I have a virus but I dont know how to remove it
Started by Yabey , Mar 12 2020 01:12 PM
This topic is locked
#1 
Yabey
Yabey
- Members
- 9 posts
- OFFLINE
Posted 12 March 2020 - 01:12 PM
I have searched everywhere and I saw litteraly no one having that virus so im posting here to get some help the virus is using the java update scheduler also called juschad.exe to show a windows support screen (wich is obviously fake) the first time I noticed that my webcam was recording and thats when I tought I had a virus minutes later I got a windows support screen I closed it a day later I got the same screen but with the message "if you want to get your computer back give 25 btc to this adress" I tried to remove so many things I tried to run a full scan of norton the virus is still there please help me I dont wanna lose my computer that I paid a lot of money I saved money for years to get this computer (I have a dell G3) for the moment I still have access to my computer All I can do is hope I will still have access when I will finish
work
work
BC AdBot (Login to Remove)
#2 RecursiveNerd
RecursiveNerd
- Malware Response Team
- 2,224 posts
- OFFLINE
- Gender:Male
- Location:Kentucky, USA
- Local time:07:08 AM
Posted 12 March 2020 - 01:42 PM
Greetings Yabey,
Welcome to Bleeping Computer's Malware Removal Forum!
My name is RecursiveNerd and I'll be assisting you in cleaning up your computer. Do you have a name that you prefer to be called, or would you rather me address you by your username? You are free to call me RecursiveNerd, or Jake, which is what my friends call me.
I will do my best to respond to you within 24 hours. However, please understand that I am a volunteer and have other responsibilites outside of this fourm such as a full-time job. In rare circumstances, my reply may be delayed by up to 48 hours. If there is going to be any significant delay in my response, I will give you an update to let you know that you have not been forgotten.
Before we get started with the cleanup process, I would like to give you some guidelines to follow to make this process much smoother for both of us:
Please download the Farbar Recovery Scan Tool and save it to your Desktop.
Note: You will need to run the version that is compatible with your system. If you do not know what version is applicable to your system, download both versions and attempt to run them. Only one will run on your system, and that is the version you want to run.
Welcome to Bleeping Computer's Malware Removal Forum!
My name is RecursiveNerd and I'll be assisting you in cleaning up your computer. Do you have a name that you prefer to be called, or would you rather me address you by your username? You are free to call me RecursiveNerd, or Jake, which is what my friends call me.I will do my best to respond to you within 24 hours. However, please understand that I am a volunteer and have other responsibilites outside of this fourm such as a full-time job. In rare circumstances, my reply may be delayed by up to 48 hours. If there is going to be any significant delay in my response, I will give you an update to let you know that you have not been forgotten.
Before we get started with the cleanup process, I would like to give you some guidelines to follow to make this process much smoother for both of us:
- First - please be aware that most of us at BleepingComputer volunteer our time here to help you. Please try to be patient with us while working on your topic.
- With that said - if I have not responded within 48 hours, please feel free to send me a Private Message.
- Please do not run any scans or make any modifications to your computer other than those I have requested.
- When multiple steps are posted, please perform them in order that they are listed. If my instructions are not clear enough or you are experiencing difficulties, simply stop and let me know.
- When asked, please copy & paste the requested logs in your next reply(s), without the use of quotes or code boxes. If you get an error message from the forum software stating that Your post is too long, you may provide the logs in multiple posts as necessary
- You will be notified when you computer is clean. At that time, I will provide instructions to remove the tools we used and offer some information on how to stay safe and prevent future infections.
- Please let me know if you are going to be delayed in responding for an extended period of time. If you have not replied within 5 days, I will assume that the topic has been abandoned and close it.
Please download the Farbar Recovery Scan Tool and save it to your Desktop.
Note: You will need to run the version that is compatible with your system. If you do not know what version is applicable to your system, download both versions and attempt to run them. Only one will run on your system, and that is the version you want to run.
- Right-click FRST/FRST64 and select Run as administrator. If you are a Windows XP user, double-click on the file.
- When the tool opens, accept the disclaimer by clicking Yes
- Press the Scan button
- When the scan completes, two log files should open, FRST.txt and Addition.txt
- Please copy and paste the contents of those two files into your next reply
Regards,
Jake (AKA RecursiveNerd)
Jake (AKA RecursiveNerd)
#3 Yabey
Yabey
- Topic Starter
- Members
- 9 posts
- OFFLINE
Posted 12 March 2020 - 03:36 PM
Thanks Jake for your fast reply here is Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by clout (12-03-2020 16:35:56)
Windows 10 Home Version 1809 17763.1039 (X64) (2019-10-09 13:38:55)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2254226901-1145813690-3230946469-500 - Administrator - Disabled)
clout (S-1-5-21-2254226901-1145813690-3230946469-1002 - Administrator - Enabled) => C:\Users\clout
DefaultAccount (S-1-5-21-2254226901-1145813690-3230946469-503 - Limited - Disabled)
Guest (S-1-5-21-2254226901-1145813690-3230946469-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2254226901-1145813690-3230946469-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton AntiVirus (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton AntiVirus (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
Auto Clicker v15.1 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 15.1 - MurGee.com)
Auto Keyboard v6.3 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 6.3 - MurGee.com)
Auto Typer by MurGee v19.1 (HKLM-x32\...\{D04D8636-FB60-47FD-8F8C-18D475C52456}_is1) (Version: 19.1 - MurGee.com)
Badlion Client 2.12.0 (HKLM\...\{1de14785-dd8c-5cd2-aae8-d4a376f81d78}) (Version: 2.12.0 - Badlion)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blockbench 3.4.0 (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\{f73268a5-4451-5bb0-b2b7-a92a16ee01d9}) (Version: 3.4.0 - JannisX11)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version: - )
Discord (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Discord) (Version: 0.0.306 - Discord Inc.)
DisplayCAL (HKLM-x32\...\{4714199A-0D66-4E69-97FF-7B54BFF80B88}_is1) (Version: 3.8.8.0 - Florian Höch)
f.lux (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Flux) (Version: - f.lux Software LLC)
Gameloop (HKLM-x32\...\MobileGamePC) (Version: 1.0.0.1 - Tencent Technology Company)
Gamers Window Relocator (HKLM\...\{0E1669A2-1B12-48C5-B5CE-41B425667045}) (Version: 3.5.64 - Orekaria)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
LibreOffice 6.4.1.2 (HKLM\...\{F420EC75-FB16-4786-951E-67CAC0FB9B86}) (Version: 6.4.1.2 - The Document Foundation)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.57 - McAfee, LLC.)
Microsoft OneDrive (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
Node.js (HKLM\...\{5423D4CA-7953-4205-A13A-87E577B4B9EA}) (Version: 12.16.1 - Node.js Foundation)
Norton AntiVirus (HKLM-x32\...\NGC) (Version: 22.20.1.69 - Symantec Corporation)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.6.0.0 - Duodian Technology Co. Ltd.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA GeForce NOW 2.0.16.148 (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.16.148 - NVIDIA Corporation)
NVIDIA Graphics Driver 441.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA Install Application (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer) (Version: 2.1002.338.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
Opera GX Stable 66.0.3515.111 (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Opera GX 66.0.3515.111) (Version: 66.0.3515.111 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{15BCA3AB-444B-4AC5-A04F-F2AD0F7AD3EC}) (Version: 4.2.10 - dotPDN LLC)
Parsec (HKLM-x32\...\Parsec) (Version: - Parsec Cloud Inc.)
PhpStorm 2019.3.3 (HKLM-x32\...\PhpStorm 2019.3.3) (Version: 193.6494.47 - JetBrains s.r.o.)
Plarium Play (HKLM-x32\...\{1B559CC4-0E29-4986-9EC1-E12BCA2908BF}) (Version: 5.1.0 - Plarium) Hidden
Plarium Play (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\{020eb323-5a6d-43e3-b15e-438af0c7e465}) (Version: 5.1.0 - Plarium)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.7.61.1159 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.5.0116.010714 - Razer Inc.)
Remotr version 1.3.1469 (HKLM-x32\...\Remotr_is1) (Version: 1.3.1469 - RemoteMyApp sp. z o.o.)
Roblox Player for clout (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\roblox-player) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.17.199 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.4.3 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Twomon PC Program (HKLM-x32\...\{ece4c973-e776-4195-9a56-b4f33ade8b84}) (Version: 2.0.67.0 - Devguru Co., LTD)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x64__8wekyb3d8bbwe [2020-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-02-28] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2020-03-04] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2020-02-15] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-11-26] (NVIDIA Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2254226901-1145813690-3230946469-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2254226901-1145813690-3230946469-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2254226901-1145813690-3230946469-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2254226901-1145813690-3230946469-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2254226901-1145813690-3230946469-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2254226901-1145813690-3230946469-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_a9d5be0a023fe844\nvshext.dll [2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.1.69\buShell.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.1.69\NavShExt.dll [2020-01-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\clout\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2020-01-22 17:14 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\system32\msln.exe:dcc1e561fe382af830980ab0cbdf1fc0 [446]
AlternateDataStreams: C:\Users\clout\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2020-02-25 18:27 - 2020-02-25 18:27 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files\nodejs\
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\clout\Desktop\joker-wallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "Parsec.App.0"
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "Auto LogOff"
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "Turn Off Monitor"
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "ApowerMirror"
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "PlariumPlay"
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\StartupApproved\Run: => "bBauuOsq"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{415FAD0E-71EE-4EEA-87F8-E450566B2037}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4D7D6923-AADD-4869-8389-22AE68020677}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{69F1CC25-FFC4-415E-9C34-BB2C0E1480FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{2DACD3A7-5913-4656-8E1C-213DADC4D4C2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{1EC41EBE-5D0F-46EB-9D39-B066FE76E7E4}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [UDP Query User{5AF1603C-3538-4E84-84A6-92030B689BF8}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{A057AEC8-0D9E-41DB-BE15-D25DF0FD1467}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [UDP Query User{EABF8ED3-EFBA-4D9D-BA1A-A32E0CBAE0D8}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [{3A302483-B29B-4076-9A02-42107128AD17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1DA58E09-460E-47CF-8C6A-5E81D5AEB8F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{444B6068-2C30-4C3F-A085-A9CD2048E995}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe No File
FirewallRules: [UDP Query User{AFFFB368-7CDA-4965-8532-DA7C58B73277}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe No File
FirewallRules: [{D8B521B6-CAEF-4B14-82CB-65F052597DB5}] => (Allow) C:\Program Files\Parsec\parsecd.exe No File
FirewallRules: [{DF5437D6-4F15-4C14-BA16-BC04C52FE51E}] => (Allow) C:\Program Files (x86)\Remotr\RemotrServer.exe (RemoteMyApp sp. z o.o. -> RemoteMyApp sp. z o.o.)
FirewallRules: [{C62FE195-B9F8-4A22-9CD8-88A367DF4465}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{90E88EBA-BEAB-49F5-86A4-007A036B01C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [TCP Query User{D457ED03-D748-4763-B224-0821501697D5}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe No File
FirewallRules: [UDP Query User{41081FFF-8B25-40D5-B417-161A8EC5BA49}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe No File
FirewallRules: [TCP Query User{434423BD-F77A-4DF2-91A5-CE3BFCEDA15C}C:\users\clout\appdata\roaming\displaycal\dl\argyll_v2.1.1\bin\dispcal.exe] => (Allow) C:\users\clout\appdata\roaming\displaycal\dl\argyll_v2.1.1\bin\dispcal.exe No File
FirewallRules: [UDP Query User{FED04B0B-6757-48C7-8094-E4EF94BE9C07}C:\users\clout\appdata\roaming\displaycal\dl\argyll_v2.1.1\bin\dispcal.exe] => (Allow) C:\users\clout\appdata\roaming\displaycal\dl\argyll_v2.1.1\bin\dispcal.exe No File
FirewallRules: [TCP Query User{6BFCE1B5-7BBC-490A-9E2F-29CE201FFFBA}C:\program files (x86)\twomon pc program\twomon pc program.exe] => (Allow) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [UDP Query User{3F49C5DE-0BCD-47E7-B7E3-2D1EB70779B1}C:\program files (x86)\twomon pc program\twomon pc program.exe] => (Allow) C:\program files (x86)\twomon pc program\twomon pc program.exe (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.(www.devguru.co.kr))
FirewallRules: [{4A6ABF85-67E1-41BE-9FE6-2A7AD770A458}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9A6B52B9-E17C-477A-994D-4621CFFACC28}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{98BB5845-96FB-443D-A2A4-357743BFBE1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{013E90EF-0078-4798-B666-28B6AA03BB9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [TCP Query User{59072B0A-D21C-4F7B-B40B-910512765201}C:\program files\yendis entertainment pty ltd\official krunker.io client\official krunker.io client.exe] => (Allow) C:\program files\yendis entertainment pty ltd\official krunker.io client\official krunker.io client.exe No File
FirewallRules: [UDP Query User{A73CDF73-B232-46FA-80AD-7137E8E3C939}C:\program files\yendis entertainment pty ltd\official krunker.io client\official krunker.io client.exe] => (Allow) C:\program files\yendis entertainment pty ltd\official krunker.io client\official krunker.io client.exe No File
FirewallRules: [{D381CD0F-4012-446D-B724-4D1D05F47635}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{20822F4A-627A-4659-A110-D88162DA44FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{D415313B-6E70-46A0-B73D-9AAAEA82147E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DA044706-9607-4E1C-844B-A990CC71873E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A17672B0-99E8-411E-8862-841B3484487A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2FD95D9B-5D45-47CE-89E3-16916AB204C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8D6F718D-4201-4195-965C-628789C2E2B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nanooborg\win32\nw.exe No File
FirewallRules: [{FCC36812-B69C-4030-AEAF-2504EF851E65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nanooborg\win32\nw.exe No File
FirewallRules: [TCP Query User{C39E911A-5394-4FE5-9692-003FF30B078C}D:\program files\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steam\steamapps\common\grand theft auto v\gta5.exe No File
FirewallRules: [UDP Query User{3C24B284-CCFD-4758-8816-3A88511D2180}D:\program files\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files\steam\steamapps\common\grand theft auto v\gta5.exe No File
FirewallRules: [{AD6D5622-B428-4AD4-B449-7E32E96D2651}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{03F53C19-C4A1-45FB-B6B1-3E8F9E121233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{F7D7775A-BA56-4114-8B6B-43F2D0BB261F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{5263B18D-C2E7-45A5-8342-B8673D623EFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{DEBA86F9-990D-48EB-B439-1324E7BEE94A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\gmod.exe () [File not signed]
FirewallRules: [{36A62929-525B-4224-8A19-7C581FFC69BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\gmod.exe () [File not signed]
FirewallRules: [{039A6581-DF4D-4E86-9845-798708710E8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\win64\gmod.exe () [File not signed]
FirewallRules: [{12FB8254-4A3D-42E8-A5C1-121983ABCA48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\win64\gmod.exe () [File not signed]
FirewallRules: [{E2CB152B-1B59-488B-8195-3EC77D5C2647}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.)
FirewallRules: [{720512BF-9AA4-40C2-94E4-A8FF8FD3A537}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe (gamigo AG -> Trion Worlds Inc.)
FirewallRules: [{416435C1-8FE3-435B-9156-A7F58877E3F0}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{8E412536-373E-4C13-A29D-C945CFF3F468}] => (Allow) D:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{09BDB81A-CC7F-4E11-ACC4-B79D4F6E02ED}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe No File
FirewallRules: [{B69AC346-24BB-4E65-BF69-9B61E352B3E1}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe No File
FirewallRules: [{85F62185-3F56-4495-8FF0-05FF8B15639A}] => (Allow) D:\Program Files\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{A3DD66F9-82A9-4D68-959B-8C428BAB4A01}] => (Allow) D:\Program Files\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{57ABA7F2-57D7-460E-BFE3-480B1DF8705D}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{7C7AADF1-0348-4716-8D45-E68663812038}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{826037DF-7E85-4779-AD81-9203A1BBAD10}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{DBC89183-7BFF-4240-A3A8-41EE1A56EC9A}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{CEFB7EE9-6646-49FD-9994-2F93110DE311}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{C0603D56-7147-4D75-A68B-C8C0C54272A8}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{9C710C13-E5BF-4EF5-9AFC-6E4F80510C29}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{998C5DCE-6B00-46AD-AFCE-EA006344DE3F}] => (Allow) D:\Program Files\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{EA2F9F06-D274-4FB1-B9E5-2A3313DC58CA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2C659A08-9310-4557-BC0E-5F3388AB9930}] => (Allow) d:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{CB2F5265-2AD3-40BA-98F4-50419BF02B5E}] => (Allow) d:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{8A2D80CA-F7FB-40E4-AA01-6469CB37AAC6}] => (Allow) d:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司)
FirewallRules: [{707CDC37-8FA5-4FF7-B0E1-A576B3E54868}] => (Allow) d:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{EF77A55C-7B0F-4E3B-AF15-365158351DE9}] => (Allow) d:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{59322C67-B066-4722-B110-8FC42872B39A}] => (Allow) d:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{6F02D6C4-97CC-4331-BEE7-1211B6680EE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe (Psyonix, Inc. -> Psyonix LLC)
FirewallRules: [{ABBBFA1E-0D6B-4DA8-9A0A-F469D9B05F2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe (Psyonix, Inc. -> Psyonix LLC)
FirewallRules: [{65846EBD-A00F-4CAF-8B74-6FCECBF90921}] => (Allow) d:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{049D7B6D-972E-4330-A460-7AE5756736A6}] => (Allow) d:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{6C0F0F5B-D9F5-4B34-AED7-E7693CD737B1}] => (Allow) d:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司)
FirewallRules: [{F47814F0-E2C1-4055-BAB6-D5DB350BC6C2}] => (Allow) d:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{7DE995D3-9F19-4666-BA8E-9CED2CED9108}] => (Allow) d:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{1F889816-0248-4390-849D-12F43776159F}] => (Allow) d:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{C984AF87-B885-442C-A1BF-1452870BD57A}] => (Allow) d:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{1256CC24-BE13-40C1-AEAF-C29B006DB47C}] => (Allow) d:\program files\txgameassistant\ui\adb.exe () [File not signed]
FirewallRules: [{0F07E9DD-4E5B-48A6-A4B1-22A42CBA8DC5}] => (Allow) d:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{B3FD23BF-E32B-4229-BF0E-31F0985E3300}] => (Allow) d:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{66311854-A908-4FD8-BA9E-CCE0C2F1A7DC}] => (Allow) d:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{563A95E2-95C3-4FCF-B3A0-A224A23080EA}] => (Allow) D:\Program Files\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe (Sandbox Interactive GmbH -> Sandbox Interactive GmbH)
FirewallRules: [{B224AE53-9030-4A4F-8340-37632F561296}] => (Allow) D:\Program Files\Steam\steamapps\common\Albion Online\launcher\AlbionLauncher.exe (Sandbox Interactive GmbH -> Sandbox Interactive GmbH)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Error: (03/12/2020 08:56:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program jusched.exe version 2.8.241.7 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Start Time: 01d5f809d9041396
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Report Id: 15a85608-5182-4f81-8649-6c470f77ad64
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (03/11/2020 08:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7938
Error: (03/11/2020 08:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7938
Error: (03/11/2020 08:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/11/2020 08:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5922
Error: (03/11/2020 08:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5922
Error: (03/11/2020 08:07:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/11/2020 08:07:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3938
Error: (03/12/2020 04:33:45 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BMTUFOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-BMTUFOP\clout SID (S-1-5-21-2254226901-1145813690-3230946469-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2020 04:31:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BMTUFOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-BMTUFOP\clout SID (S-1-5-21-2254226901-1145813690-3230946469-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2020 04:31:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BMTUFOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-BMTUFOP\clout SID (S-1-5-21-2254226901-1145813690-3230946469-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2020 04:30:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2020 04:30:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2020 04:30:49 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {a78c5ce2-f5c6-4dce-a5b9-fe0754d414bd}, had event 74
Error: (03/12/2020 09:13:25 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BMTUFOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-BMTUFOP\clout SID (S-1-5-21-2254226901-1145813690-3230946469-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2020 09:13:12 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BMTUFOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-BMTUFOP\clout SID (S-1-5-21-2254226901-1145813690-3230946469-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
===================================
Date: 2019-12-27 12:04:02.681
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Conteban.B!ml
Path: containerfile:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar; file:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar->RedBoy 4.5.2\RedBoy.exe
Detection Origin: Local machine
Signature Version: AV: 1.307.1195.0, AS: 1.307.1195.0, NIS: 1.307.1195.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2019-12-27 12:04:02.680
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.C
Path: containerfile:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar; file:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar->RedBoy 4.5.2\EasyExploitsDLL.dll
Detection Origin: Local machine
Signature Version: AV: 1.307.1195.0, AS: 1.307.1195.0, NIS: 1.307.1195.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2019-12-27 12:03:49.493
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Conteban.B!ml
Path: containerfile:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar; file:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar->RedBoy 4.5.2\RedBoy.exe
Detection Origin: Local machine
Signature Version: AV: 1.307.1195.0, AS: 1.307.1195.0, NIS: 1.307.1195.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2019-12-27 12:03:49.492
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.C
Path: containerfile:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar; file:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar->RedBoy 4.5.2\EasyExploitsDLL.dll
Detection Origin: Local machine
Signature Version: AV: 1.307.1195.0, AS: 1.307.1195.0, NIS: 1.307.1195.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2019-12-27 12:03:48.182
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/CredentialAccess!rfn
Path: containerfile:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar; file:_C:\Users\clout\Desktop\RedBoy 4.5.2.rar->RedBoy 4.5.2\EasyExploits.dll
Detection Origin: Local machine
Signature Version: AV: 1.307.1195.0, AS: 1.307.1195.0, NIS: 1.307.1195.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2019-12-17 08:28:41.736
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.574.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-10-09 10:55:05.019
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error description: The server name or address could not be resolved
Date: 2019-10-09 10:55:05.019
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error description: The server name or address could not be resolved
Date: 2019-10-09 10:55:05.019
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error description: The server name or address could not be resolved
Date: 2019-10-09 10:55:05.014
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error description: The server name or address could not be resolved
===================================
Date: 2020-03-12 08:59:21.220
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-12 08:59:21.219
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-12 08:47:52.084
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-12 08:47:52.083
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-03-12 08:45:09.051
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-12 08:45:09.049
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-12 08:45:08.908
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-12 08:45:08.906
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.8.0 11/11/2019
Motherboard: Dell Inc. 0MV58M
Processor: Intel® Core™ i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 16210.56 MB
Available physical RAM: 9312.19 MB
Total Virtual: 18642.56 MB
Available Virtual: 9810.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.87 GB) (Free:5.18 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:806.42 GB) NTFS
\\?\Volume{0bea46ff-d8ef-45ac-0b7f-f2c07489685a}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{4d705ffa-3519-4a2e-d97d-cd8865ff3338}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 13C58858)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 119F119F)
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
Ran by clout (administrator) on DESKTOP-BMTUFOP (Dell Inc. G3 3590) (12-03-2020 16:35:11)
Loaded Profiles: clout (Available Profiles: clout)
Platform: Windows 10 Home Version 1809 17763.1039 (X64) Language: English (United States)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Discord Inc. -> Discord Inc.) C:\Users\clout\AppData\Local\Discord\app-0.0.306\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\clout\AppData\Local\Discord\app-0.0.306\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\clout\AppData\Local\Discord\app-0.0.306\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\clout\AppData\Local\Discord\app-0.0.306\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\clout\AppData\Local\Discord\app-0.0.306\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\clout\AppData\Local\Discord\app-0.0.306\Discord.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e037a24a568ff66b\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e037a24a568ff66b\IntelCpHeciSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_a9d5be0a023fe844\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_a9d5be0a023fe844\Display.NvContainer\NVDisplay.Container.exe
(PLARIUM GLOBAL LTD. -> ) C:\Users\clout\AppData\Local\Plarium\PlariumPlay\PlariumPlayClientService.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\PMRunner32.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\PMRunner64.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(RemoteMyApp sp. z o.o. -> RemoteMyApp sp. z o.o.) C:\Program Files (x86)\Remotr\RemotrService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.1.69\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.1.69\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.1.69\nsWscSvc.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [873976 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [266624 2020-03-04] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [Discord] => C:\Users\clout\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3508464 2020-01-07] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [Parsec.App.0] => C:\Users\clout\AppData\Roaming\Parsec\electron\parsec.exe hidden=1
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [f.lux] => C:\Users\clout\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1109152 2020-02-28] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [Turn Off Monitor] => C:\Program Files (x86)\Turn Off Monitor\TurnOffMon.exe :silent
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [Auto LogOff] => C:\Program Files (x86)\Turn Off Monitor\AutoLogOff.exe :silent
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [PlariumPlay] => C:\Users\clout\AppData\Local\Plarium\PlariumPlay\PlariumPlay --args -tray-start
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-2254226901-1145813690-3230946469-1002\...\Run: [bBauuOsq] => C:\Program Files\Java\jre1.8.0_241\bin\javaw.exe -jar C:\Users\clout\AppData\Roaming\NZJe2\hvdeblYQ.jar v1gS7
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3508464 2020-01-07] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.132\Installer\chrmstp.exe [2020-03-05] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00AB2097-2495-4A00-AF1A-329BDB6143AE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0E19E946-1CA8-4229-BF01-28A40B82B139} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.1.69\WSCStub.exe [570824 2020-01-21] (Symantec Corporation -> Symantec Corporation)
Task: {1BF7702B-E2E4-459B-BF61-D094D0FEAA0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-12] (Adobe Inc. -> Adobe)
Task: {2ABBC389-7A9C-46A1-B6EB-548ADBCFB5B8} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_7e148e9c120d86df\lib\IntelPTTEKRecertification.exe [925152 2019-04-23] (Intel® Trust Services -> Intel® Corporation)
Task: {31667E13-3C03-45AD-9829-9A68C7981F11} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {343ADB23-3AB5-430A-9600-40EF38B2A76F} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {368891A2-6BCE-48D4-B492-F7ECD064476F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {38C5F97D-B9B3-4831-B83C-ED5DB809DB60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-23] (Google Inc -> Google LLC)
Task: {467A06EB-EF20-4741-820F-8E7BED72B7B1} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {48200A72-92C7-4313-932C-CCD3BBAC914E} - System32\Tasks\Norton AntiVirus Plus\Norton AntiVirus Error Processor => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation)
Task: {501DBCE9-CCAC-4413-8F5A-C808BC51AE8D} - System32\Tasks\Norton AntiVirus Plus\Norton AntiVirus Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe [116392 2020-01-21] (Symantec Corporation -> Symantec Corporation)
Task: {63585E7D-4BF4-487B-A46E-04675D8BAC35} - System32\Tasks\DisplayCAL Profile Loader Launcher => C:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles-launcher.exe
Task: {8FBACA0F-2F5E-4C9B-A21A-63D4C35CCBF5} - System32\Tasks\DisplayCAL Profile Loader Launcher - Daily Restart => C:\Program Files (x86)\DisplayCAL\DisplayCAL-apply-profiles-launcher.exe
Task: {90C140FF-B021-4B23-AE00-8B3E1A1BE051} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-12] (Adobe Inc. -> Adobe)
Task: {B1D9A73D-21C7-4EEA-B890-96BC01504271} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [1926304 2020-01-21] (Symantec Corporation -> Symantec Corporation)
Task: {C435C569-EB0C-4A3B-A650-322D77B3A95E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-23] (Google Inc -> Google LLC)
Task: {C4543886-440A-410F-873C-B2DEDE7D2F1F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C97B86A3-3CED-4ED2-A08B-FB06D44D210A} - System32\Tasks\Opera GX scheduled Autoupdate 1583425598 => C:\Users\clout\AppData\Local\Programs\Opera GX\launcher.exe [1473048 2020-02-20] (Opera Software AS -> Opera Software)
Task: {CFC05991-D897-435D-9AA1-07F1B15BCFE1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DF10ECBB-C779-475F-9704-DCC85D33B991} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F4994D7D-8EB4-4D74-AD8D-E11ED90474DE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
-
-