 2020-12-16 15:31 - 000000000 _____ C:\Recovery.txt 2020-12-07 18:48 - 2020-12-08 18:12 - 000008192 ___SH C:\DumpStack.log.tmp 2020-12-06 18:22 - 2020-12-06 19:06 - 374728523 _____ C:\Windows\MEMORY.DMP 2020-12-06 16:34 - 2020-12-06 16:34 - 000000000 ___HD C:\Users\david\Downloads\.opera 2020-12-06 16:34 - 2020-12-06 16:34 - 000000000 ___HD C:\Users\david\.opera 2020-12-06 13:41 - 2020-12-06 13:41 - 000000000 ___HD C:\$AV_AVG 2020-12-06 11:10 - 2020-12-06 17:14 - 000000000 ____D C:\backup HP drive PART 1 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-12-13 19:54 - 2020-04-06 16:15 - 000000000 ____D C:\ProgramData\Macrium 2020-12-07 21:31 - 2020-04-08 11:10 - 000000000 ____D C:\Users\david\AppData\Local\D3DSCache 2020-12-07 21:31 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\System32\winevt 2020-12-06 19:06 - 2020-06-09 08:15 - 000911054 _____ C:\Windows\ntbtlog.txt 2020-12-06 16:34 - 2020-09-12 05:41 - 000000000 ____D C:\users\david 2020-12-06 16:30 - 2020-04-06 15:23 - 000000495 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1 2020-12-06 16:27 - 2020-09-12 05:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-12-06 16:27 - 2020-03-25 18:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2020-12-06 16:26 - 2019-12-07 01:03 - 000524288 _____ C:\Windows\System32\config\BBI 2020-12-06 16:21 - 2020-04-03 16:08 - 000000495 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1 2020-12-06 16:21 - 2020-03-20 14:31 - 000000495 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1 2020-12-06 16:18 - 2020-03-20 14:31 - 000000504 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1 2020-12-05 13:54 - 2020-05-21 17:31 - 000000000 ____D C:\ProgramData\Bitmeter2 2020-12-05 11:38 - 2020-09-12 05:43 - 000840598 _____ C:\Windows\System32\PerfStringBackup.INI 2020-12-05 11:38 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF 2020-12-05 11:34 - 2020-03-25 17:21 - 000000000 ____D C:\Program Files (x86)\Steam 2020-12-05 11:34 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-11-23 18:54 - 2020-09-12 05:50 - 000004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36A2F0B5-617D-4223-A168-5942CD490431} 2020-11-21 20:55 - 2020-03-25 18:18 - 000207424 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2020-11-21 19:58 - 2020-03-20 13:04 - 000002377 _____ C:\Users\Public\Desktop\Brave.lnk 2020-11-21 19:45 - 2020-09-12 05:40 - 000000000 ____D C:\Windows\System32\SleepStudy 2020-11-21 19:45 - 2020-08-05 19:35 - 000002259 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2020-11-21 19:45 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps 2020-11-21 19:45 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness ==================== FCheck ================================ (If an entry is included in the fixlist, the file/folder will be moved.) FCheck: C:\Windows\System32\KernelBase.dll [2020-10-17] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\System32\msvcp_win.dll [2020-10-17] <==== ATTENTION (zero byte File/Folder) ==================== KnownDLLs (Whitelisted) ========================= ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2020-10-17 14:36] - [2020-10-17 14:36] - 001330688 _____ (Microsoft Corporation) D0C11ABFD6C7E4C58CED7B12953565E8 C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\dllhost.exe => MD5 is legit C:\Windows\SysWOW64\dllhost.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 12269.19 MB Available physical RAM: 11086.07 MB Total Virtual: 12269.19 MB Available Virtual: 11147 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:116.12 GB) (Free:54.09 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (ESD-USB) (Removable) (Total:7.44 GB) (Free:2.87 GB) FAT32 Drive e: (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS Drive g: (storage) (Fixed) (Total:348.57 GB) (Free:13.44 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0000DC37) Partition 1: (Not Active) - (Size=579 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=116.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=514 MB) - (Type=27) Partition 4: (Not Active) - (Size=348.6 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.5 GB) (Disk ID: 30385B3C) Partition 1: (Active) - (Size=7.5 GB) - (Type=0C) ==================== End of FRST.txt ========================