Solved Norton detecting attack - miner.bitcoinminer Activity 25/miner.bitcoinminer activity 7/coinminer activity 2

Vishalbhx

Posts: 27   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-02-2021 01
Ran by User (administrator) on LAPTOP-PPJ4SOMT (ASUSTeK COMPUTER INC. Strix GL703GS_GL703GS) (11-02-2021 11:23:03)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\vms\VBoxVmService64.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
(ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
(ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe
(ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy\ASUS Battery Health Charging\BhcMgr.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.30.0_x86__qmba6cd70vzyy\AuraListen.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\ACMON.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
 

Vishalbhx

Posts: 27   +0
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Iain Patterson) [File not signed] C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_3cf4f6fdbcf7ab9d\Intel_PIE_Service.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.20.5.39\nsWscSvc.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation -> ) C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe <3>
(Oracle Corporation -> Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.5.39\NortonSecurity.exe <2>
(Thesycon Software Solutions GmbH & Co. KG -> Audient) C:\Program Files\Audient\USBAudioDriver\W10_x64\iD.exe
(Tweakbit Pty Ltd -> TweakBit) C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe <2>
 

Vishalbhx

Posts: 27   +0
==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-06-20] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SGDawNodeService] => C:\Windows\SysWOW64\SGDawNodeService.exe [10225152 2018-09-03] (Waves Audio Ltd.) [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [ExpressVpnNotificationService] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpnNotificationService.exe [773248 2019-02-12] (Express Vpn LLC -> ExpressVPN)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2019-01-22] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62625080 2020-06-10] (Discord Inc. -> Discord Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\User\AppData\Local\splice\app-3.6.6481\Splice.exe [83318784 2020-12-07] (Splice) [File not signed]
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [23597424 2021-02-05] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [BakkesMod] => C:\Program Files\BakkesMod\BakkesMod.exe [16070656 2021-01-06] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2019-12-17]
ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\W10_x64\iD.exe (Thesycon Software Solutions GmbH & Co. KG -> Audient)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2019-03-01]
ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2019-03-01]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoundGrid Studio.lnk [2019-03-17]
ShortcutTarget: SoundGrid Studio.lnk -> C:\Program Files (x86)\Waves\SoundGrid Studio\SoundGrid Studio.exe (Waves Inc -> )

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B5662CF-B966-4F43-A482-4A2322026E63} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {0D120AAC-72E2-411F-94CE-E56D30EEECB1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {155A780E-0454-463B-8F89-56D5FEFA9355} - System32\Tasks\GameFirstV => C:\Program Files (x86)\ASUS\GameFirst\\GameFirst_V.exe [719736 2018-06-01] (Apex Titan Technology Corp. -> ASUS)
Task: {179AFE52-E31A-45CD-83F6-52F6265E5416} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe [4719072 2018-06-06] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {21EDBE8E-A55B-40CD-A963-A532D4E9FFB0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2A5F5CB1-7443-40AD-8650-5405807B1121} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [1234432 2018-06-20] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {3025402A-294B-44D8-93A3-B76100A3E06C} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3255AA20-3ED0-43B0-9686-B77A0F38E508} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [157016 2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {3518B1D0-D5E1-415F-A9FF-06CAC559DB42} - System32\Tasks\Norton 360 Premier\Norton 360 Premier Autofix => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe
Task: {393DC355-0401-4251-94B5-283CE4FD75FC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277528 2019-07-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {3A741FC9-A494-46C2-982A-70D60C2FC2A8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {44B40784-8F02-41DF-BADD-23873117DD85} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {4A24D6E7-F0EC-4B91-8779-640C50515EC4} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {52DFA9B8-8472-4A77-AF14-673281691C02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-14] (Google Inc -> Google Inc.)
Task: {60116058-83EE-4D88-A721-F0289D2BB091} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {63A9C0BC-33F4-438F-AF26-FFC05B7F78E6} - System32\Tasks\ErrorFixKIT => C:\Program Files (x86)\ErrorFix KIT\ErrorFixKIT.exe
Task: {67078213-06BB-4893-BBF6-F63196424C48} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [File not signed]
Task: {6D09A9DC-9EAD-4109-8FAE-F1A592EBA527} - System32\Tasks\ASUS Promotion => C:\Program Files\ASUS\ASUS Promotion\ASUS Promotion.exe [1049568 2018-10-26] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {6E80F0DC-D484-47A0-AD90-672D3B11AF2F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {7888CA47-7316-464E-8569-674B61098409} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {7D21DC3F-3426-43A7-95E6-BB540FEB9183} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {86F8733D-0867-4F0C-B523-C1D18D22C2F4} - System32\Tasks\ASUS Hello => C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe [642448 2018-05-31] (ASUSTeK Computer Inc. -> )
Task: {87BAAF12-4EC1-4842-B12C-56E4444EAEE8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B4C2B4D4-9E1A-4B3E-93A5-D9D6D7841F76} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2162328 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {BD8E17EC-B97B-414B-B2BE-D521159A2671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-14] (Google Inc -> Google Inc.)
Task: {BF2AEE78-F12D-42E7-87C8-2EC1A2F8D40E} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2018-06-20] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {C0FAC356-5F44-42DE-A90F-746985E72F22} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-07-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C89A1D3B-5A40-4519-A10D-50DA149303FD} - System32\Tasks\Norton 360 Premier\Norton 360 Premier Error Processor => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe
Task: {C94A23E0-C2AA-4ACD-ABF2-5AC960CDDF31} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {D25F15DD-7E2E-4909-AD6B-7294C722E577} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {D3BD67C9-1AFA-4995-A284-3C3ACCD14FA4} - System32\Tasks\Norton 360 Premier\Norton 360 Premier Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe
Task: {DBD793A6-BAAB-45A1-A09B-7A92783976C7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.5.39\WSCStub.exe [644608 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {DDFCC143-EA1E-412D-B17E-40A1DC385AA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E30BA1AE-27D2-4BC3-BE45-56CD2B5CF723} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E4774486-3A18-4367-B743-11B33DA81AC9} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [4829336 2019-08-22] (Tweakbit Pty Ltd -> TweakBit) <==== ATTENTION
Task: {E5CBC6F7-41D1-4D3C-A16E-559FC1C7719A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E721D554-7890-4841-B77E-F58008CDF08D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E948229F-9590-4872-B64B-B5313E709796} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E9B3B3C2-9CFB-4D74-A24A-686043480BE9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EA55607C-38EF-4E87-A42D-EF3BFAD553EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD6A4BBD-1115-46D7-8AC9-A314CE687CC2} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [157016 2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1c9bcd8b-0328-44e5-b3b4-06742fa67f1d}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2d8747be-818c-4013-9f6c-b3257b480011}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5fe0346a-60fc-4545-832f-c347e3e52f3c}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [not found]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-02]

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-01-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.asus.com/ASUS Update;version=3 -> C:\Program Files (x86)\ASUS\Update\1.3.101.0\npAsusUpdate3.dll [2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FF Plugin-x32: @tools.asus.com/ASUS Update;version=9 -> C:\Program Files (x86)\ASUS\Update\1.3.101.0\npAsusUpdate3.dll [2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-01-22] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-02-11]
CHR Notifications: Default -> hxxps://freemp3downloads.online; hxxps://www.cityam.com; hxxps://www.dailymail.co.uk; hxxps://www.gamesradar.com; hxxps://www.netflix.com; hxxps://www.reddit.com; hxxps://www.sadeempc.com
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-14]
CHR Extension: (Norton Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2021-01-08]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-14]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-03]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2021-01-08]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-14]
CHR Extension: (Norton Safe Web) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2021-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.20.5.39\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
CHR HKU\S-1-5-21-649401577-2412752257-3447827928-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKU\S-1-5-21-649401577-2412752257-3447827928-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.20.5.39\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [olojcnagmcbplpdddabmpfehhlleobpb]
 

Vishalbhx

Posts: 27   +0
==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-01-22] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [157016 2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [157016 2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
S2 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [325456 2018-06-12] (ASUSTek Computer Inc. -> )
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [368640 2019-02-12] (Iain Patterson) [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [1977392 2019-04-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [18575480 2019-02-15] (Native Instruments GmbH -> Native Instruments GmbH)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.20.5.39\NortonSecurity.exe [344760 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.20.5.39\nsWscSvc.exe [1056096 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 ROGGamingCenterService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe [40416 2018-06-06] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 VBoxVmService; C:\vms\VBoxVmService64.exe [127488 2017-10-19] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusNumpadKbd; C:\WINDOWS\System32\drivers\AsusDigiFilter.sys [117504 2018-11-14] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 audientusbaudio; C:\WINDOWS\System32\drivers\audientusbaudio.sys [366800 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 audientusbaudioks; C:\WINDOWS\System32\drivers\audientusbaudioks.sys [53456 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\BASHDefs\20210208.001\BHDrvx64.sys [1991536 2020-11-03] (Symantec Corporation -> Broadcom)
R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\ccSetx64.sys [192248 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-01-28] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-05] (Symantec Corporation -> Broadcom)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28160 2019-02-12] (ExprsVPN LLC -> )
S0 FlashBoot; C:\WINDOWS\System32\drivers\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC -> Challenger Backup Solutions, LLC)
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
R0 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 ibtavflt; C:\WINDOWS\System32\drivers\ibtavflt.sys [45808 2015-07-24] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\IPSDefs\20210210.061\IDSvia64.sys [1479536 2021-01-18] (Symantec Corporation -> Broadcom)
R3 MonitorFunction; C:\WINDOWS\System32\drivers\lockscr.sys [24560 2019-01-21] (Remote Utilities LLC -> )
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R1 netfilter21556; C:\WINDOWS\System32\drivers\netfilter21556.sys [96392 2017-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 SoundGridMIDI; C:\WINDOWS\system32\drivers\SoundGridMidi.sys [44088 2018-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
R3 SoundGridMIDI; C:\Windows\SysWOW64\drivers\SoundGridMidi.sys [22016 2018-09-03] (Waves Audio Ltd.) [File not signed]
R2 SoundGridProtocol; C:\WINDOWS\system32\DRIVERS\SoundGridProtocol.sys [118320 2018-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
R2 SoundGridProtocol; C:\Windows\SysWOW64\DRIVERS\SoundGridProtocol.sys [56832 2018-09-03] (Waves Audio Ltd.) [File not signed]
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SRTSP64.SYS [889704 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SRTSPX64.SYS [50920 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SYMEFASI64.SYS [1964384 2020-07-24] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SymELAM.sys [25080 2020-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-24] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.3.21\SymPlatform\SymEvnt.sys [712368 2020-01-17] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\Ironx64.SYS [316488 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\symnets.sys [575328 2020-07-24] (Symantec Corporation -> Symantec Corporation)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2019-02-12] (ExprsVPN LLC -> The OpenVPN Project)
S3 VBoxNetAdp; no ImagePath
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\wpCtrlDrv.sys [1013792 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S1 VBoxNetLwf; \SystemRoot\system32\DRIVERS\VBoxNetLwf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-11 11:23 - 2021-02-11 11:23 - 000037249 _____ C:\Users\User\Desktop\FRST.txt
2021-02-11 11:10 - 2021-02-11 11:23 - 000000000 ____D C:\FRST
2021-02-11 11:10 - 2021-02-11 11:10 - 004563856 _____ (Avira Operations GmbH & Co. KG) C:\Users\User\Desktop\avira_en_sptl1x___techspot.exe
2021-02-11 11:10 - 2021-02-11 11:10 - 002297344 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-02-11 10:54 - 2021-02-11 11:01 - 000000000 ____D C:\Users\User\AppData\Local\NPE
2021-02-11 08:26 - 2021-02-11 08:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-02-11 08:16 - 2021-02-11 08:16 - 000007354 _____ C:\Users\User\Desktop\Moneycorp Remote Desktop.rdp
2021-02-09 21:38 - 2021-02-09 21:38 - 010641356 _____ C:\WINDOWS\Minidump\020921-8515-01.dmp
2021-02-08 20:10 - 2021-02-08 20:10 - 000000000 ____D C:\Users\User\AppData\Roaming\sys00_1_1
2021-02-08 19:51 - 2021-02-08 19:51 - 000000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2021-02-08 19:51 - 2021-02-08 19:51 - 000000000 ____D C:\Program Files (x86)\Antares Audio Technologies
2021-02-08 19:45 - 2021-02-08 20:10 - 000000000 __SHD C:\vms
2021-02-08 19:45 - 2021-02-08 19:46 - 000000000 ____D C:\Users\User\AppData\Roaming\sys00_1
2021-02-08 19:45 - 2021-02-08 19:45 - 000000000 __SHD C:\Program Files\Oracle
2021-02-08 19:45 - 2021-02-08 19:45 - 000000000 ____D C:\Program Files\Common Files\Audio
2021-02-08 19:45 - 2018-08-14 06:58 - 000984376 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2021-02-08 18:31 - 2021-02-08 18:44 - 000000000 ____D C:\ProgramData\KMSAutoS
2021-02-05 13:47 - 2021-02-05 13:47 - 005837572 _____ C:\WINDOWS\Minidump\020521-13234-01.dmp
2021-01-24 22:17 - 2021-02-02 08:34 - 000000000 ____D C:\Users\User\Desktop\MODS
2021-01-24 01:56 - 2021-01-24 01:59 - 000000000 ____D C:\Users\User\Desktop\plugins
2021-01-24 01:53 - 2021-01-24 01:53 - 000000000 ____D C:\Users\User\AppData\Roaming\bakkesmod
2021-01-24 01:52 - 2021-01-24 01:52 - 000000839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk
2021-01-24 01:52 - 2021-01-24 01:52 - 000000000 ____D C:\Program Files\BakkesMod
2021-01-22 14:21 - 2021-01-22 14:21 - 010608908 _____ C:\WINDOWS\Minidump\012221-13625-01.dmp
2021-01-18 17:50 - 2021-01-18 17:50 - 137729495 _____ C:\Users\User\Desktop\Princess Cuts.mp4
2021-01-13 18:27 - 2021-01-13 18:27 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 18:27 - 2021-01-13 18:27 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 18:27 - 2021-01-13 18:27 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 18:27 - 2021-01-13 18:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 18:27 - 2021-01-13 18:27 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 18:27 - 2021-01-13 18:27 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 18:27 - 2021-01-13 18:27 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 18:27 - 2021-01-13 18:27 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 18:27 - 2021-01-13 18:27 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 18:27 - 2021-01-13 18:27 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 18:27 - 2021-01-13 18:27 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 18:27 - 2021-01-13 18:27 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 18:27 - 2021-01-13 18:27 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 18:26 - 2021-01-13 18:26 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 18:26 - 2021-01-13 18:26 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 18:26 - 2021-01-13 18:26 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 18:26 - 2021-01-13 18:26 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 18:26 - 2021-01-13 18:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 18:26 - 2021-01-13 18:26 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 18:26 - 2021-01-13 18:26 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-11 10:57 - 2019-02-14 22:26 - 000000000 ____D C:\ProgramData\Norton
2021-02-11 10:55 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-11 09:51 - 2019-09-29 22:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-11 08:25 - 2019-02-18 01:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-02-11 08:17 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-02-11 08:16 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-11 08:15 - 2018-04-11 23:38 - 000000139 _____ C:\WINDOWS\win.ini
2021-02-11 08:13 - 2020-06-25 00:03 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 08:13 - 2020-06-25 00:03 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-11 08:13 - 2020-03-25 22:01 - 000000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
2021-02-10 18:48 - 2020-08-06 21:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2021-02-10 12:25 - 2018-11-29 01:57 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-10 11:11 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-10 11:08 - 2020-06-10 20:19 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2021-02-10 11:08 - 2019-03-22 16:08 - 000000000 ____D C:\Users\User\AppData\Local\Spotify
2021-02-10 11:08 - 2019-03-22 16:01 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify
2021-02-09 21:43 - 2019-09-29 23:05 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-09 21:43 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-09 21:39 - 2019-10-17 13:23 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-09 21:38 - 2019-09-29 22:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-09 21:38 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Registration
2021-02-09 21:37 - 2019-12-07 04:01 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2021-02-09 18:39 - 2019-12-07 04:02 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper
2021-02-09 08:14 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-09 08:14 - 2019-02-14 15:38 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 20:33 - 2019-02-19 03:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Celemony Software GmbH
2021-02-08 20:23 - 2019-02-19 04:32 - 000000000 ____D C:\ProgramData\ValhallaVintageVerbPreferences
2021-02-08 20:23 - 2019-02-19 04:32 - 000000000 ____D C:\ProgramData\ValhallaVintageVerb
2021-02-08 20:23 - 2019-02-19 04:27 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2021-02-08 20:23 - 2019-02-19 04:27 - 000000000 ____D C:\ProgramData\ValhallaRoom
2021-02-08 20:23 - 2019-02-19 03:19 - 000000000 ____D C:\Users\User\AppData\Roaming\Scaler
2021-02-08 20:21 - 2019-03-01 04:20 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-02-08 20:17 - 2019-02-14 22:21 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-02-08 20:12 - 2020-06-28 04:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2021-02-08 20:11 - 2019-03-19 04:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-08 19:51 - 2019-02-19 02:16 - 000000000 ____D C:\Program Files\Common Files\vst3
2021-02-08 19:46 - 2019-03-19 04:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-08 18:25 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-02-08 17:43 - 2019-02-09 04:38 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-02-08 08:12 - 2019-09-29 22:59 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-649401577-2412752257-3447827928-1001
2021-02-08 08:12 - 2019-09-29 22:58 - 000002362 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-08 08:12 - 2019-02-09 04:40 - 000000000 ___RD C:\Users\User\OneDrive
2021-02-07 20:24 - 2020-06-25 00:03 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-05 02:52 - 2019-09-29 22:59 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 02:52 - 2019-09-29 22:59 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-31 21:53 - 2020-10-16 21:16 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-31 16:47 - 2019-03-03 01:32 - 000000000 ____D C:\Users\User\AppData\Local\SpliceSettings
2021-01-24 01:48 - 2019-02-15 20:12 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-01-24 01:34 - 2019-02-22 03:48 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-22 14:21 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-14 01:13 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-14 01:13 - 2019-02-09 04:38 - 000000000 ___RD C:\Users\User\3D Objects
2021-01-14 01:12 - 2019-09-29 22:56 - 004914584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-14 01:11 - 2019-03-19 11:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-14 01:11 - 2019-03-19 11:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-14 01:11 - 2019-03-19 11:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 18:31 - 2019-02-09 04:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 18:29 - 2019-02-09 04:45 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 18:26 - 2019-09-29 23:01 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
 

Vishalbhx

Posts: 27   +0
==================== Files in the root of some directories ========

2019-02-19 02:16 - 2019-02-19 02:16 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2019-02-19 02:16 - 2019-02-19 02:16 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-02-19 02:18 - 2019-02-19 02:18 - 000000000 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2020-02-05 18:41 - 2020-02-05 18:42 - 000000000 _____ () C:\Users\User\AppData\Local\{6A8CEADD-12A7-4AC6-BBEB-7DD70E0E6907}
2019-04-03 00:51 - 2019-04-03 00:51 - 000000000 _____ () C:\Users\User\AppData\Local\{7DE6E57D-9580-44F9-BA9E-CA7E9594CD30}
2019-12-17 02:15 - 2019-12-17 02:16 - 000000000 _____ () C:\Users\User\AppData\Local\{E1FCD8FD-0F40-460C-A501-619AA49C7506}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Vishalbhx

Posts: 27   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by User (11-02-2021 11:24:30)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1909 18363.1316 (X64) (2019-09-29 23:03:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-649401577-2412752257-3447827928-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-649401577-2412752257-3447827928-503 - Limited - Disabled)
Guest (S-1-5-21-649401577-2412752257-3447827928-501 - Limited - Disabled)
User (S-1-5-21-649401577-2412752257-3447827928-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-649401577-2412752257-3447827928-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.0.421 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2019 (HKLM-x32\...\AME_13_0_2) (Version: 13.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
Adobe premier (HKLM\...\{A33A5D8E-C860-48A7-B8DF-11B354570F70}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Antares Auto-Tune Pro (64+32-bit) (HKLM\...\{D116FBD6-9265-4215-9C00-66B4A097BE88}) (Version: 9.00.1000 - Antares Audio Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Arcade (HKLM\...\{326CB604-6000-40FC-AA77-AEAACB0D0EB4}) (Version: 1.2.1584 - Output, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.2.9.1 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{02e30ab3-e6e3-42f5-bf7c-7e9b7b316e31}) (Version: 2.2.9.1 - ASUSTek COMPUTER INC.) Hidden
Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.21 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{c58f0770-46aa-4b41-a148-b9b73a1451f7}) (Version: 1.1.21 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.2.1 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{fe55c1b5-bc05-4822-873e-412743572d3e}) (Version: 1.2.1 - ASUSTek COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.38 - ASUSTek COMPUTER INC.) Hidden
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.5.0 - ASUSTeK COMPUTER INC.)
Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.2.3.0 - ASUSTeK COMPUTER INC.)
ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.)
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.33 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{43baebef-1237-4e88-be25-d3834308a0c6}) (Version: 1.0.33 - ASUSTek COMPUTER INC.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.29 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{f651776f-58aa-42a2-ab37-593fb3d78ef2}) (Version: 1.0.29 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.29 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{e3f99131-d5d0-4805-96a7-7e126e8295dd}) (Version: 1.0.29 - ASUSTek COMPUTER INC.) Hidden
Asus NahimicSettingsConfigurator (HKLM\...\{B4994529-E096-4D1E-8F2A-159AA1641841}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
Asus ProfileSwitcherCleanup (HKLM\...\{CD2BB5C3-6AFC-473C-8348-C79893C08473}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC) Hidden
ASUS Promotion (HKLM\...\{10FE8E2F-7BDD-4430-8D63-3D3BA3F708D9}) (Version: 1.0.3 - ASUSTeK COMPUTER INC.)
Asus Sonic Radar 3 (HKLM-x32\...\{7cab61c4-45aa-4016-9c38-b868b93b8f60}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{a34044ff-d5de-4779-9854-251dce726ae2}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC)
Asus SonicMapperConfigurator (HKLM\...\{0A462643-2991-4DD5-8ED0-EE421AF14F54}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC) Hidden
Asus SonicRadar3Setup (HKLM\...\{E0C665CB-1BC0-4DFA-9CA3-707D0B3B1D32}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{8EAEB7E8-9699-4C45-ACEB-CF64455F0C26}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - ASUSTeK Computer Inc.) Hidden
Audient USB Audio Driver v4.0.3 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 4.0.3 - Audient)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.03.38 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{6c213c67-ce1f-4e63-b202-4c101b6f1f64}) (Version: 3.03.38 - ASUSTeK Computer Inc.)
BakkesMod version 3.0 (HKLM\...\{BF029534-4334-4CFC-B771-50B7EE54346F}_is1) (Version: 3.0 - BakkesMod)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Black Box Analog Design HG-2 (HKLM\...\HG-2_is1) (Version: 1.3.0 - Black Box Analog Design)
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version: - Bome Software GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Celemony Melodyne Studio 4 (HKLM\...\Melodyne Studio 4_is1) (Version: 4.1.1.011 - Celemony)
ColourCopy (HKLM\...\u-he ColourCopy_is1) (Version: 1.0.0.7675 - Team V.R)
Discord (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.91 - NVIDIA Corporation) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ExpressVPN (HKLM-x32\...\{4dd320cd-0359-40d1-ae98-3b29548e1028}) (Version: 6.9.0.6804 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8365D82C5}) (Version: 6.9.0.6804 - ExpressVPN) Hidden
EZkeys Complete Bundle 1.2.4 (HKLM\...\Toontrack EZkeys Complete-r4e_is1) (Version: 1.2.4 - Toontrack Music AB)
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2018.02.22 - FabFilter)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GameFirst V (HKLM-x32\...\{8A6E0CD9-CECD-4760-869D-AC7813014B22}) (Version: 5.0.12.2 - ASUSTeK COMPUTER INC.) Hidden
GameFirst V (HKLM-x32\...\GameFirst V 5.0.12.2) (Version: 5.0.12.2 - ASUSTeK COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Heatup3 (HKLM-x32\...\{InitialAudio-Heatup3}) (Version: 3.0.3 - Initial Audio)
IGdm 2.6.5 (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\1ead4f81-c61a-5fa6-9e81-7a8c0c868952) (Version: 2.6.5 - ifedapo olarewaju)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
iLok Installer x64 (HKLM\...\{C426AFAB-3596-465a-B8C5-5EA2DB6B9F7A}) (Version: 5.0.1.2449 - PACE Anti-Piracy, Inc.)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{EDD93990-EFCC-44E9-A7E5-BBE90FEC52FA}) (Version: 18.0.156 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AF8A5E6C-7485-47FB-9FE4-CF3B43FDB178}) (Version: 18.0.156 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.1.1018 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{f2c35b53-83a0-46a9-aba5-5a273e4de44c}) (Version: 20.60.2 - Intel Corporation)
iTunes (HKLM\...\{ABCE8B41-D52C-4304-A5B9-2445AA8B4D4B}) (Version: 12.9.6.3 - Apple Inc.)
iZotope Meter Tap 3 (HKLM\...\Meter Tap 3_is1) (Version: 1.0.1 - iZotope)
iZotope RX 7 Post Production Suite (HKLM\...\RX 7 Post Production Suite_is1) (Version: 3.02 - iZotope & Team V.R)
iZotope Tonal Balance Control (HKLM\...\Tonal Balance Control_is1) (Version: 1.0.1 - iZotope)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Kazrog KClip3 (HKLM\...\KClip3_is1) (Version: 3.1.0 - Kazrog)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lexicon MPX Native Reverb (HKLM\...\MPX Native Reverb_is1) (Version: 1.0.6 - Lexicon)
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.3.4.436 - Native Instruments)
Native Instruments Expansions Selection (HKLM-x32\...\Native Instruments Expansions Selection) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments)
Native Instruments Hybrid Keys (HKLM-x32\...\Native Instruments Hybrid Keys) (Version: 1.0.0.13 - Native Instruments)
Native Instruments India (HKLM-x32\...\Native Instruments India) (Version: 1.0.0.31 - Native Instruments)
Native Instruments Kinetic Treats (HKLM-x32\...\Native Instruments Kinetic Treats) (Version: 1.1.0.3 - Native Instruments)
Native Instruments Komplete Kontrol (HKLM-x32\...\Native Instruments Komplete Kontrol) (Version: 2.1.0.4 - Native Instruments)
Native Instruments Komplete Kontrol Driver (HKLM-x32\...\Native Instruments Komplete Kontrol Driver) (Version: - Native Instruments)
Native Instruments Komplete Kontrol MK2 Driver (HKLM-x32\...\Native Instruments Komplete Kontrol MK2 Driver) (Version: - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.2.1 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.5.22 - Native Instruments)
Native Instruments Mikro Prism (HKLM-x32\...\Native Instruments Mikro Prism) (Version: 1.1.0.14 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.9.1.103 - Native Instruments)
Native Instruments NIHostIntegrationAgent (HKLM-x32\...\Native Instruments NIHostIntegrationAgent) (Version: 1.8.5.128 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 0.1.2.30 - Native Instruments)
Native Instruments Play Series Selection (HKLM-x32\...\Native Instruments Play Series Selection) (Version: 1.0.0.6 - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.2.2.5 - Native Instruments)
Native Instruments Reaktor Factory Selection R2 (HKLM-x32\...\Native Instruments Reaktor Factory Selection R2) (Version: 1.0.1.7 - Native Instruments)
Native Instruments Rise and Hit (HKLM-x32\...\Native Instruments Rise and Hit) (Version: 1.0.0.8 - Native Instruments)
Native Instruments Scarbee Rickenbacker Bass (HKLM-x32\...\Native Instruments Scarbee Rickenbacker Bass) (Version: - Native Instruments)
Native Instruments Session Guitarist - Strummed Acoustic 2 (HKLM-x32\...\Native Instruments Session Guitarist - Strummed Acoustic 2) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.3.1.45 - Native Instruments)
Native Instruments TRK-01 Bass (HKLM-x32\...\Native Instruments TRK-01 Bass) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Una Corda (HKLM-x32\...\Native Instruments Una Corda) (Version: 1.0.0.13 - Native Instruments)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.20.5.39 - Symantec Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Output Movement (HKLM-x32\...\Output Movement) (Version: 1.0.3 - Output)
OVO RNB 2 Win 64bit installer % (HKLM-x32\...\OVO RNB 2 Win 64bit installer %) (Version: 1.00 - StudioLinked)
Ozone 8 Advanced (HKLM-x32\...\Ozone 8) (Version: 8.01 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{D96A09AC-FE52-4624-864D-7A7FE9254178}) (Version: 5.0.2.2530 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{D96A09AC-FE52-4624-864D-7A7FE9254178}) (Version: 5.0.2.2530 - PACE Anti-Piracy, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8761.1 - Realtek Semiconductor Corp.)
ReCycle 2.2.4 (HKLM\...\ReCycle2.2_64_is1) (Version: 2.2.4 - Propellerhead Software AB)
Reveal Sound Spire (HKLM\...\Spire_is1) (Version: 1.1.14 - Reveal Sound)
ROG Gaming Center (HKLM\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.5.9 - ASUSTeK COMPUTER INC.)
Scaler (HKLM\...\Scaler_is1) (Version: 1.5.0 - Plugin Boutique)
SlowMo (HKLM-x32\...\{SlowMo-InitialAudio}) (Version: 1.0 - Initial Audio)
SONiVOX EightyEight 2 (HKLM-x32\...\SONiVOX EightyEight 2_is1) (Version: - )
Splice (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\splice) (Version: 3.6.6481 - Distributed Creation, Inc.)
Spotify (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Spotify) (Version: 1.1.51.380.ga06fdc8d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sylenth1 version 2.2.1.X (HKLM-x32\...\{3A739C30-3D3D-4B91-B82E-15874763FD86}_is1) (Version: 2.2.1.X - Lennar Digital)
TBProAudio bundle 2019.3 (HKLM\...\TBProAudio bundle_is1) (Version: 2019.3 - TB-Software GbR & Team V.R)
TheGoat VST (HKLM\...\TheGoat VST1.0) (Version: 1.0 - INFINT ESSENTIALS)
TweakBit Driver Updater (HKLM-x32\...\{62D64B30-6E10-4C49-95FE-EDD8F8165DED}_is1) (Version: 2.0.1.12 - Tweakbit Pty Ltd)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Valhalla DSP Valhalla Room (HKLM\...\Valhalla Room_is1) (Version: 1.5.1 - Valhalla DSP)
Valhalla DSP Valhalla VintageVerb (HKLM\...\Valhalla VintageVerb_is1) (Version: 1.7.1 - Valhalla DSP)
Voxengo bundle 2018.12 (HKLM\...\Voxengo bundle_is1) (Version: 2018.12 - Voxengo)
Voxengo SPAN Plus (HKLM\...\Voxengo SPAN Plus_is1) (Version: 1.5 - Voxengo)
Waves Central 10.0.1.3 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 10.0.1 - Waves, Inc.)
Waves Complete (HKLM\...\Complete_is1) (Version: 2018.04.22 - Waves)
Waves SoundGrid Drivers 10.0.10.47 (HKLM\...\Waves SoundGrid Drivers_is1) (Version: - Waves Audio Ltd.)
WhatsApp (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\WhatsApp) (Version: 2.2039.9 - WhatsApp)
Windows Driver Package - AMD (amdkmpfd) System (03/05/2019 19.20.0.0000) (HKLM\...\C69BF33BF7029AD093B4E0466E880E41AD727716) (Version: 03/05/2019 19.20.0.0000 - AMD)
Windows Driver Package - ASUSTek COMPUTER INC. (AsusNumpadKbd) Keyboard (11/13/2018 12.1.0.19) (HKLM\...\22D40EAFADA265B5C1CB2D6986DE6931BF088099) (Version: 11/13/2018 12.1.0.19 - ASUSTek COMPUTER INC.)
Windows Driver Package - ASUSTek Computer Inc. (ATKWMIACPIIO) System (12/24/2018 2.0.7.0) (HKLM\...\73B79501BCF60C0E7F88FF1E04378FCFF9225A1E) (Version: 12/24/2018 2.0.7.0 - ASUSTek Computer Inc.)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (03/18/2019 15.21.1.11) (HKLM\...\6E60FF86A7B57D3FBC6540A44C25FB1870EB3F46) (Version: 03/18/2019 15.21.1.11 - ELAN SMBus)
Windows Driver Package - Intel (esif_lf) System (08/21/2018 8.3.10209.6897) (HKLM\...\066E132E04DC1F3D3FFA3490155A30B6DE393748) (Version: 08/21/2018 8.3.10209.6897 - Intel)
Windows Driver Package - Intel (ICCWDT) System (02/04/2019 11.7.0.1000) (HKLM\...\C153FB7B44739886998300A4B179B6C13776F4F2) (Version: 02/04/2019 11.7.0.1000 - Intel)
Windows Driver Package - Intel (MEIx64) System (01/21/2019 1904.12.0.1208) (HKLM\...\75F3A57E778AA2F4C6A8D53D318BFFA09450A6B4) (Version: 01/21/2019 1904.12.0.1208 - Intel)
Windows Driver Package - Intel Corp (hswultpep) System (01/30/2013 1.0.5.591) (HKLM\...\9D406FEE18ADC9C102B04926FB415C1F530F5C77) (Version: 01/30/2013 1.0.5.591 - Intel Corp)
Windows Driver Package - Intel Corporation (btmaux) BluetoothAuxiliary (01/09/2019 20.90.4.1) (HKLM\...\0436E70310ADEEAD0F8DAD30030837428104DAA1) (Version: 01/09/2019 20.90.4.1 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaLPSS2_GPIO2) System (01/11/2019 30.100.1902.3) (HKLM\...\6FBA4AE08DCAF9F299284A0BA65453761DDC9A59) (Version: 01/11/2019 30.100.1902.3 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaLPSS2_I2C) System (01/11/2019 30.100.1902.3) (HKLM\...\637A5BE794156C8C2FD6F35181CC18BFA557AEB4) (Version: 01/11/2019 30.100.1902.3 - Intel Corporation)
Windows Driver Package - Intel Corporation (ibtavflt) HIDClass (07/23/2015 17.1.1530.0031) (HKLM\...\83FFBF6F9A01455D326599BC412BF444B93BB894) (Version: 07/23/2015 17.1.1530.0031 - Intel Corporation)
Windows Driver Package - Intel Corporation (ibtusb) Bluetooth (02/28/2019 21.00.0.4) (HKLM\...\FC183A0BEF03DA50CAD8032DA7CCA3FA6E4243AD) (Version: 02/28/2019 21.00.0.4 - Intel Corporation)
Windows Driver Package - INTEL System (01/02/2018 10.1.1.45) (HKLM\...\0A1AAFDD057C86944F6AE0858866D780E5EB4C66) (Version: 01/02/2018 10.1.1.45 - INTEL)
Windows Driver Package - INTEL System (07/18/1968 10.1.14.7) (HKLM\...\6264D83E2F0E318EAEF2BEF3557D62683E393010) (Version: 07/18/1968 10.1.14.7 - INTEL)
Windows Driver Package - INTEL System (07/18/1968 10.1.16.6) (HKLM\...\A28A9B8ADBCFBDB702FBB7C6A60AE08BBB661A13) (Version: 07/18/1968 10.1.16.6 - INTEL)
Windows Driver Package - INTEL System (09/30/2016 10.1.1.36) (HKLM\...\11287438B689752F2FE31A68278352622407C3EC) (Version: 09/30/2016 10.1.1.36 - INTEL)
Windows Driver Package - INTEL System (12/18/2018 10.1.7.3) (HKLM\...\26E945A1C55F00B23A0C73684BD1EAD40DB5139F) (Version: 12/18/2018 10.1.7.3 - INTEL)
Windows Driver Package - INTEL System (12/18/2018 10.1.7.3) (HKLM\...\68188A4FC8167DCDBEBAFBC7B87F24857E7B6830) (Version: 12/18/2018 10.1.7.3 - INTEL)
Windows Driver Package - INTEL System (12/18/2018 10.1.7.3) (HKLM\...\C7BD4B4032715DFC9CB24BA0F88B5EA8A3C605D9) (Version: 12/18/2018 10.1.7.3 - INTEL)
Windows Driver Package - NEC Personal Computers, Ltd. (necbatt) Battery (05/09/2018 1.0.0.6) (HKLM\...\0958F21D5DB378418B496CAAD4C41065587DE322) (Version: 05/09/2018 1.0.0.6 - NEC Personal Computers, Ltd.)
Windows Driver Package - Qualcomm Atheros Communications (AthBTPort) BluetoothVirtual (06/22/2016 4.0.0.688) (HKLM\...\01069D6802A68D1F83307E6BCAE2264CE16C91D4) (Version: 06/22/2016 4.0.0.688 - Qualcomm Atheros Communications)
Windows Driver Package - Realtek (rt640x64) Net (12/06/2018 10.032.1206.2018) (HKLM\...\2EED619D04E612310FFD11C95F9B85C9C0F915D7) (Version: 12/06/2018 10.032.1206.2018 - Realtek)
Windows Driver Package - Realtek Camera (01/30/2019 10.0.17763.20086) (HKLM\...\A061BC66246A0EF1191AB798139E9CC19F597F37) (Version: 01/30/2019 10.0.17763.20086 - Realtek)
Windows Driver Package - Remote Utilities LLC (MonitorFunction) Monitor (01/21/2019 16.10.46.576) (HKLM\...\D1A359D7AACFA04424BDDA9BA49C81EB248799E3) (Version: 01/21/2019 16.10.46.576 - Remote Utilities LLC)
Windows Driver Package - Surface SCSIAdapter (03/29/2017 11.0.4.0) (HKLM\...\5D4CA996C8FDDD9A096AE02463686686BA91E275) (Version: 03/29/2017 11.0.4.0 - Surface)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.10.0 - ASUSTeK COMPUTER INC.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Wondershare Fotophire Slideshow Maker(Build 1.0.3) (HKLM-x32\...\Wondershare Fotophire Slideshow Maker_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Xpand!2 (HKLM-x32\...\{dadbcc76-2a7e-4f53-a77a-3868c51bdd80}) (Version: 2.2.7.19000 - AIR Music Tech GmbH)
Xpand!2 Content (HKLM-x32\...\{AEB475C2-FC86-4082-87D7-352DFB075B2C}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 Factory Content (HKLM-x32\...\{C1149DC5-F5B9-455E-B6B3-B81D9B5C80A0}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 VST32 (HKLM-x32\...\{87716891-1EC0-46CC-8821-5A4DC75EEFD7}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 VST64 (HKLM\...\{B9802F00-659C-4C21-9BA5-0958BAC6EFEF}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
XSplit Gamecaster (HKLM-x32\...\{9A128943-F2EC-4E84-8088-65A9975537BD}) (Version: 3.3.1805.0401 - SplitmediaLabs)
Youlean Loudness Meter 2 (HKLM\...\Loudness Meter 2_is1) (Version: 2.1.1 - Youlean)
Zoom (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)
 

Vishalbhx

Posts: 27   +0
G -> C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy [2018-11-29] (ASUSTeK COMPUTER INC.) [Startup Task]
ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-18] (ASUSTeK COMPUTER INC.) [Startup Task]
ASUS Product Registration Program -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgram_3.0.3.0_x86__qmba6cd70vzyy [2019-02-14] (ASUSTeK COMPUTER INC.) [Startup Task]
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.10.0_x86__q7m17pa7q8kj0 [2021-02-09] (Deezer SA)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-19] (Dolby Laboratories)
eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2018-11-29] (ASUSTeK COMPUTER INC.)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-02-09] (Fitbit)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-02-14] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.54.0_x64__wafk5atnkzcwy [2020-12-03] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-28] (Microsoft Studios) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-23] (MAGIX)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-11-29] (ASUSTeK COMPUTER INC.) [Startup Task]
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.1.0_neutral__v68kp9n051hdp [2021-01-16] (NortonLifeLock Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-09] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.25.1.0_x64__nfy108tqq3p12 [2021-02-09] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-02-09] (Plex)
ROG Aura Core -> C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.30.0_x86__qmba6cd70vzyy [2019-02-14] (ASUSTeK COMPUTER INC.) [Startup Task]
ROG GameVisual -> C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy [2019-12-12] (ASUSTeK COMPUTER INC.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-649401577-2412752257-3447827928-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\User\Creative Cloud Files [2019-03-02 20:28]
CustomCLSID: HKU\S-1-5-21-649401577-2412752257-3447827928-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-02-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-10-24 09:49 - 2018-10-24 09:49 - 000071680 _____ () [File not signed] C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2020-03-23 22:34 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-23 22:34 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2019-02-12 16:34 - 2019-02-12 16:34 - 000303104 _____ () [File not signed] C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.SplitTunnel.dll
2019-03-26 09:51 - 2019-03-26 09:51 - 000053248 _____ () [File not signed] C:\Program Files (x86)\LightingService\cpuutil.dll
2019-03-26 09:51 - 2019-03-26 09:51 - 000018432 _____ () [File not signed] C:\Program Files (x86)\LightingService\Log4cxxWrapper.dll
2018-06-20 22:55 - 2018-06-20 22:55 - 000367616 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\NSConfiguratorDaemonModule.dll
2018-06-20 23:08 - 2018-06-20 23:08 - 000230912 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\ProfileSwitcherDaemonModule.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000190976 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\CCTAdjust.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000038400 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\DetectDisplayDC.dll
2018-11-29 02:29 - 2018-11-29 02:29 - 000038912 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\VideoEnhance.dll
2019-03-26 09:51 - 2019-03-26 09:51 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000462848 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\ColorU.dll
2019-02-15 22:43 - 2018-12-30 07:00 - 000077824 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-12-07 04:44 - 2018-05-18 04:34 - 000014848 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\TweakBit\Driver Updater\SHFolder.dll
2019-03-15 13:36 - 2019-03-15 13:36 - 000418304 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll
2019-03-15 14:05 - 2019-03-15 14:05 - 000350208 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Mouse\AacMouseHal_x86.dll
2019-02-14 22:26 - 2019-02-14 22:26 - 000019456 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.30.0_x86__qmba6cd70vzyy\Hook.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000452608 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\ColorUGameDLL.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000029696 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\GLCDdll.dll
2020-03-23 22:34 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-649401577-2412752257-3447827928-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-649401577-2412752257-3447827928-1001 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f26d6a24a791ed6f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-649401577-2412752257-3447827928-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-649401577-2412752257-3447827928-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f26d6a24a791ed6f&q={searchTerms}
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.20.5.39\coIEPlg.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.20.5.39\coIEPlg.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.20.5.39\coIEPlg.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.20.5.39\coIEPlg.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\sharepoint.com -> hxxps://brunelalumni-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 23:38 - 2019-02-19 02:17 - 000000920 ____N C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.r2rdownload.net
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\ia32_win\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\Control Panel\Desktop\\Wallpaper -> D:\User\Pictures\Bhxlu\Promo Art\4k Bhxlu Wallpaper.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Hamachi: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Bluetooth Network Connection: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
WiFi: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Ethernet: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "SoundGrid Studio.lnk"
HKLM\...\StartupApproved\Run: => "SGDawNodeService"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "ExpressVpnNotificationService"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "ExpressVPN4"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "com.squirrel.splice.Splice"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "Steam"
 

Vishalbhx

Posts: 27   +0
==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C599832-D22C-4AFE-A257-D0DA458AB11E}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D360C30F-399D-425E-B61E-FD704D1B52F5}] => (Block) C\:programFiles\Adobe\Adobe Media Encoder CC 2019\Adobe Media Encoder.exe => No File
FirewallRules: [{93405FEB-3E20-43AA-A14C-F56F76774A3E}] => (Block) C:\ProgramFiles\Adobe\Adobe After Effects CC 2019\Support Files\AfterFX.exe => No File
FirewallRules: [{C2CA4BDD-2025-452A-AB50-89FA4117813A}] => (Block) %ProgramFiles% (x86)\Microsoft Office\root\Office16\DRWUI.exe => No File
FirewallRules: [{A39A4197-15FC-4676-90EE-E1F916AA616C}] => (Block) %ProgramFiles% (x86)\Microsoft Office\root\Office16\ONENOTE.EXE => No File
FirewallRules: [{ED94E489-A13D-436A-A85C-912153D9056D}] => (Block) %ProgramFiles% (x86)\Microsoft Office\root\Office16\MSACCESS.EXE => No File
FirewallRules: [{BAC2DB7B-16CA-4B66-B6F6-6CF9DD485668}] => (Block) %ProgramFiles% (x86)\Microsoft Office\root\Office16\MSPUB.EXE => No File
FirewallRules: [{90A78489-9ACB-459C-B403-3177CBB83165}] => (Block) %ProgramFiles% (x86)\Microsoft Office\root\Office16\POWERPNT.EXE => No File
FirewallRules: [{6337E6C7-2501-4B26-8CCA-AC99E0F0867C}] => (Block) %ProgramFiles% (x86)\Microsoft Office\root\Office16\EXCEL.EXE => No File
FirewallRules: [{DA14E504-C6A8-4DC3-B942-E4FBFC630C2B}] => (Block) C:\ProgramFiles (x86)\Microsoft Office\root\Office16\WINWORD.EXE => No File
FirewallRules: [{49D4083A-2148-4D3D-AE7D-E191350609EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A64F5C74-5E49-44A8-A676-17F035DE3D92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E9DC352D-D1EE-445E-92F5-FB7C7F605D72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{91CA8A08-921A-4845-A7F3-EE547A27AE5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{511D7428-0905-4695-9CF6-53D5D64546F8}] => (Allow) G:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe => No File
FirewallRules: [{AA7F873D-F68D-46DB-84B2-8FDABEA1A78D}] => (Allow) G:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe => No File
FirewallRules: [{27B60C99-DC68-435C-971A-E8CAA91A3A58}] => (Allow) G:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe => No File
FirewallRules: [{6AF389B9-6727-43C9-8A9E-521DB4F55FB1}] => (Allow) G:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe => No File
FirewallRules: [{350B70CF-26E5-4903-A6E3-14971BB7A6B6}] => (Allow) C:\Program Files (x86)\Waves\SoundGrid for Venue\SoundGrid Inventory.exe (Waves Inc -> )
FirewallRules: [{5E854906-9BDB-418C-AB88-C9962D1A288A}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe (Waves Inc -> Waves Audio Ltd.)
FirewallRules: [{321C56B8-DC64-421B-9F29-A5FB8A37B19F}] => (Allow) C:\Program Files (x86)\Waves\SoundGrid for Venue\SoundGrid Inventory.exe (Waves Inc -> )
FirewallRules: [{6DDD632C-9F51-4083-AF8D-B2B0A9028D18}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe (Waves Inc -> Waves Audio Ltd.)
FirewallRules: [{4CCC87F9-ECE8-44D4-BA8F-8389444745D0}] => (Block) C:\Program Files (x86)\Image-Line\FL Studio 20\FL64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [{1E0628E0-4386-4E36-9082-D3F0B91361A0}] => (Block) C:\Program Files (x86)\Image-Line\FL Studio 20\FL64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [{86D6C9B4-F669-4DB5-A58C-6A86CF79A132}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B8DB6113-05F1-483A-A62C-551E8950EA6C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9CC8E3C7-75B0-45EF-9AD6-A2293324AD4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{50F6B0A9-F41E-4A04-8432-06C2B74EC9FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0C62E947-9C4B-4FAC-B078-B63CDE919173}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C26B7F88-8EB7-4915-B884-89CC4D30B726}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{23CE9CDF-3268-4765-B050-9A3E7ADD482F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{385C295F-6631-4C2A-9EEF-C950AA4CE181}] => (Block) C:\ProgramFiles\Adobe\Adobe Photoshop CC 2019\Photoshop.exe => No File
FirewallRules: [{543985F3-784C-4627-BC9A-52E4C94158E7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{7B085C7A-EC07-4FA4-95F1-F1A149AB84DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{0D5F650C-ABD5-46E9-884E-AD919794C1FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{59552EF6-C731-450E-86B8-8694C474EDF5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B8D03625-F9C5-4DA7-807A-E6C0CF2AD16A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11231.20174.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3BAFFB31-B1D7-4008-A990-F158ED73B564}] => (Allow) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGCAndroidService.exe (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{882100DE-BF65-4223-9168-F3DF8B5CBF20}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{A37697A9-683C-489F-83C2-5E38CE2F3E8C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{3E90370B-DE3A-4507-8548-6F12D36B3210}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{7A9004C8-5694-429B-8A1C-B192DD3EE1E3}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe (SplitmediaLabs Limited -> SplitmediaLabs Limited)
FirewallRules: [{9021B4D7-8BDC-47A2-8AFB-2ADED043347A}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{B4089C0F-00C1-4794-80C8-207F22B6D3D2}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs Limited -> SplitmediaLabs)
FirewallRules: [{2C89E353-E878-49DC-8EFC-A1C7E59E46CE}] => (Allow) C:\Program Files (x86)\ASUS\GameFirst\GameFirst_V.exe (Apex Titan Technology Corp. -> ASUS)
FirewallRules: [{BFE07667-9BCC-4415-AB77-91DD02EB3182}] => (Allow) C:\Program Files (x86)\ASUS\GameFirst\DUTUtil.exe (Apex Titan Technology Corp. -> ASUSTeK Computer Inc.)
FirewallRules: [{787A8D48-EEBA-4911-BF28-56E544C5C2F6}] => (Allow) C:\Program Files (x86)\ASUS\GameFirst\DUTUtil.exe (Apex Titan Technology Corp. -> ASUSTeK Computer Inc.)
FirewallRules: [{1313D3A9-14AD-4B63-90E5-C74D97E1099E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{56C2D1D4-3185-444A-8AF6-10EC4F489DB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16551636-5447-4A61-8267-8BA7F530606B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DDD1FD49-706F-4573-AC78-BFCD88535518}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DA6AD7B6-1CF5-47F7-A4B2-7DDE5E690817}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{37D9DE68-7A3C-4115-AA84-F802AF33AB07}] => (Allow) G:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe => No File
FirewallRules: [{30933B10-8678-4325-A215-B5AD3AA107CE}] => (Allow) G:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe => No File
FirewallRules: [{D701D3CE-4322-4C12-BBC0-F7D5061E4746}] => (Allow) G:\SteamLibrary\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe => No File
FirewallRules: [{7B765731-EAB2-48E1-85C2-ADA696BF0542}] => (Allow) G:\SteamLibrary\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe => No File
FirewallRules: [{9D32767F-2CEB-4263-8C4B-D95CFCFAC676}] => (Allow) G:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{64AB937B-DDAC-487D-9ACF-C5A921232B51}] => (Allow) G:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{5408F24D-37E6-4B11-99D4-E00912E9F269}] => (Block) C:\ProgramFiles\Adobe\Adobe After Effects CC 2019\Support Files\CRWindowsClientService.exe => No File
FirewallRules: [{C48F52FB-FB46-422F-8579-E615EC759682}] => (Block) C:\ProgramFiles\Adobe\Adobe Media Encoder CC 2019\CRWindowsClientService.exe => No File
FirewallRules: [{BD4DB044-E369-4D20-90AD-1A3D434CC3AC}] => (Block) C:\ProgramFiles\Adobe\Adobe Photoshop CC 2019\CRWindowsClientService.exe => No File
FirewallRules: [{15CE61FB-F7EE-4230-B117-555F1AE4CA36}] => (Block) C:\ProgramFiles\Adobe\Adobe Premiere Pro CC 2018\CRWindowsClientService.exe => No File
FirewallRules: [{259C2223-7E77-4925-9FB3-6714BA2B024F}] => (Block) C:\ProgramFiles (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe => No File
FirewallRules: [{05B43C24-E243-4F59-9C87-092ACC21D653}] => (Block) C:\ProgramFiles (x86)\Common Files\Adobe\AdobeGCClient\Adobe Genuine Helper.exe => No File
FirewallRules: [{B1688800-DFFE-4896-8948-5549C2F2A830}] => (Block) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe (Adobe Inc. -> Adobe Systems, Incorporated)
FirewallRules: [{BE6EBDE8-2537-498D-BEDD-95D5231C7A44}] => (Allow) G:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{FEFEAB2B-DFFA-4CA0-BEC1-3A0ED7BD09C9}] => (Allow) G:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{C936061B-E766-43C3-AD1C-6E61615FA785}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{ADAD83CA-0233-49F1-A643-5F2B2A9B4BFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{3872FB55-03D0-4024-975F-29C5B37C92BF}] => (Allow) G:\SteamLibrary\steamapps\common\Limbo\limbo.exe => No File
FirewallRules: [{FDB88BE2-5121-449F-A9B3-C2A70B92F23E}] => (Allow) G:\SteamLibrary\steamapps\common\Limbo\limbo.exe => No File
FirewallRules: [{500DD59C-05D8-40A1-99E4-0B0CBF89C22B}] => (Allow) G:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe => No File
FirewallRules: [{C504FB4B-F7A1-4B7C-8136-A0CE8ED5AF0D}] => (Allow) G:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe => No File
FirewallRules: [{2EC4603B-219A-472C-94D9-57FDD96F7AD1}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BC83BBDF-458F-48FC-9D80-0B24495EC5C2}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{59894DE5-6858-4DFD-AEC2-B1DE0B1EFC91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{52AD7CCE-7431-4A65-B2FC-CCAF4F0DD904}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{0756E11D-E3C2-425D-97CD-9DB79FF0C3D5}] => (Allow) G:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe => No File
FirewallRules: [{568721C2-39A6-4440-93E8-090D73CC43AB}] => (Allow) G:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe => No File
FirewallRules: [{9384B9BB-EC3F-4473-947D-EF2D012188B6}] => (Allow) G:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe => No File
FirewallRules: [{5973FFC0-BC87-4E83-832B-CE3A06D48BF8}] => (Allow) G:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe => No File
FirewallRules: [{35034B30-307C-4FB3-8632-2726CE61159F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{580E0532-E331-4941-8651-72A309966C27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{189E0F78-9CB4-4398-AFFD-A6AB1AF9FFD2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7CB0FD24-264B-4659-A2F3-B11A22D3D373}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{45657C16-009A-4577-B5AE-1D35575B6876}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F251A90A-D0E2-436A-A46E-5AC9F9A7D24A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{873EC497-07F2-44B3-9C2B-C75B19654DE3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

08-02-2021 11:48:34 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/11/2021 11:15:40 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15296,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/11/2021 11:07:32 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17320,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/11/2021 10:29:09 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12680,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/11/2021 10:04:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11680,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/11/2021 09:06:43 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3752,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/11/2021 08:34:19 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/11/2021 08:26:16 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17244,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/10/2021 06:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1468


System errors:
=============
Error: (02/11/2021 10:31:56 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PPJ4SOMT)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/11/2021 10:22:56 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PPJ4SOMT)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/11/2021 09:31:56 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PPJ4SOMT)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/11/2021 08:31:56 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PPJ4SOMT)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/11/2021 08:12:54 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PPJ4SOMT)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/10/2021 06:31:44 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PPJ4SOMT)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/10/2021 05:31:44 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PPJ4SOMT)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/10/2021 04:31:44 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-PPJ4SOMT)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


CodeIntegrity:
===================================

Date: 2021-02-11 09:39:20.133
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-02-11 09:39:20.128
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-02-11 09:39:20.121
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-02-11 09:39:20.117
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-02-11 09:39:20.067
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-02-11 08:25:20.312
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-02-11 08:25:20.307
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-02-11 08:25:20.297
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. GL703GS.310 07/11/2019
Motherboard: ASUSTeK COMPUTER INC. GL703GS
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 16306.97 MB
Available physical RAM: 9315.32 MB
Total Virtual: 29106.97 MB
Available Virtual: 17727.74 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:237.42 GB) (Free:38.45 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:202.62 GB) NTFS

\\?\Volume{7c1d0d19-f64c-49f2-846f-8fc60767b26e}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.33 GB) NTFS
\\?\Volume{fca6c954-2aaf-4939-b924-c741f3132d20}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: FFA73ABD)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 73F3DC6B)

Partition: GPT.

==================== End of Addition.txt =======================
 

Broni

Posts: 55,718   +501
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Vishalbhx

Posts: 27   +0
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Hi Broni,

Upon downloading rogue killer, it asked me to activate my license. I ignored this and ran a standard scan.

So far I have just run the Rogue Killer scan but I still have Norton running in the background blocking all the miner.bitcoin attacks. Is this okay? please see the results of the scan attached. IF all is okay so far, I will continue with the instructions.

Thanks,

Vishal
 

Attachments

  • RogueKiller 1.PNG
    RogueKiller 1.PNG
    37.8 KB · Views: 10

Broni

Posts: 55,718   +501
Please observe forum rules. ALL logs have to be pasted NOT attached.

RogueKiller Anti-Malware V14.8.4.0 (x64) [Jan 13 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Normal mode
User : User [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210208_123054, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/02/11 14:37:04 (Duration : 00:05:54)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1 (Potentially Malicious)] DriverUpdater.exe -- %programfiles(x86)%\TweakBit\Driver Updater\DriverUpdater.exe -> Killed [Tree]
[PUP.ErrorFixKit (Potentially Malicious)] \ErrorFixKIT -- "C:\Program Files (x86)\ErrorFix KIT\ErrorFixKIT.exe" (start) -> Deleted
[PUP.Gen1 (Potentially Malicious)] \TweakBit\Driver Updater\Start Driver Updater automatic scanning -- C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe (/AutoScan /UseTray /Schedule) -> Deleted
[PUP.ErrorFixKit (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\ErrorFixKIT -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\TweakBit -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-649401577-2412752257-3447827928-1001\Software\csastats -- -> Deleted
[PUP.HighPCBooster (Potentially Malicious)] BSD -- %programdata%\BSD -> Deleted
=> history2.dat -- C:\PROGRA~3\BSD\DRIVER~1\history2.dat -> Deleted
=> DriverHive -- C:\PROGRA~3\BSD\DRIVER~1 -> Deleted
=> scandet2.dat -- C:\PROGRA~3\BSD\DRIVER~2\scandet2.dat -> Deleted
=> scansummary2.dat -- C:\PROGRA~3\BSD\DRIVER~2\SCANSU~1.DAT -> Deleted
=> DriverHiveEngine -- C:\PROGRA~3\BSD\DRIVER~2 -> Deleted
[PUP.HackTool (Potentially Malicious)] KMSAutoS -- %programdata%\KMSAutoS -> Deleted
=> oas_sert.cer -- C:\PROGRA~3\KMSAutoS\bin\driver\oas_sert.cer -> Deleted
=> tap0901.cer -- C:\PROGRA~3\KMSAutoS\bin\driver\tap0901.cer -> Deleted
=> devcon.exe -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP1\devcon.exe -> Deleted
=> OemVista.inf -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP1\OemVista.inf -> Deleted
=> ptun0901.cat -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP1\ptun0901.cat -> Deleted
=> ptun0901.sys -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP1\ptun0901.sys -> Deleted
=> x64TAP1 -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP1 -> Deleted
=> devcon.exe -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP2\devcon.exe -> Deleted
=> tapoas.cat -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP2\tapoas.cat -> Deleted
=> tapoas.inf -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP2\tapoas.inf -> Deleted
=> tapoas.sys -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP2\tapoas.sys -> Deleted
=> x64TAP2 -- C:\PROGRA~3\KMSAutoS\bin\driver\x64TAP2 -> Deleted
=> FakeClient.exe -- C:\PROGRA~3\KMSAutoS\bin\driver\x64WDV\FAKECL~1.EXE -> Deleted
=> WdfCoInstaller01009.dll -- C:\PROGRA~3\KMSAutoS\bin\driver\x64WDV\WDFCOI~1.DLL -> Deleted
=> WinDivert.dll -- C:\PROGRA~3\KMSAutoS\bin\driver\x64WDV\WINDIV~1.DLL -> Deleted
=> WinDivert.inf -- C:\PROGRA~3\KMSAutoS\bin\driver\x64WDV\WINDIV~1.INF -> Deleted
=> WinDivert.sys -- C:\PROGRA~3\KMSAutoS\bin\driver\x64WDV\WINDIV~1.SYS -> Deleted
=> x64WDV -- C:\PROGRA~3\KMSAutoS\bin\driver\x64WDV -> Deleted
=> driver -- C:\PROGRA~3\KMSAutoS\bin\driver -> Deleted
=> KMSSS.exe -- C:\PROGRA~3\KMSAutoS\bin\KMSSS.exe -> Deleted
=> TunMirror.exe -- C:\PROGRA~3\KMSAutoS\bin\TUNMIR~1.EXE -> Deleted
=> TunMirror2.exe -- C:\PROGRA~3\KMSAutoS\bin\TUNMIR~2.EXE -> Deleted
=> bin -- C:\PROGRA~3\KMSAutoS\bin -> Deleted
=> kmsauto.ini -- C:\PROGRA~3\KMSAutoS\kmsauto.ini -> Deleted
[PUP.Gen1 (Potentially Malicious)] TweakBit -- %programdata%\Microsoft\Windows\Start Menu\Programs\TweakBit -> Deleted
=> TweakBit Driver Updater on the Web.url -- C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\TweakBit\DRIVER~1\TWEAKB~1.URL -> Deleted
=> TweakBit Driver Updater.lnk -- C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\TweakBit\DRIVER~1\TWEAKB~1.LNK -> Deleted
=> Uninstall Driver Updater.lnk -- C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\TweakBit\DRIVER~1\UNINST~1.LNK -> Deleted
=> Driver Updater -- C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\TweakBit\DRIVER~1 -> Deleted
[PUP.Gen1 (Potentially Malicious)] TweakBit -- %programdata%\TweakBit -> Removed at reboot [91]
=> archive_DriverHiveEngine_0.log -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\ARCHIV~1.LOG -> Deleted
=> BthDefaultService.NT_bth.inf_{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\BTHDEF~1.ZIP -> Deleted
=> BthGenericService.NT_bth.inf_{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\BTHGEN~1.ZIP -> Deleted
=> CmBatt_Inst_cmbatt.inf_{72631E54-78A4-11D0-BCF7-00AA00B7B32A}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\CMBATT~1.ZIP -> Deleted
=> dirinfo.xml -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\dirinfo.xml -> Deleted
=> DptfAcpi.NTamd64_oem35.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\DPTFAC~1.ZIP -> Deleted
=> DptfCpu.NTamd64_oem15.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\DPTFCP~1.ZIP -> Deleted
=> EsifManager10.0.NTamd64_oem2.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\ESIFMA~1.ZIP -> Deleted
=> HID_Keyboard_Inst.NT_keyboard.inf_{4D36E96B-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\HID_KE~1.ZIP -> Deleted
=> HSWULT_intelpep.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\HSWULT~1.ZIP -> Deleted
=> iaLPSS2i_GPIO2_CNL_Device.NT_iaLPSS2i_GPIO2_CNL.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\IALPSS~2.ZIP -> Deleted
=> iaLPSS2i_I2C_CNL_Device.NT_iaLPSS2i_I2C_CNL.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\IALPSS~1.ZIP -> Deleted
=> ibtusb_oem13.inf_{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\IBTUSB~1.ZIP -> Deleted
=> ICCWDT.NT_oem5.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\ICCWDT~1.ZIP -> Deleted
=> Needs_ISAPNP_DRV_oem30.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\NEEDS_~3.ZIP -> Deleted
=> Needs_NO_DRV_oem30.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\NEEDS_~4.ZIP -> Deleted
=> Needs_NO_DRV_oem39.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\NEFA9F~1.ZIP -> Deleted
=> Needs_NO_DRV_oem43.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\NEEDS_~1.ZIP -> Deleted
=> Needs_PCI_DRV_oem30.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\NEEDS_~2.ZIP -> Deleted
=> Needs_PCI_DRV_oem34.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\NE5720~1.ZIP -> Deleted
=> NO_DRV64_oem54.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\NO_DRV~1.ZIP -> Deleted
=> PCI_ROOT_pci.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\PCI_RO~1.ZIP -> Deleted
=> PnPMonitor.Install_monitor.inf_{4D36E96E-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\PNPMON~1.ZIP -> Deleted
=> RTL8168HS5WOLHideDisable.ndi.NT_oem57.inf_{4D36E972-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\RTL816~1.ZIP -> Deleted
=> Stornvme_Inst_stornvme.inf_{4D36E97B-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\STORNV~1.ZIP -> Deleted
=> TEE_DDI_W10_x64_oem51.inf_{4D36E97D-E325-11CE-BFC1-08002BE10318}.zip -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1\TEE_DD~1.ZIP -> Deleted
=> 07_12_19 4_48_22 -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1\07_12_~1 -> Deleted
=> Backup drivers -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\BACKUP~1 -> Deleted
=> statistics.dat -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\DOWNLO~1\STATIS~1.DAT -> Deleted
=> unfixed.dat -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\DOWNLO~1\unfixed.dat -> Deleted
=> Downloads -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\DOWNLO~1 -> Deleted
=> DriverHiveEngine_0.log -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\DRIVER~1.LOG -> Removed at reboot [0]
=> DriverUpdaterLogic.log -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\Logs\DRIVER~1.LOG -> Deleted
=> Logs -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\Logs -> Deleted
=> Driver Updater -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\Rescue\DRIVER~1 -> Deleted
=> Rescue -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x\Rescue -> Deleted
=> 2.x -- C:\PROGRA~3\TweakBit\DRIVER~1\2.x -> Removed at reboot [0]
=> Driver Updater -- C:\PROGRA~3\TweakBit\DRIVER~1 -> Removed at reboot [0]
[PUP.Gen1 (Potentially Malicious)] TweakBit -- %programfiles(x86)%\TweakBit -> Deleted
=> ATPopupsHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\ATPOPU~1.DLL -> Deleted
=> ATUpdatersHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\ATUPDA~1.DLL -> Deleted
=> AxComponentsRTL.bpl -- C:\PROGRA~2\TweakBit\DRIVER~1\AXCOMP~1.BPL -> Deleted
=> AxComponentsVCL.bpl -- C:\PROGRA~2\TweakBit\DRIVER~1\AXCOMP~2.BPL -> Deleted
=> CFAHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\CFAHEL~1.DLL -> Deleted
=> CommonForms.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\COMMON~2.DLL -> Deleted
=> CommonForms.Routine.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\COMMON~3.DLL -> Deleted
=> CommonForms.Site.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\COMMON~1.DLL -> Deleted
=> main.ini -- C:\PROGRA~2\TweakBit\DRIVER~1\Data\main.ini -> Deleted
=> Data -- C:\PROGRA~2\TweakBit\DRIVER~1\Data -> Deleted
=> DebugHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\DEBUGH~1.DLL -> Deleted
=> Downloader.exe -- C:\PROGRA~2\TweakBit\DRIVER~1\DOWNLO~1.EXE -> Deleted
=> DPInst64.exe -- C:\PROGRA~2\TweakBit\DRIVER~1\DPInst64.exe -> Deleted
=> DriverHiveEngine.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\DRIVER~2.DLL -> Deleted
=> DriverUpdater.exe -- C:\PROGRA~2\TweakBit\DRIVER~1\DRIVER~1.EXE -> Deleted
=> DriverUpdater.url -- C:\PROGRA~2\TweakBit\DRIVER~1\DRIVER~1.URL -> Deleted
=> DriverUpdaterHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\DRIVER~1.DLL -> Deleted
=> EULA.rtf -- C:\PROGRA~2\TweakBit\DRIVER~1\EULA.rtf -> Deleted
=> GoogleAnalyticsHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\GOOGLE~1.DLL -> Deleted
=> deu.lng -- C:\PROGRA~2\TweakBit\DRIVER~1\Lang\deu.lng -> Deleted
=> enu.lng -- C:\PROGRA~2\TweakBit\DRIVER~1\Lang\enu.lng -> Deleted
=> esp.lng -- C:\PROGRA~2\TweakBit\DRIVER~1\Lang\esp.lng -> Deleted
=> fra.lng -- C:\PROGRA~2\TweakBit\DRIVER~1\Lang\fra.lng -> Deleted
=> ita.lng -- C:\PROGRA~2\TweakBit\DRIVER~1\Lang\ita.lng -> Deleted
=> jpn.lng -- C:\PROGRA~2\TweakBit\DRIVER~1\Lang\jpn.lng -> Deleted
=> ptb.lng -- C:\PROGRA~2\TweakBit\DRIVER~1\Lang\ptb.lng -> Deleted
=> Lang -- C:\PROGRA~2\TweakBit\DRIVER~1\Lang -> Deleted
=> Localizer.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\LOCALI~1.DLL -> Deleted
=> RescueCenterForm.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\RESCUE~1.DLL -> Deleted
=> RescueCenterHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\RESCUE~2.DLL -> Deleted
=> rtl250.bpl -- C:\PROGRA~2\TweakBit\DRIVER~1\rtl250.bpl -> Deleted
=> SendDebugLog.exe -- C:\PROGRA~2\TweakBit\DRIVER~1\SENDDE~1.EXE -> Deleted
=> ServiceManagerHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\SERVIC~1.DLL -> Deleted
=> shfolder.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\shfolder.dll -> Deleted
=> sqlite3.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\sqlite3.dll -> Deleted
=> SystemInformationHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\SYSTEM~1.DLL -> Deleted
=> TaskSchedulerHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\TASKSC~1.DLL -> Deleted
=> unins000.dat -- C:\PROGRA~2\TweakBit\DRIVER~1\unins000.dat -> Deleted
=> unins000.exe -- C:\PROGRA~2\TweakBit\DRIVER~1\unins000.exe -> Deleted
=> unins000.msg -- C:\PROGRA~2\TweakBit\DRIVER~1\unins000.msg -> Deleted
=> vcl250.bpl -- C:\PROGRA~2\TweakBit\DRIVER~1\vcl250.bpl -> Deleted
=> vclie250.bpl -- C:\PROGRA~2\TweakBit\DRIVER~1\vclie250.bpl -> Deleted
=> vclimg250.bpl -- C:\PROGRA~2\TweakBit\DRIVER~1\VCLIMG~1.BPL -> Deleted
=> WizardHelper.dll -- C:\PROGRA~2\TweakBit\DRIVER~1\WIZARD~1.DLL -> Deleted
=> Driver Updater -- C:\PROGRA~2\TweakBit\DRIVER~1 -> Deleted

Go ahead with other scans.
 

Vishalbhx

Posts: 27   +0
Hi Broni,

Malwarebytes scan completed, but can't donwload a complete log from the history. Screenshots attached of what I can see.

Please advise :).

Thanks
 

Attachments

  • MALWARE LOG 1.PNG
    MALWARE LOG 1.PNG
    61.1 KB · Views: 10
  • MALWARE LOG 2.PNG
    MALWARE LOG 2.PNG
    40.6 KB · Views: 9

Vishalbhx

Posts: 27   +0
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-11-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\BSD
Deleted HKLM\Software\Wow6432Node\BSD

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3185 octets] - [11/02/2021 18:39:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Posts: 55,718   +501
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Vishalbhx

Posts: 27   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-02-2021 01
Ran by User (administrator) on LAPTOP-PPJ4SOMT (ASUSTeK COMPUTER INC. Strix GL703GS_GL703GS) (12-02-2021 08:17:21)
Running from C:\Users\User\Desktop
Loaded Profiles: User
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\vms\VBoxVmService64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
(ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
(ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe
(ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy\ASUS Battery Health Charging\BhcMgr.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.30.0_x86__qmba6cd70vzyy\AuraListen.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\ACMON.exe
(Discord Inc. -> Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_3cf4f6fdbcf7ab9d\Intel_PIE_Service.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.20.5.39\nsWscSvc.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation -> ) C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe <3>
(Oracle Corporation -> Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.5.39\NortonSecurity.exe <2>
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\User\AppData\Roaming\Zoom\bin\CptHost.exe
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-06-20] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SGDawNodeService] => C:\Windows\SysWOW64\SGDawNodeService.exe [10225152 2018-09-03] (Waves Audio Ltd.) [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2019-01-22] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62625080 2020-06-10] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [373600 2021-01-18] (Express Vpn LLC -> ExpressVPN)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\User\AppData\Local\splice\app-3.6.6481\Splice.exe [83318784 2020-12-07] (Splice) [File not signed]
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [Discord] => C:\Users\User\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [23597424 2021-02-05] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Run: [BakkesMod] => C:\Program Files\BakkesMod\BakkesMod.exe [16070656 2021-01-06] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2019-12-17]
ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\W10_x64\iD.exe (Thesycon Software Solutions GmbH & Co. KG -> Audient)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2019-03-01]
ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2019-03-01]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoundGrid Studio.lnk [2019-03-17]
ShortcutTarget: SoundGrid Studio.lnk -> C:\Program Files (x86)\Waves\SoundGrid Studio\SoundGrid Studio.exe (Waves Inc -> )

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B5662CF-B966-4F43-A482-4A2322026E63} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {0D120AAC-72E2-411F-94CE-E56D30EEECB1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {128F5CAB-BB6C-46BA-80B9-BA522C9DF169} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2162328 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {155A780E-0454-463B-8F89-56D5FEFA9355} - System32\Tasks\GameFirstV => C:\Program Files (x86)\ASUS\GameFirst\\GameFirst_V.exe [719736 2018-06-01] (Apex Titan Technology Corp. -> ASUS)
Task: {179AFE52-E31A-45CD-83F6-52F6265E5416} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe [4719072 2018-06-06] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {21EDBE8E-A55B-40CD-A963-A532D4E9FFB0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2A5F5CB1-7443-40AD-8650-5405807B1121} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [1234432 2018-06-20] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {3025402A-294B-44D8-93A3-B76100A3E06C} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3255AA20-3ED0-43B0-9686-B77A0F38E508} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [157016 2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {3518B1D0-D5E1-415F-A9FF-06CAC559DB42} - System32\Tasks\Norton 360 Premier\Norton 360 Premier Autofix => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe
Task: {393DC355-0401-4251-94B5-283CE4FD75FC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277528 2019-07-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {3A741FC9-A494-46C2-982A-70D60C2FC2A8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {44B40784-8F02-41DF-BADD-23873117DD85} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {4A24D6E7-F0EC-4B91-8779-640C50515EC4} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {52DFA9B8-8472-4A77-AF14-673281691C02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-14] (Google Inc -> Google Inc.)
Task: {60116058-83EE-4D88-A721-F0289D2BB091} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {67078213-06BB-4893-BBF6-F63196424C48} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [File not signed]
Task: {6D09A9DC-9EAD-4109-8FAE-F1A592EBA527} - System32\Tasks\ASUS Promotion => C:\Program Files\ASUS\ASUS Promotion\ASUS Promotion.exe [1049568 2018-10-26] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {6E80F0DC-D484-47A0-AD90-672D3B11AF2F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {7888CA47-7316-464E-8569-674B61098409} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {790C33F4-CC4D-4795-9CD5-92B1BE67ECB3} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {7D21DC3F-3426-43A7-95E6-BB540FEB9183} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {86F8733D-0867-4F0C-B523-C1D18D22C2F4} - System32\Tasks\ASUS Hello => C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe [642448 2018-05-31] (ASUSTeK Computer Inc. -> )
Task: {87BAAF12-4EC1-4842-B12C-56E4444EAEE8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BD8E17EC-B97B-414B-B2BE-D521159A2671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-14] (Google Inc -> Google Inc.)
Task: {BF2AEE78-F12D-42E7-87C8-2EC1A2F8D40E} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2018-06-20] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {C0FAC356-5F44-42DE-A90F-746985E72F22} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-07-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C89A1D3B-5A40-4519-A10D-50DA149303FD} - System32\Tasks\Norton 360 Premier\Norton 360 Premier Error Processor => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe
Task: {D25F15DD-7E2E-4909-AD6B-7294C722E577} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {D3BD67C9-1AFA-4995-A284-3C3ACCD14FA4} - System32\Tasks\Norton 360 Premier\Norton 360 Premier Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe
Task: {DBD793A6-BAAB-45A1-A09B-7A92783976C7} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.5.39\WSCStub.exe [644608 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {DDFCC143-EA1E-412D-B17E-40A1DC385AA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E30BA1AE-27D2-4BC3-BE45-56CD2B5CF723} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E5CBC6F7-41D1-4D3C-A16E-559FC1C7719A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E721D554-7890-4841-B77E-F58008CDF08D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E948229F-9590-4872-B64B-B5313E709796} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E9B3B3C2-9CFB-4D74-A24A-686043480BE9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EA55607C-38EF-4E87-A42D-EF3BFAD553EE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD6A4BBD-1115-46D7-8AC9-A314CE687CC2} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [157016 2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Vishalbhx

Posts: 27   +0
==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1c9bcd8b-0328-44e5-b3b4-06742fa67f1d}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2d8747be-818c-4013-9f6c-b3257b480011}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5fe0346a-60fc-4545-832f-c347e3e52f3c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e1d1f716-2398-4304-9fa9-71c22f0eacb3}: [DhcpNameServer] 10.25.0.1

Edge:
=======
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [not found]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-12]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-12]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-01-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.asus.com/ASUS Update;version=3 -> C:\Program Files (x86)\ASUS\Update\1.3.101.0\npAsusUpdate3.dll [2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FF Plugin-x32: @tools.asus.com/ASUS Update;version=9 -> C:\Program Files (x86)\ASUS\Update\1.3.101.0\npAsusUpdate3.dll [2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-01-22] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-02-12]
CHR Notifications: Default -> hxxps://freemp3downloads.online; hxxps://www.cityam.com; hxxps://www.dailymail.co.uk; hxxps://www.gamesradar.com; hxxps://www.netflix.com; hxxps://www.reddit.com; hxxps://www.sadeempc.com
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-14]
CHR Extension: (Norton Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2021-01-08]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-14]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-03]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2021-01-08]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-14]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-14]
CHR Extension: (Norton Safe Web) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2021-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-16]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.20.5.39\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-649401577-2412752257-3447827928-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.20.5.39\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [hppemobdikemkbmccnjbilolonmpaljl]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-01-22] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [157016 2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [157016 2019-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
S2 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [325456 2018-06-12] (ASUSTek Computer Inc. -> )
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437088 2021-01-18] (Express Vpn LLC -> ExpressVPN)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [1977392 2019-04-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-11] (Malwarebytes Inc -> Malwarebytes)
R2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [18575480 2019-02-15] (Native Instruments GmbH -> Native Instruments GmbH)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.20.5.39\NortonSecurity.exe [344760 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.20.5.39\nsWscSvc.exe [1056096 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686080 2021-01-13] (Adlice -> )
R3 ROGGamingCenterService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe [40416 2018-06-06] (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
R2 VBoxVmService; C:\vms\VBoxVmService64.exe [127488 2017-10-19] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusNumpadKbd; C:\WINDOWS\System32\drivers\AsusDigiFilter.sys [117504 2018-11-14] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 audientusbaudio; C:\WINDOWS\System32\drivers\audientusbaudio.sys [366800 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 audientusbaudioks; C:\WINDOWS\System32\drivers\audientusbaudioks.sys [53456 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\BASHDefs\20210209.003\BHDrvx64.sys [1991536 2020-11-03] (Symantec Corporation -> Broadcom)
R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\ccSetx64.sys [192248 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-01-28] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-05] (Symantec Corporation -> Broadcom)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-11] (Malwarebytes Corporation -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-01-18] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-01-18] (Express VPN International Ltd. -> ExpressVPN)
R0 FlashBoot; C:\WINDOWS\System32\drivers\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC -> Challenger Backup Solutions, LLC)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
R0 hswultpep; C:\WINDOWS\System32\drivers\hswultpep.sys [62968 2013-02-08] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R3 ibtavflt; C:\WINDOWS\System32\drivers\ibtavflt.sys [45808 2015-07-24] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.16.3.21\Definitions\IPSDefs\20210211.061\IDSvia64.sys [1479536 2021-01-18] (Symantec Corporation -> Broadcom)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-11] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-11] (Malwarebytes Inc -> Malwarebytes)
R3 MonitorFunction; C:\WINDOWS\System32\drivers\lockscr.sys [24560 2019-01-21] (Remote Utilities LLC -> )
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R1 netfilter21556; C:\WINDOWS\System32\drivers\netfilter21556.sys [96392 2017-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 SoundGridMIDI; C:\WINDOWS\system32\drivers\SoundGridMidi.sys [44088 2018-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
R3 SoundGridMIDI; C:\Windows\SysWOW64\drivers\SoundGridMidi.sys [22016 2018-09-03] (Waves Audio Ltd.) [File not signed]
R2 SoundGridProtocol; C:\WINDOWS\system32\DRIVERS\SoundGridProtocol.sys [118320 2018-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
R2 SoundGridProtocol; C:\Windows\SysWOW64\DRIVERS\SoundGridProtocol.sys [56832 2018-09-03] (Waves Audio Ltd.) [File not signed]
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SRTSP64.SYS [889704 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SRTSPX64.SYS [50920 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SYMEFASI64.SYS [1964384 2020-07-24] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SymELAM.sys [25080 2020-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-24] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.16.3.21\SymPlatform\SymEvnt.sys [712368 2020-01-17] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\Ironx64.SYS [316488 2020-07-24] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\symnets.sys [575328 2020-07-24] (Symantec Corporation -> Symantec Corporation)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-01-18] (ExprsVPN LLC -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-02-11] (Adlice -> )
S3 VBoxNetAdp; no ImagePath
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\wpCtrlDrv.sys [1013792 2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S1 VBoxNetLwf; \SystemRoot\system32\DRIVERS\VBoxNetLwf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Vishalbhx

Posts: 27   +0
==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-11 23:01 - 2021-02-11 23:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-02-11 22:36 - 2021-02-11 22:36 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-11 22:36 - 2021-02-11 22:36 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-11 22:36 - 2021-02-11 22:36 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-11 22:36 - 2021-02-11 22:36 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-02-11 21:22 - 2021-02-11 21:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-11 21:22 - 2021-02-11 21:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-11 21:22 - 2021-02-11 21:22 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-02-11 21:21 - 2021-02-11 21:21 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-11 19:23 - 2021-02-11 19:23 - 000002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2021-02-11 19:23 - 2021-02-11 19:23 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2021-02-11 18:38 - 2021-02-11 18:38 - 008457584 _____ (Malwarebytes) C:\Users\User\Desktop\adwcleaner_8.0.9.1(2).exe
2021-02-11 18:35 - 2021-02-11 18:44 - 000000000 ____D C:\AdwCleaner
2021-02-11 18:14 - 2021-02-11 18:16 - 000000721 _____ C:\Users\User\Desktop\Malware log.txt
2021-02-11 17:58 - 2021-02-11 17:58 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-11 17:58 - 2021-02-11 17:58 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-11 17:58 - 2021-02-11 17:58 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-11 17:58 - 2021-02-11 17:58 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-11 17:58 - 2021-02-11 17:58 - 000001995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-11 17:58 - 2021-02-11 17:58 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2021-02-11 17:58 - 2021-02-11 17:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-11 17:57 - 2021-02-11 17:57 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-11 16:27 - 2021-02-11 16:27 - 000007354 _____ C:\Users\User\Desktop\Moneycorp Remote Desktop.rdp
2021-02-11 12:50 - 2021-02-11 12:56 - 000000000 ____D C:\ProgramData\RogueKiller
2021-02-11 12:50 - 2021-02-11 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-02-11 12:50 - 2021-02-11 12:50 - 000000000 ____D C:\Program Files\RogueKiller
2021-02-11 11:24 - 2021-02-11 11:25 - 000070242 _____ C:\Users\User\Desktop\Addition.txt
2021-02-11 11:23 - 2021-02-12 08:17 - 000038224 _____ C:\Users\User\Desktop\FRST.txt
2021-02-11 11:10 - 2021-02-12 08:17 - 000000000 ____D C:\FRST
2021-02-11 11:10 - 2021-02-11 11:10 - 002297344 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-02-11 10:54 - 2021-02-11 11:01 - 000000000 ____D C:\Users\User\AppData\Local\NPE
2021-02-09 21:38 - 2021-02-09 21:38 - 010641356 _____ C:\WINDOWS\Minidump\020921-8515-01.dmp
2021-02-08 20:10 - 2021-02-08 20:10 - 000000000 ____D C:\Users\User\AppData\Roaming\sys00_1_1
2021-02-08 19:51 - 2021-02-08 19:51 - 000000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2021-02-08 19:45 - 2021-02-11 18:44 - 000000000 ____D C:\Users\User\AppData\Roaming\sys00_1
2021-02-08 19:45 - 2021-02-08 20:10 - 000000000 __SHD C:\vms
2021-02-08 19:45 - 2021-02-08 19:45 - 000000000 __SHD C:\Program Files\Oracle
2021-02-08 19:45 - 2021-02-08 19:45 - 000000000 ____D C:\Program Files\Common Files\Audio
2021-02-08 19:45 - 2018-08-14 06:58 - 000984376 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2021-02-05 13:47 - 2021-02-05 13:47 - 005837572 _____ C:\WINDOWS\Minidump\020521-13234-01.dmp
2021-01-24 22:17 - 2021-02-02 08:34 - 000000000 ____D C:\Users\User\Desktop\MODS
2021-01-24 01:56 - 2021-01-24 01:59 - 000000000 ____D C:\Users\User\Desktop\plugins
2021-01-24 01:53 - 2021-01-24 01:53 - 000000000 ____D C:\Users\User\AppData\Roaming\bakkesmod
2021-01-24 01:52 - 2021-01-24 01:52 - 000000839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk
2021-01-24 01:52 - 2021-01-24 01:52 - 000000000 ____D C:\Program Files\BakkesMod
2021-01-22 14:21 - 2021-01-22 14:21 - 010608908 _____ C:\WINDOWS\Minidump\012221-13625-01.dmp
2021-01-18 11:26 - 2021-01-18 11:26 - 000052904 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2021-01-18 11:26 - 2021-01-18 11:26 - 000046824 _____ (ExpressVPN) C:\WINDOWS\system32\Drivers\expressvpn-wintun.sys
2021-01-13 18:27 - 2021-01-13 18:27 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 18:27 - 2021-01-13 18:27 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 18:27 - 2021-01-13 18:27 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 18:27 - 2021-01-13 18:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 18:27 - 2021-01-13 18:27 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 18:27 - 2021-01-13 18:27 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 18:27 - 2021-01-13 18:27 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 18:27 - 2021-01-13 18:27 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 18:27 - 2021-01-13 18:27 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 18:27 - 2021-01-13 18:27 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 18:27 - 2021-01-13 18:27 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 18:27 - 2021-01-13 18:27 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 18:27 - 2021-01-13 18:27 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 18:27 - 2021-01-13 18:27 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 18:26 - 2021-01-13 18:26 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 18:26 - 2021-01-13 18:26 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 18:26 - 2021-01-13 18:26 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 18:26 - 2021-01-13 18:26 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 18:26 - 2021-01-13 18:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 18:26 - 2021-01-13 18:26 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 18:26 - 2021-01-13 18:26 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-12 08:14 - 2020-06-10 20:19 - 000000000 ____D C:\Users\User\AppData\Roaming\discord
2021-02-12 08:14 - 2018-11-29 01:57 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-12 08:13 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-12 08:13 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-12 08:12 - 2019-09-29 22:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-12 08:12 - 2019-02-09 04:38 - 000000000 ___RD C:\Users\User\3D Objects
2021-02-12 07:38 - 2020-08-06 21:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2021-02-11 22:42 - 2019-09-29 23:05 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-11 22:36 - 2019-09-29 22:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-11 22:36 - 2019-09-29 22:56 - 004914584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-11 22:36 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Registration
2021-02-11 22:36 - 2019-03-19 04:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-11 22:35 - 2019-03-19 11:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-11 22:35 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-11 21:23 - 2019-03-19 11:37 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-11 21:23 - 2019-03-19 11:37 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-11 21:23 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-11 19:24 - 2019-02-15 18:45 - 000000000 ____D C:\Users\User\AppData\Local\ExpressVPN
2021-02-11 19:23 - 2018-11-29 01:52 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-11 18:47 - 2019-03-22 16:08 - 000000000 ____D C:\Users\User\AppData\Local\Spotify
2021-02-11 18:47 - 2019-03-22 16:01 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify
2021-02-11 18:46 - 2019-02-14 22:21 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-02-11 18:28 - 2019-02-19 02:16 - 000000000 ____D C:\Program Files\Common Files\vst3
2021-02-11 17:58 - 2019-03-19 04:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-11 16:27 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-02-11 14:35 - 2019-02-09 04:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-11 14:33 - 2019-02-09 04:45 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-11 10:57 - 2019-02-14 22:26 - 000000000 ____D C:\ProgramData\Norton
2021-02-11 08:25 - 2019-02-18 01:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-02-11 08:16 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-11 08:15 - 2018-04-11 23:38 - 000000139 _____ C:\WINDOWS\win.ini
2021-02-11 08:13 - 2020-06-25 00:03 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 08:13 - 2020-06-25 00:03 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-09 21:39 - 2019-10-17 13:23 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-09 21:37 - 2019-12-07 04:01 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2021-02-09 18:39 - 2019-12-07 04:02 - 000000000 ____D C:\Users\User\AppData\Local\BitTorrentHelper
2021-02-09 08:14 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-09 08:14 - 2019-02-14 15:38 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 20:33 - 2019-02-19 03:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Celemony Software GmbH
2021-02-08 20:23 - 2019-02-19 04:32 - 000000000 ____D C:\ProgramData\ValhallaVintageVerbPreferences
2021-02-08 20:23 - 2019-02-19 04:32 - 000000000 ____D C:\ProgramData\ValhallaVintageVerb
2021-02-08 20:23 - 2019-02-19 04:27 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2021-02-08 20:23 - 2019-02-19 04:27 - 000000000 ____D C:\ProgramData\ValhallaRoom
2021-02-08 20:23 - 2019-02-19 03:19 - 000000000 ____D C:\Users\User\AppData\Roaming\Scaler
2021-02-08 20:21 - 2019-03-01 04:20 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-02-08 20:12 - 2020-06-28 04:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2021-02-08 19:46 - 2019-03-19 04:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-02-08 18:25 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-02-08 17:43 - 2019-02-09 04:38 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-02-08 08:12 - 2019-09-29 22:59 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-649401577-2412752257-3447827928-1001
2021-02-08 08:12 - 2019-09-29 22:58 - 000002362 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-08 08:12 - 2019-02-09 04:40 - 000000000 ___RD C:\Users\User\OneDrive
2021-02-07 20:24 - 2020-06-25 00:03 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-05 02:52 - 2019-09-29 22:59 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 02:52 - 2019-09-29 22:59 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-31 21:53 - 2020-10-16 21:16 - 000000000 ____D C:\Program Files (x86)\Steam
2021-01-31 16:47 - 2019-03-03 01:32 - 000000000 ____D C:\Users\User\AppData\Local\SpliceSettings
2021-01-24 01:48 - 2019-02-15 20:12 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2021-01-24 01:34 - 2019-02-22 03:48 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-22 14:21 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-14 01:13 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-14 01:11 - 2019-03-19 11:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-14 01:11 - 2019-03-19 11:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-14 01:11 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 18:26 - 2019-09-29 23:01 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2019-02-19 02:16 - 2019-02-19 02:16 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2019-02-19 02:16 - 2019-02-19 02:16 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-02-19 02:18 - 2019-02-19 02:18 - 000000000 _____ () C:\Users\User\AppData\Local\oobelibMkey.log
2020-02-05 18:41 - 2020-02-05 18:42 - 000000000 _____ () C:\Users\User\AppData\Local\{6A8CEADD-12A7-4AC6-BBEB-7DD70E0E6907}
2019-04-03 00:51 - 2019-04-03 00:51 - 000000000 _____ () C:\Users\User\AppData\Local\{7DE6E57D-9580-44F9-BA9E-CA7E9594CD30}
2019-12-17 02:15 - 2019-12-17 02:16 - 000000000 _____ () C:\Users\User\AppData\Local\{E1FCD8FD-0F40-460C-A501-619AA49C7506}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Vishalbhx

Posts: 27   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by User (12-02-2021 08:19:11)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2019-09-29 23:03:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-649401577-2412752257-3447827928-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-649401577-2412752257-3447827928-503 - Limited - Disabled)
Guest (S-1-5-21-649401577-2412752257-3447827928-501 - Limited - Disabled)
User (S-1-5-21-649401577-2412752257-3447827928-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-649401577-2412752257-3447827928-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.0.421 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2019 (HKLM-x32\...\AME_13_0_2) (Version: 13.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
Adobe premier (HKLM\...\{A33A5D8E-C860-48A7-B8DF-11B354570F70}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Arcade (HKLM\...\{326CB604-6000-40FC-AA77-AEAACB0D0EB4}) (Version: 1.2.1584 - Output, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.2.9.1 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{02e30ab3-e6e3-42f5-bf7c-7e9b7b316e31}) (Version: 2.2.9.1 - ASUSTek COMPUTER INC.) Hidden
Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.21 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{c58f0770-46aa-4b41-a148-b9b73a1451f7}) (Version: 1.1.21 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.2.1 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{fe55c1b5-bc05-4822-873e-412743572d3e}) (Version: 1.2.1 - ASUSTek COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.38 - ASUSTek COMPUTER INC.) Hidden
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.5.0 - ASUSTeK COMPUTER INC.)
Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.2.3.0 - ASUSTeK COMPUTER INC.)
ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.)
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.33 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{43baebef-1237-4e88-be25-d3834308a0c6}) (Version: 1.0.33 - ASUSTek COMPUTER INC.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.29 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{f651776f-58aa-42a2-ab37-593fb3d78ef2}) (Version: 1.0.29 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.29 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{e3f99131-d5d0-4805-96a7-7e126e8295dd}) (Version: 1.0.29 - ASUSTek COMPUTER INC.) Hidden
Asus NahimicSettingsConfigurator (HKLM\...\{B4994529-E096-4D1E-8F2A-159AA1641841}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.4201 - ASUSTeK COMPUTER INC) Hidden
Asus ProfileSwitcherCleanup (HKLM\...\{CD2BB5C3-6AFC-473C-8348-C79893C08473}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC) Hidden
ASUS Promotion (HKLM\...\{10FE8E2F-7BDD-4430-8D63-3D3BA3F708D9}) (Version: 1.0.3 - ASUSTeK COMPUTER INC.)
Asus Sonic Radar 3 (HKLM-x32\...\{7cab61c4-45aa-4016-9c38-b868b93b8f60}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{a34044ff-d5de-4779-9854-251dce726ae2}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC)
Asus SonicMapperConfigurator (HKLM\...\{0A462643-2991-4DD5-8ED0-EE421AF14F54}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC) Hidden
Asus SonicRadar3Setup (HKLM\...\{E0C665CB-1BC0-4DFA-9CA3-707D0B3B1D32}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{8EAEB7E8-9699-4C45-ACEB-CF64455F0C26}) (Version: 3.6.42.51937 - ASUSTeK COMPUTER INC) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - ASUSTeK Computer Inc.) Hidden
Audient USB Audio Driver v4.0.3 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 4.0.3 - Audient)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.03.38 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{6c213c67-ce1f-4e63-b202-4c101b6f1f64}) (Version: 3.03.38 - ASUSTeK Computer Inc.)
BakkesMod version 3.0 (HKLM\...\{BF029534-4334-4CFC-B771-50B7EE54346F}_is1) (Version: 3.0 - BakkesMod)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Black Box Analog Design HG-2 (HKLM\...\HG-2_is1) (Version: 1.3.0 - Black Box Analog Design)
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version: - Bome Software GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Celemony Melodyne Studio 4 (HKLM\...\Melodyne Studio 4_is1) (Version: 4.1.1.011 - Celemony)
ColourCopy (HKLM\...\u-he ColourCopy_is1) (Version: 1.0.0.7675 - Team V.R)
Discord (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.91 - NVIDIA Corporation) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ExpressVPN (HKLM-x32\...\{57e033a5-c75e-4823-83af-c1b6b3b759ab}) (Version: 10.0.9.2 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876CD0833}) (Version: 10.0.9.2 - ExpressVPN) Hidden
EZkeys Complete Bundle 1.2.4 (HKLM\...\Toontrack EZkeys Complete-r4e_is1) (Version: 1.2.4 - Toontrack Music AB)
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2018.02.22 - FabFilter)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GameFirst V (HKLM-x32\...\{8A6E0CD9-CECD-4760-869D-AC7813014B22}) (Version: 5.0.12.2 - ASUSTeK COMPUTER INC.) Hidden
GameFirst V (HKLM-x32\...\GameFirst V 5.0.12.2) (Version: 5.0.12.2 - ASUSTeK COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Heatup3 (HKLM-x32\...\{InitialAudio-Heatup3}) (Version: 3.0.3 - Initial Audio)
IGdm 2.6.5 (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\1ead4f81-c61a-5fa6-9e81-7a8c0c868952) (Version: 2.6.5 - ifedapo olarewaju)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
iLok Installer x64 (HKLM\...\{C426AFAB-3596-465a-B8C5-5EA2DB6B9F7A}) (Version: 5.0.1.2449 - PACE Anti-Piracy, Inc.)
InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{EDD93990-EFCC-44E9-A7E5-BBE90FEC52FA}) (Version: 18.0.156 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AF8A5E6C-7485-47FB-9FE4-CF3B43FDB178}) (Version: 18.0.156 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.1.1018 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{f2c35b53-83a0-46a9-aba5-5a273e4de44c}) (Version: 20.60.2 - Intel Corporation)
iTunes (HKLM\...\{ABCE8B41-D52C-4304-A5B9-2445AA8B4D4B}) (Version: 12.9.6.3 - Apple Inc.)
iZotope Meter Tap 3 (HKLM\...\Meter Tap 3_is1) (Version: 1.0.1 - iZotope)
iZotope RX 7 Post Production Suite (HKLM\...\RX 7 Post Production Suite_is1) (Version: 3.02 - iZotope & Team V.R)
iZotope Tonal Balance Control (HKLM\...\Tonal Balance Control_is1) (Version: 1.0.1 - iZotope)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Kazrog KClip3 (HKLM\...\KClip3_is1) (Version: 3.1.0 - Kazrog)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lexicon MPX Native Reverb (HKLM\...\MPX Native Reverb_is1) (Version: 1.0.6 - Lexicon)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27027 (HKLM-x32\...\{fd9b6070-d13e-45dc-819b-41806bf45b6b}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.3.4.436 - Native Instruments)
Native Instruments Expansions Selection (HKLM-x32\...\Native Instruments Expansions Selection) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments)
Native Instruments Hybrid Keys (HKLM-x32\...\Native Instruments Hybrid Keys) (Version: 1.0.0.13 - Native Instruments)
Native Instruments India (HKLM-x32\...\Native Instruments India) (Version: 1.0.0.31 - Native Instruments)
Native Instruments Kinetic Treats (HKLM-x32\...\Native Instruments Kinetic Treats) (Version: 1.1.0.3 - Native Instruments)
Native Instruments Komplete Kontrol (HKLM-x32\...\Native Instruments Komplete Kontrol) (Version: 2.1.0.4 - Native Instruments)
Native Instruments Komplete Kontrol Driver (HKLM-x32\...\Native Instruments Komplete Kontrol Driver) (Version: - Native Instruments)
Native Instruments Komplete Kontrol MK2 Driver (HKLM-x32\...\Native Instruments Komplete Kontrol MK2 Driver) (Version: - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.2.1 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.5.22 - Native Instruments)
Native Instruments Mikro Prism (HKLM-x32\...\Native Instruments Mikro Prism) (Version: 1.1.0.14 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.9.1.103 - Native Instruments)
Native Instruments NIHostIntegrationAgent (HKLM-x32\...\Native Instruments NIHostIntegrationAgent) (Version: 1.8.5.128 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 0.1.2.30 - Native Instruments)
Native Instruments Play Series Selection (HKLM-x32\...\Native Instruments Play Series Selection) (Version: 1.0.0.6 - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.2.2.5 - Native Instruments)
Native Instruments Reaktor Factory Selection R2 (HKLM-x32\...\Native Instruments Reaktor Factory Selection R2) (Version: 1.0.1.7 - Native Instruments)
Native Instruments Rise and Hit (HKLM-x32\...\Native Instruments Rise and Hit) (Version: 1.0.0.8 - Native Instruments)
Native Instruments Scarbee Rickenbacker Bass (HKLM-x32\...\Native Instruments Scarbee Rickenbacker Bass) (Version: - Native Instruments)
Native Instruments Session Guitarist - Strummed Acoustic 2 (HKLM-x32\...\Native Instruments Session Guitarist - Strummed Acoustic 2) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.3.1.45 - Native Instruments)
Native Instruments TRK-01 Bass (HKLM-x32\...\Native Instruments TRK-01 Bass) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Una Corda (HKLM-x32\...\Native Instruments Una Corda) (Version: 1.0.0.13 - Native Instruments)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.20.5.39 - Symantec Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Output Movement (HKLM-x32\...\Output Movement) (Version: 1.0.3 - Output)
OVO RNB 2 Win 64bit installer % (HKLM-x32\...\OVO RNB 2 Win 64bit installer %) (Version: 1.00 - StudioLinked)
Ozone 8 Advanced (HKLM-x32\...\Ozone 8) (Version: 8.01 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{D96A09AC-FE52-4624-864D-7A7FE9254178}) (Version: 5.0.2.2530 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{D96A09AC-FE52-4624-864D-7A7FE9254178}) (Version: 5.0.2.2530 - PACE Anti-Piracy, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8761.1 - Realtek Semiconductor Corp.)
ReCycle 2.2.4 (HKLM\...\ReCycle2.2_64_is1) (Version: 2.2.4 - Propellerhead Software AB)
Reveal Sound Spire (HKLM\...\Spire_is1) (Version: 1.1.14 - Reveal Sound)
ROG Gaming Center (HKLM\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.5.9 - ASUSTeK COMPUTER INC.)
RogueKiller version 14.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.4.0 - Adlice Software)
Scaler (HKLM\...\Scaler_is1) (Version: 1.5.0 - Plugin Boutique)
SlowMo (HKLM-x32\...\{SlowMo-InitialAudio}) (Version: 1.0 - Initial Audio)
SONiVOX EightyEight 2 (HKLM-x32\...\SONiVOX EightyEight 2_is1) (Version: - )
Splice (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\splice) (Version: 3.6.6481 - Distributed Creation, Inc.)
Spotify (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\Spotify) (Version: 1.1.51.380.ga06fdc8d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sylenth1 version 2.2.1.X (HKLM-x32\...\{3A739C30-3D3D-4B91-B82E-15874763FD86}_is1) (Version: 2.2.1.X - Lennar Digital)
TBProAudio bundle 2019.3 (HKLM\...\TBProAudio bundle_is1) (Version: 2019.3 - TB-Software GbR & Team V.R)
TheGoat VST (HKLM\...\TheGoat VST1.0) (Version: 1.0 - INFINT ESSENTIALS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Valhalla DSP Valhalla Room (HKLM\...\Valhalla Room_is1) (Version: 1.5.1 - Valhalla DSP)
Valhalla DSP Valhalla VintageVerb (HKLM\...\Valhalla VintageVerb_is1) (Version: 1.7.1 - Valhalla DSP)
Voxengo bundle 2018.12 (HKLM\...\Voxengo bundle_is1) (Version: 2018.12 - Voxengo)
Voxengo SPAN Plus (HKLM\...\Voxengo SPAN Plus_is1) (Version: 1.5 - Voxengo)
Waves Central 10.0.1.3 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 10.0.1 - Waves, Inc.)
Waves Complete (HKLM\...\Complete_is1) (Version: 2018.04.22 - Waves)
Waves SoundGrid Drivers 10.0.10.47 (HKLM\...\Waves SoundGrid Drivers_is1) (Version: - Waves Audio Ltd.)
WhatsApp (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\WhatsApp) (Version: 2.2039.9 - WhatsApp)
Windows Driver Package - AMD (amdkmpfd) System (03/05/2019 19.20.0.0000) (HKLM\...\C69BF33BF7029AD093B4E0466E880E41AD727716) (Version: 03/05/2019 19.20.0.0000 - AMD)
Windows Driver Package - ASUSTek COMPUTER INC. (AsusNumpadKbd) Keyboard (11/13/2018 12.1.0.19) (HKLM\...\22D40EAFADA265B5C1CB2D6986DE6931BF088099) (Version: 11/13/2018 12.1.0.19 - ASUSTek COMPUTER INC.)
Windows Driver Package - ASUSTek Computer Inc. (ATKWMIACPIIO) System (12/24/2018 2.0.7.0) (HKLM\...\73B79501BCF60C0E7F88FF1E04378FCFF9225A1E) (Version: 12/24/2018 2.0.7.0 - ASUSTek Computer Inc.)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (03/18/2019 15.21.1.11) (HKLM\...\6E60FF86A7B57D3FBC6540A44C25FB1870EB3F46) (Version: 03/18/2019 15.21.1.11 - ELAN SMBus)
Windows Driver Package - Intel (esif_lf) System (08/21/2018 8.3.10209.6897) (HKLM\...\066E132E04DC1F3D3FFA3490155A30B6DE393748) (Version: 08/21/2018 8.3.10209.6897 - Intel)
Windows Driver Package - Intel (ICCWDT) System (02/04/2019 11.7.0.1000) (HKLM\...\C153FB7B44739886998300A4B179B6C13776F4F2) (Version: 02/04/2019 11.7.0.1000 - Intel)
Windows Driver Package - Intel (MEIx64) System (01/21/2019 1904.12.0.1208) (HKLM\...\75F3A57E778AA2F4C6A8D53D318BFFA09450A6B4) (Version: 01/21/2019 1904.12.0.1208 - Intel)
Windows Driver Package - Intel Corp (hswultpep) System (01/30/2013 1.0.5.591) (HKLM\...\9D406FEE18ADC9C102B04926FB415C1F530F5C77) (Version: 01/30/2013 1.0.5.591 - Intel Corp)
Windows Driver Package - Intel Corporation (btmaux) BluetoothAuxiliary (01/09/2019 20.90.4.1) (HKLM\...\0436E70310ADEEAD0F8DAD30030837428104DAA1) (Version: 01/09/2019 20.90.4.1 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaLPSS2_GPIO2) System (01/11/2019 30.100.1902.3) (HKLM\...\6FBA4AE08DCAF9F299284A0BA65453761DDC9A59) (Version: 01/11/2019 30.100.1902.3 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaLPSS2_I2C) System (01/11/2019 30.100.1902.3) (HKLM\...\637A5BE794156C8C2FD6F35181CC18BFA557AEB4) (Version: 01/11/2019 30.100.1902.3 - Intel Corporation)
Windows Driver Package - Intel Corporation (ibtavflt) HIDClass (07/23/2015 17.1.1530.0031) (HKLM\...\83FFBF6F9A01455D326599BC412BF444B93BB894) (Version: 07/23/2015 17.1.1530.0031 - Intel Corporation)
Windows Driver Package - Intel Corporation (ibtusb) Bluetooth (02/28/2019 21.00.0.4) (HKLM\...\FC183A0BEF03DA50CAD8032DA7CCA3FA6E4243AD) (Version: 02/28/2019 21.00.0.4 - Intel Corporation)
Windows Driver Package - INTEL System (01/02/2018 10.1.1.45) (HKLM\...\0A1AAFDD057C86944F6AE0858866D780E5EB4C66) (Version: 01/02/2018 10.1.1.45 - INTEL)
Windows Driver Package - INTEL System (07/18/1968 10.1.14.7) (HKLM\...\6264D83E2F0E318EAEF2BEF3557D62683E393010) (Version: 07/18/1968 10.1.14.7 - INTEL)
Windows Driver Package - INTEL System (07/18/1968 10.1.16.6) (HKLM\...\A28A9B8ADBCFBDB702FBB7C6A60AE08BBB661A13) (Version: 07/18/1968 10.1.16.6 - INTEL)
Windows Driver Package - INTEL System (09/30/2016 10.1.1.36) (HKLM\...\11287438B689752F2FE31A68278352622407C3EC) (Version: 09/30/2016 10.1.1.36 - INTEL)
Windows Driver Package - INTEL System (12/18/2018 10.1.7.3) (HKLM\...\26E945A1C55F00B23A0C73684BD1EAD40DB5139F) (Version: 12/18/2018 10.1.7.3 - INTEL)
Windows Driver Package - INTEL System (12/18/2018 10.1.7.3) (HKLM\...\68188A4FC8167DCDBEBAFBC7B87F24857E7B6830) (Version: 12/18/2018 10.1.7.3 - INTEL)
Windows Driver Package - INTEL System (12/18/2018 10.1.7.3) (HKLM\...\C7BD4B4032715DFC9CB24BA0F88B5EA8A3C605D9) (Version: 12/18/2018 10.1.7.3 - INTEL)
Windows Driver Package - NEC Personal Computers, Ltd. (necbatt) Battery (05/09/2018 1.0.0.6) (HKLM\...\0958F21D5DB378418B496CAAD4C41065587DE322) (Version: 05/09/2018 1.0.0.6 - NEC Personal Computers, Ltd.)
Windows Driver Package - Qualcomm Atheros Communications (AthBTPort) BluetoothVirtual (06/22/2016 4.0.0.688) (HKLM\...\01069D6802A68D1F83307E6BCAE2264CE16C91D4) (Version: 06/22/2016 4.0.0.688 - Qualcomm Atheros Communications)
Windows Driver Package - Realtek (rt640x64) Net (12/06/2018 10.032.1206.2018) (HKLM\...\2EED619D04E612310FFD11C95F9B85C9C0F915D7) (Version: 12/06/2018 10.032.1206.2018 - Realtek)
Windows Driver Package - Realtek Camera (01/30/2019 10.0.17763.20086) (HKLM\...\A061BC66246A0EF1191AB798139E9CC19F597F37) (Version: 01/30/2019 10.0.17763.20086 - Realtek)
Windows Driver Package - Remote Utilities LLC (MonitorFunction) Monitor (01/21/2019 16.10.46.576) (HKLM\...\D1A359D7AACFA04424BDDA9BA49C81EB248799E3) (Version: 01/21/2019 16.10.46.576 - Remote Utilities LLC)
Windows Driver Package - Surface SCSIAdapter (03/29/2017 11.0.4.0) (HKLM\...\5D4CA996C8FDDD9A096AE02463686686BA91E275) (Version: 03/29/2017 11.0.4.0 - Surface)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.10.0 - ASUSTeK COMPUTER INC.)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Wondershare Fotophire Slideshow Maker(Build 1.0.3) (HKLM-x32\...\Wondershare Fotophire Slideshow Maker_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Xpand!2 (HKLM-x32\...\{dadbcc76-2a7e-4f53-a77a-3868c51bdd80}) (Version: 2.2.7.19000 - AIR Music Tech GmbH)
Xpand!2 Content (HKLM-x32\...\{AEB475C2-FC86-4082-87D7-352DFB075B2C}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 Factory Content (HKLM-x32\...\{C1149DC5-F5B9-455E-B6B3-B81D9B5C80A0}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 VST32 (HKLM-x32\...\{87716891-1EC0-46CC-8821-5A4DC75EEFD7}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
Xpand!2 VST64 (HKLM\...\{B9802F00-659C-4C21-9BA5-0958BAC6EFEF}) (Version: 2.2.7.19000 - AIR Music Tech GmbH) Hidden
XSplit Gamecaster (HKLM-x32\...\{9A128943-F2EC-4E84-8088-65A9975537BD}) (Version: 3.3.1805.0401 - SplitmediaLabs)
Youlean Loudness Meter 2 (HKLM\...\Loudness Meter 2_is1) (Version: 2.1.1 - Youlean)
Zoom (HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)
 

Vishalbhx

Posts: 27   +0
Packages:
=========
ASUS Battery Health Charging -> C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy [2018-11-29] (ASUSTeK COMPUTER INC.) [Startup Task]
ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-18] (ASUSTeK COMPUTER INC.) [Startup Task]
ASUS Product Registration Program -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgram_3.0.3.0_x86__qmba6cd70vzyy [2019-02-14] (ASUSTeK COMPUTER INC.) [Startup Task]
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.10.0_x86__q7m17pa7q8kj0 [2021-02-09] (Deezer SA)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-19] (Dolby Laboratories)
eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2018-11-29] (ASUSTeK COMPUTER INC.)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-02-09] (Fitbit)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-02-14] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.54.0_x64__wafk5atnkzcwy [2020-12-03] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-28] (Microsoft Studios) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-23] (MAGIX)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-11-29] (ASUSTeK COMPUTER INC.) [Startup Task]
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.1.0_neutral__v68kp9n051hdp [2021-01-16] (NortonLifeLock Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-09] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.25.1.0_x64__nfy108tqq3p12 [2021-02-09] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-02-09] (Plex)
ROG Aura Core -> C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.30.0_x86__qmba6cd70vzyy [2019-02-14] (ASUSTeK COMPUTER INC.) [Startup Task]
ROG GameVisual -> C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy [2019-12-12] (ASUSTeK COMPUTER INC.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-649401577-2412752257-3447827928-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\User\Creative Cloud Files [2019-03-02 20:28]
CustomCLSID: HKU\S-1-5-21-649401577-2412752257-3447827928-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-02-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-03-23 22:34 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-03-23 22:34 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2019-03-26 09:51 - 2019-03-26 09:51 - 000053248 _____ () [File not signed] C:\Program Files (x86)\LightingService\cpuutil.dll
2019-03-26 09:51 - 2019-03-26 09:51 - 000018432 _____ () [File not signed] C:\Program Files (x86)\LightingService\Log4cxxWrapper.dll
2018-06-20 22:55 - 2018-06-20 22:55 - 000367616 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\NSConfiguratorDaemonModule.dll
2018-06-20 23:08 - 2018-06-20 23:08 - 000230912 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\ProfileSwitcherDaemonModule.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000190976 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\CCTAdjust.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000038400 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\DetectDisplayDC.dll
2018-11-29 02:29 - 2018-11-29 02:29 - 000038912 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\VideoEnhance.dll
2019-03-26 09:51 - 2019-03-26 09:51 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000462848 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\ColorU.dll
2019-02-15 22:43 - 2018-12-30 07:00 - 000077824 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-03-15 13:36 - 2019-03-15 13:36 - 000418304 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll
2019-03-15 14:05 - 2019-03-15 14:05 - 000350208 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Mouse\AacMouseHal_x86.dll
2019-02-14 22:26 - 2019-02-14 22:26 - 000019456 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.30.0_x86__qmba6cd70vzyy\Hook.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000452608 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\ColorUGameDLL.dll
2019-04-16 14:22 - 2019-04-17 14:01 - 000029696 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.2.1.0_x64__qmba6cd70vzyy\GLCDdll.dll
2020-03-23 22:34 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-649401577-2412752257-3447827928-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-649401577-2412752257-3447827928-1001 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f26d6a24a791ed6f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-649401577-2412752257-3447827928-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-649401577-2412752257-3447827928-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-f26d6a24a791ed6f&q={searchTerms}
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.20.5.39\coIEPlg.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.20.5.39\coIEPlg.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.20.5.39\coIEPlg.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.20.5.39\coIEPlg.dll [2020-07-24] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\sharepoint.com -> hxxps://brunelalumni-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 23:38 - 2019-02-19 02:17 - 000000920 ____N C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.r2rdownload.net
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%INTEL_DEV_REDIST%redist\ia32_win\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\Control Panel\Desktop\\Wallpaper -> D:\User\Pictures\Bhxlu\Promo Art\4k Bhxlu Wallpaper.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Local Area Connection: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Bluetooth Network Connection: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
WiFi: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Ethernet: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "iD Autostart.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SoundGrid Studio.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SGDawNodeService"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "ExpressVpnNotificationService"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "ExpressVPN4"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "com.squirrel.splice.Splice"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "BakkesMod"
HKU\S-1-5-21-649401577-2412752257-3447827928-1001\...\StartupApproved\Run: => "Spotify"