Solved Can someone help me to figure out if my computer is infected

waqardarockstar

Posts: 18   +0
Hi,

I have attached the files from FRST with this post can someone please guide me how I can use this tool to clean up my computer, thanks.

Regards
 

Attachments

  • Addition.txt
    98.4 KB · Views: 99
  • FRST.txt
    51.2 KB · Views: 99
Please observe forum rules. All logs have to be pasted not attached.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi sorry I didn't know about that I will attach them in a post now

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2021
Ran by Waqar (administrator) on DESKTOP-AIMSR73 (06-08-2021 19:28:10)
Running from C:\Users\Waqar\Downloads
Loaded Profiles: Waqar
Platform: Windows 10 Education Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicSvc64.exe <2>
(A-Volute -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe <2>
(A-Volute SAS -> A-Volute) C:\Users\Waqar\AppData\Local\NhNotifSys\sonicstudio\asusns.exe
(Chaos Software Ltd. -> ) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
(DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(EVGA Corp. -> EVGA Co., Ltd.) C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <21>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.28001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.28001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> ) C:\Windows\System32\OpenSSH\sshd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Spectrum.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WebManagement.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe <2>
(NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tobii AB -> ) C:\Program Files (x86)\Tobii\Tobii VRU02 Runtime\platform_runtime_VR4U2P2_service.exe
(TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe
(Travis Nickles -> DS4Windows) C:\Users\Waqar\Downloads\DS4Windows\DS4Windows.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <4>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [961824 2019-07-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [RamCache III ] => C:\Program Files (x86)\RamCache III\RamCache.exe [5416728 2020-11-24] (FNet Co., Ltd. -> FNet Co., Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\Waqar\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33264096 2021-08-04] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [Spotify] => C:\Users\Waqar\AppData\Roaming\Spotify\Spotify.exe [24276096 2021-08-04] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [Magnet.bootstrap_Vive] => "C:\Program Files (x86)\VIVE\PCClient\Vive.exe" --silent
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65096 2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [38824 2021-03-21] (PlotSoft LLC -> Windows (R) Codename Longhorn DDK provider)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\93.0.961.11\Installer\setup.exe [2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-05] (Google LLC -> Google LLC)
Startup: C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-06-12]
ShortcutTarget: DS4Windows.lnk -> C:\Users\Waqar\Downloads\DS4Windows\DS4Windows.exe (Travis Nickles -> DS4Windows)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BC88CB-D19F-466C-8224-FD6CEE1068D9} - System32\Tasks\NahimicTask64 => C:\Windows\system32\.\NahimicSvc64.exe [1066416 2020-11-04] (A-Volute -> Nahimic)
Task: {03816C2A-5847-4083-8AF4-38E8A473917D} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-11-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {05C9F490-0191-431F-8129-A064CD396BEB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {1386F695-B164-426E-A645-CB2AA6700042} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64936 2021-04-17] (Microsoft Corporation -> Microsoft)
Task: {19CD352D-8E71-420F-946D-2419EF644835} - System32\Tasks\EVGAPrecisionX => C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe [27703944 2021-06-02] (EVGA Corp. -> EVGA Co., Ltd.)
Task: {1B7B3DDC-5672-4EC4-929C-E292350D13DC} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {212DC347-DAAB-43D8-8A4F-11B22F4E4A9D} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [56784 2020-08-27] (ASUSTeK Computer Inc. -> )
Task: {25ADC58E-2FE5-4C4D-92F7-E598D67E2A86} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2A289D52-71F1-4840-9BCD-175E9A486088} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1469800 2020-10-30] (ASUSTeK Computer Inc. -> )
Task: {3119EBB3-2EDA-4AC1-A015-FC21D4B04B84} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {344B5074-6CEA-4E36-B55A-075BC98F0358} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {408AA742-CF6C-46C2-95D9-C37D9704EECD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4386054B-210E-4044-8781-438B65C9B732} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4726EC48-3F5D-4442-B474-8431D3ABE786} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113992 2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BEC0D5A-FEA4-433F-B2EA-F96C5378B323} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {590768F0-628A-41AB-9ABD-532DB0391984} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113992 2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D62815A-083F-40ED-9E9C-2E3AFD472D22} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253376 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {714C57A5-D32C-4690-9704-0C5CED0A0F94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {72D9D692-9901-41C8-B5DB-8CE31E89CDC8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {85E20104-AC2F-4D1F-A9E1-B4AD65CCC165} - System32\Tasks\NahimicTask32 => C:\Windows\system32\..\SysWOW64\NahimicSvc32.exe [822704 2020-11-04] (A-Volute -> Nahimic)
Task: {8DC4E236-9B97-4146-B630-EBFBE8C6F552} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282288 2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E46AD15-DAD7-4647-922A-6DFFC120D409} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {923DB172-11B1-4339-8A0B-886CAE4112A9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A4E50EC-7DF0-47BE-885A-8FE525F81C16} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [822704 2020-11-04] (A-Volute -> Nahimic)
Task: {A4D5C04B-68B7-4ECE-ACBD-4C2172AF2928} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282288 2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6031097-AC1E-4FC6-9456-E11B96291C7B} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1899656 2020-11-25] (ASUSTeK Computer Inc. -> ASUS)
Task: {AC4CE1FE-75E3-4B4E-90E0-DB0224225BE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-15] (Google LLC -> Google LLC)
Task: {BC1C11FA-A811-4F5C-A04D-47420066D662} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253376 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0608248-468D-4F9A-AA49-79B832433D4D} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1066416 2020-11-04] (A-Volute -> Nahimic)
Task: {C12B1701-2311-4893-B856-2C4825E07643} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2020-10-13] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {C203BD24-5587-418B-AE8F-C3FD022E0F2A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5922DF6-F130-4BAE-A374-7E6F9625EF85} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8D9EE3F-748F-4C4B-97FE-473D2ACAD1BD} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1238328 2021-01-21] (ASUSTeK Computer Inc. -> ASUS)
Task: {CC9CF38D-2720-4D05-BF3B-F6C16E61D705} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45540760 2021-01-13] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CCD3B5BF-E945-4428-8FBD-AE391FA7E634} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6bb3effa23db6 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-11-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {D42EB68C-88BC-4BE1-A02E-CC906393D9D0} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {D51289C2-0B1B-4984-B9FB-1AF48B9573EF} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2115632 2020-10-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {E5C4D18C-5648-4182-929E-A371D0F35FBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-15] (Google LLC -> Google LLC)
Task: {E7A52DFE-F600-4068-8401-77BCC82148E3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2555AA5-BEB0-4036-84E0-5FC3EBFD4B89} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [1039360 2020-11-10] (TODO: <Company name>) [File not signed]
Task: {FCDD3B7E-A12C-4CD7-87A6-26030A7E6ADA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{61fd3046-d5fe-4358-ba97-92942e7dc4aa}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Waqar\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-01]
Edge Extension: (360 Viewer) - C:\Users\Waqar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmglcbnpblebkmcllnfcgamdelbbekge [2021-06-10]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-11-22] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default [2021-08-06]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=1435771788&z=96d34dc6754b672d6bda019g8z3c5wdmcm2gam4qbg&from=amt&uid=WDCXWD3200AAJS-00L7A0_WD-WMAV2211074210742
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1435771788&z=96d34dc6754b672d6bda019g8z3c5wdmcm2gam4qbg&from=amt&uid=WDCXWD3200AAJS-00L7A0_WD-WMAV2211074210742","hxxp://www.oursurfing.com/?type=hppp&ts=1435771870&z=e9934bf8adf1b566aa546d4g5z8c9w5mamegabfz5c&from=amt&uid=WDCXWD3200AAJS-00L7A0_WD-WMAV2211074210742","hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBHQkBH4sBk..&v=20160611&uid=539C6BEC8EE41381B880630540D96475&ptid=epf1&mode=loadm","hxxp://go.css.herts.ac.uk/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-16]
CHR Extension: (Docs) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-16]
CHR Extension: (Google Drive) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-16]
CHR Extension: (YouTube) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-07-28]
CHR Extension: (TwoSeven Extension) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjdnfmjmdligcpfcekfmenlhiopehjkd [2021-08-04]
CHR Extension: (SlitherPlus - Zoom, Skin Creator, Mod, Bots) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbghpalffgmgocmnigfhalghmaemffo [2020-11-16]
CHR Extension: (WGT Golf Challenge) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2020-11-16]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2020-11-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-17]
CHR Extension: (Pixlr-o-matic) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2020-11-16]
CHR Extension: (Sheets) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-16]
CHR Extension: (Alloy) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljipcgeenffdcglannkpppedokbpgjl [2020-11-16]
CHR Extension: (Google Docs Offline) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-06-24]
CHR Extension: (TU-95 - Pilot the Plane!) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjohfoloehbkffdihkengbkjgalmabj [2020-11-16]
CHR Extension: (AllCast Receiver) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2020-11-16]
CHR Extension: (Color Piano!) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2020-11-16]
CHR Extension: (Pacman) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcecjlbneginpknnnfkfijdfhaedihll [2020-11-16]
CHR Extension: (Google Forms) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2020-11-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2021-06-03]
CHR Extension: (Little Alchemy) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2020-11-16]
CHR Extension: (Until AM Web App) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2020-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-16]
CHR Extension: (Chrome Media Router) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-03-04] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [348280 2021-03-25] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe [456008 2021-06-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe [1360016 2020-10-12] (ASUSTeK Computer Inc. -> ) [File not signed]
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-11-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2021-02-17] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe [2092872 2021-06-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-11-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [842128 2021-08-06] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8912272 2021-06-15] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9141648 2021-07-21] (Microsoft Corporation -> Microsoft Corporation)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [145128 2019-06-26] (DTS, Inc. -> DTS Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810928 2021-06-12] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14288 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3210232 2021-03-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\93.0.961.11\elevation_service.exe [1639824 2021-08-03] (Microsoft Corporation -> Microsoft Corporation)
R2 NahimicService; C:\Windows\system32\NahimicService.exe [2719664 2020-11-04] (A-Volute -> Nahimic)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1848624 2021-07-30] (Rockstar Games, Inc. -> Rockstar Games)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5632232 2021-06-18] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12871464 2021-04-30] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 Tobii VRU02 Runtime; C:\Program Files (x86)\Tobii\Tobii VRU02 Runtime\platform_runtime_VR4U2P2_service.exe [4010344 2020-01-29] (Tobii AB -> )
R2 VRLService; C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe [20309016 2021-05-09] (Chaos Software Ltd. -> )
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [35136 2020-05-25] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43920 2021-02-17] (ASUSTeK Computer Inc. -> )
R3 AVoluteSS3Vad; C:\Windows\System32\drivers\AVoluteSS3Vad.sys [85080 2019-08-14] (A-Volute -> Windows (R) Win 7 DDK provider)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [75560 2020-12-26] (Broadcom Corporation -> Broadcom Corporation.)
S3 cpuz150; C:\Windows\temp\cpuz150\cpuz150_x64.sys [44832 2021-08-04] (CPUID S.A.R.L.U. -> CPUID)
R3 Driver; C:\Program Files\EVGA\Precision X1\driver-x64.sys [39856 2020-07-23] (EVGA Corp. -> )
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 FNETHYRAMAS; C:\Windows\System32\drivers\FNETHYRAMAS.SYS [56496 2020-11-24] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 GPUZ-v2; C:\Users\Waqar\AppData\Local\Temp\GPUZ-v2.sys [50216 2021-01-10] (TechPowerUp LLC -> ) <==== ATTENTION
S3 HWiNFO_161; C:\Users\Waqar\AppData\Local\Temp\HWiNFO64A_161.SYS [64528 2021-06-28] (Martin Malik - REALiX -> REALiX(tm)) <==== ATTENTION
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2021-02-26] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [35344 2020-11-03] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 LSaiMini; C:\Windows\System32\drivers\LSaiMini.sys [30840 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 LSaiNtBus; C:\Windows\system32\drivers\LSaiBus.sys [70456 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-20] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 SaiK2221; C:\Windows\system32\DRIVERS\SaiK2221.sys [227128 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 SaiKa221; C:\Windows\system32\DRIVERS\SaiKa221.sys [227128 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 SaiU2221; C:\Windows\system32\DRIVERS\SaiU2221.sys [33512 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 SaiUa221; C:\Windows\system32\DRIVERS\SaiUa221.sys [33512 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2020-11-22] (ATI Technologies, Inc -> ATI Technologies Inc.)
R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-06 19:28 - 2021-08-06 19:28 - 000038975 _____ C:\Users\Waqar\Downloads\FRST.txt
2021-08-06 19:28 - 2021-08-06 19:28 - 000000000 ____D C:\FRST
2021-08-06 19:27 - 2021-08-06 19:27 - 002300416 _____ (Farbar) C:\Users\Waqar\Downloads\FRST64.exe
2021-08-06 19:17 - 2021-08-06 19:17 - 000000000 ____D C:\Users\Waqar\Downloads\AIDA64Portable_5.90.4200-Extreme
2021-08-06 19:08 - 2021-08-06 19:08 - 050926505 _____ C:\Users\Waqar\Downloads\AIDA64Portable_5.90.4200-Extreme.rar
2021-08-05 18:07 - 2021-08-05 18:07 - 000011592 _____ C:\Users\Waqar\Downloads\WhatsApp Image 2019-12-06 at 8.40.21 AM.jpeg
2021-08-05 18:02 - 2021-08-05 18:08 - 000771925 _____ C:\Users\Waqar\Downloads\GST REGISTRATION FORM.pdf
2021-08-04 22:10 - 2021-08-04 22:10 - 000000222 _____ C:\Users\Waqar\Desktop\Green Hell.url
2021-08-04 19:51 - 2021-08-04 19:51 - 000000000 ____D C:\Users\Waqar\Downloads\ZenTimings_v1.2.5
2021-08-04 19:36 - 2021-08-04 19:36 - 000184409 _____ C:\Users\Waqar\Desktop\DESKTOP.html
2021-08-02 20:46 - 2021-08-02 20:46 - 000000000 ____D C:\Users\Waqar\Desktop\Zeeshan
2021-08-01 22:42 - 2021-08-01 22:42 - 000369374 _____ C:\Users\Waqar\Desktop\DESKTOP-AIMSR73.html
2021-08-01 15:37 - 2021-07-14 03:07 - 001858664 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-08-01 15:37 - 2021-07-14 03:07 - 001858664 _____ C:\Windows\system32\vulkaninfo.exe
2021-08-01 15:37 - 2021-07-14 03:07 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-08-01 15:37 - 2021-07-14 03:07 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-08-01 15:37 - 2021-07-14 03:07 - 001097856 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-08-01 15:37 - 2021-07-14 03:07 - 001097856 _____ C:\Windows\system32\vulkan-1.dll
2021-08-01 15:37 - 2021-07-14 03:07 - 000951936 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-08-01 15:37 - 2021-07-14 03:07 - 000951936 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-08-01 15:37 - 2021-07-14 03:06 - 001474704 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-08-01 15:37 - 2021-07-14 03:06 - 001212560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 001520776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000716912 _____ C:\Windows\system32\nvofapi64.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000676480 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000645232 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000577152 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000564352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 002112128 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 001595520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 001171072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 000919168 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 000750208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 000706176 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-08-01 15:37 - 2021-07-14 03:00 - 008854144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 007920768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 005680760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 004987520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 002925696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 000447104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-08-01 15:37 - 2021-07-14 02:59 - 000849008 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-08-01 15:37 - 2021-07-12 21:32 - 000083062 _____ C:\Windows\system32\nvinfo.pb
2021-08-01 05:50 - 2021-08-01 05:50 - 000000363 _____ C:\Users\Waqar\Desktop\Train Sim World 2.url
2021-07-31 16:12 - 2021-07-31 16:13 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Liveries Mega Pack Manager
2021-07-31 16:12 - 2021-07-31 16:12 - 097104384 _____ (David Wheatley) C:\Users\Waqar\Downloads\Liveries_Mega_Pack_Manager-0.4.5-setup.exe
2021-07-31 16:12 - 2021-07-31 16:12 - 000002663 _____ C:\Users\Waqar\Desktop\Liveries Mega Pack Manager.lnk
2021-07-31 16:12 - 2021-07-31 16:12 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\David Wheatley
2021-07-31 16:12 - 2021-07-31 16:12 - 000000000 ____D C:\Users\Waqar\AppData\Local\Liveries_Mega_Pack_Manager
2021-07-22 16:18 - 2021-07-22 16:19 - 006331220 _____ C:\Windows\Minidump\072221-13546-01.dmp
2021-07-12 17:45 - 2021-07-12 17:45 - 006196188 _____ C:\Windows\Minidump\071221-21093-01.dmp
2021-07-11 14:35 - 2021-07-11 14:35 - 000000000 ____D C:\Users\Waqar\AppData\Local\Pavlov
2021-07-10 21:18 - 2021-07-10 21:18 - 000000223 _____ C:\Users\Waqar\Desktop\Transport Fever 2.url
2021-07-10 21:18 - 2021-07-10 21:18 - 000000222 _____ C:\Users\Waqar\Desktop\Pavlov VR.url
2021-07-07 17:42 - 2021-07-07 17:42 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\paradox-launcher-v2
 
==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-06 19:23 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-06 19:13 - 2021-04-15 03:25 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-08-06 19:10 - 2020-11-15 21:03 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-06 19:00 - 2020-11-15 21:03 - 000840838 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-06 19:00 - 2019-12-07 19:13 - 000000000 ____D C:\Windows\INF
2021-08-06 18:56 - 2021-05-15 20:35 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-06 18:56 - 2020-11-15 21:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-06 18:54 - 2021-05-17 21:30 - 000003112 _____ C:\Windows\system32\Tasks\NahimicTask32
2021-08-06 18:54 - 2021-04-17 21:13 - 000003092 _____ C:\Windows\system32\Tasks\NahimicTask64
2021-08-06 18:54 - 2020-11-15 21:07 - 000000000 ____D C:\Program Files (x86)\Steam
2021-08-06 18:53 - 2020-11-16 04:53 - 000880672 _____ C:\Windows\system32\wpbbin.exe
2021-08-06 18:53 - 2020-11-16 04:53 - 000842128 _____ C:\Windows\system32\AsusUpdateCheck.exe
2021-08-06 18:53 - 2020-11-15 21:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-08-06 18:53 - 2020-10-10 06:51 - 000000000 ____D C:\ProgramData\ssh
2021-08-06 18:53 - 2020-09-27 17:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-08-06 18:53 - 2020-09-27 16:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-06 18:53 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\ServiceState
2021-08-06 18:51 - 2019-12-07 19:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-08-06 18:50 - 2021-06-12 14:23 - 000000000 ____D C:\Users\Waqar\Downloads\DS4Windows
2021-08-05 21:03 - 2021-03-11 17:12 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\SteamVR
2021-08-05 21:03 - 2020-11-18 03:28 - 000000000 ____D C:\Users\Waqar\AppData\Local\CrashDumps
2021-08-05 19:48 - 2020-11-20 15:19 - 000000000 ____D C:\Users\Waqar\AppData\Local\FlightSimulator
2021-08-05 19:48 - 2020-11-19 06:37 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Microsoft Flight Simulator
2021-08-05 18:51 - 2021-05-21 18:58 - 000678912 _____ () C:\Users\Waqar\Downloads\ModAssistant.exe
2021-08-05 08:46 - 2020-11-15 21:07 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-05 08:46 - 2020-11-15 21:07 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-05 02:40 - 2020-11-15 21:07 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-05 02:40 - 2020-11-15 21:07 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-04 22:10 - 2020-11-16 15:59 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-08-04 19:28 - 2020-11-15 21:10 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Spotify
2021-08-04 19:28 - 2020-11-15 21:10 - 000000000 ____D C:\Users\Waqar\AppData\Local\Spotify
2021-08-04 16:22 - 2020-09-27 17:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-08-04 16:20 - 2021-01-30 19:57 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2021-08-04 16:20 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-04 16:20 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\AppReadiness
2021-08-02 14:53 - 2020-09-27 17:36 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-02 14:53 - 2020-09-27 17:36 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-01 22:21 - 2021-01-03 09:25 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Origin
2021-08-01 22:21 - 2021-01-03 09:25 - 000000000 ____D C:\ProgramData\Origin
2021-08-01 21:35 - 2021-01-03 09:25 - 000000000 ____D C:\Users\Waqar\AppData\Local\Origin
2021-08-01 18:04 - 2020-11-15 20:59 - 000000000 ____D C:\Users\Waqar
2021-08-01 16:29 - 2020-12-11 08:31 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\qBittorrent
2021-08-01 16:29 - 2020-11-16 16:17 - 000000000 ____D C:\Users\Waqar\AppData\Local\Ubisoft Game Launcher
2021-08-01 16:09 - 2020-11-16 15:10 - 000000000 ____D C:\Users\Waqar\AppData\Local\NVIDIA
2021-08-01 16:07 - 2021-05-15 20:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-08-01 05:51 - 2019-12-07 19:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-31 20:54 - 2020-09-27 17:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-31 20:54 - 2020-09-27 17:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-31 19:17 - 2020-12-25 14:59 - 000000000 ____D C:\Program Files\Rockstar Games
2021-07-31 19:17 - 2020-12-25 14:59 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-07-31 16:15 - 2021-04-27 05:29 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\FlyByWire Installer
2021-07-31 16:12 - 2021-04-27 05:29 - 000000000 ____D C:\Users\Waqar\AppData\Local\SquirrelTemp
2021-07-31 15:37 - 2020-09-27 16:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-31 11:48 - 2020-11-16 04:53 - 000000000 ____D C:\ProgramData\ASUS
2021-07-31 07:23 - 2021-02-22 21:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-07-30 10:42 - 2020-11-15 23:00 - 000000000 ____D C:\Users\Waqar\AppData\Local\PlaceholderTileLogoFolder
2021-07-29 06:26 - 2021-04-15 03:26 - 000003522 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2021-07-29 03:17 - 2021-01-03 09:26 - 000000000 ____D C:\Program Files (x86)\Origin
2021-07-28 06:09 - 2020-11-16 15:53 - 000000000 ____D C:\Users\Waqar\Documents\My Games
2021-07-27 06:07 - 2020-11-15 21:01 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2327868397-2116308143-3992419034-1001
2021-07-27 06:07 - 2020-11-15 21:01 - 000000000 ___RD C:\Users\Waqar\OneDrive
2021-07-27 06:07 - 2020-11-15 20:59 - 000002383 _____ C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-24 00:43 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-22 16:19 - 2020-12-02 21:28 - 000000000 ____D C:\Windows\Minidump
2021-07-22 16:18 - 2020-12-02 21:28 - 2600552530 _____ C:\Windows\MEMORY.DMP
2021-07-16 09:12 - 2020-11-15 23:06 - 000000000 ____D C:\Windows\system32\MRT
2021-07-16 09:10 - 2020-11-15 23:06 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-14 02:57 - 2021-05-15 20:34 - 007280312 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-07-14 02:57 - 2021-05-15 20:34 - 006215792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-07-11 17:01 - 2021-01-09 10:47 - 000000000 ____D C:\Users\Waqar\Documents\Assetto Corsa
2021-07-10 17:29 - 2021-06-09 18:29 - 000000000 ____D C:\Users\Waqar\Desktop\IPhone Cover

==================== Files in the root of some directories ========

2021-04-12 22:00 - 2021-04-13 21:19 - 000000205 _____ () C:\Users\Waqar\AppData\Local\oobelibMkey.log
2021-06-10 18:57 - 2021-06-10 18:57 - 000004132 _____ () C:\Users\Waqar\AppData\Local\recently-used.xbel
2020-12-26 16:27 - 2020-12-26 16:27 - 000012288 _____ () C:\Users\Waqar\AppData\Local\vita_uranus.data

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\system32\APHostClient.dll [2021-01-13] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2021
Ran by Waqar (06-08-2021 19:28:46)
Running from C:\Users\Waqar\Downloads
Windows 10 Education Version 20H2 19042.746 (X64) (2020-11-15 18:55:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2327868397-2116308143-3992419034-500 - Administrator - Disabled)
alber (S-1-5-21-2327868397-2116308143-3992419034-1003 - Limited - Disabled)
DefaultAccount (S-1-5-21-2327868397-2116308143-3992419034-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-2327868397-2116308143-3992419034-1008 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-2327868397-2116308143-3992419034-501 - Limited - Disabled)
imsay (S-1-5-21-2327868397-2116308143-3992419034-1005 - Limited - Disabled)
rifkh (S-1-5-21-2327868397-2116308143-3992419034-1002 - Limited - Disabled)
sayed (S-1-5-21-2327868397-2116308143-3992419034-1004 - Limited - Disabled)
sshd (S-1-5-21-2327868397-2116308143-3992419034-1006 - Limited - Enabled)
Waqar (S-1-5-21-2327868397-2116308143-3992419034-1001 - Administrator - Enabled) => C:\Users\Waqar
WDAGUtilityAccount (S-1-5-21-2327868397-2116308143-3992419034-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.69 - ASUSTeK Computer Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.09.28.509 - Advanced Micro Devices, Inc.)
AMD Product Verification Tool version 1.0.6.0 (HKLM\...\{4242685A-EF3E-45FF-B4AE-758E49020936}}_is1) (Version: 1.0.6.0 - AMD)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.6.0.1702 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.22 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{ad7f5f31-0d6f-40f2-83b1-5556e0d0f9b1}) (Version: 2.09.28.509 - Advanced Micro Devices, Inc.) Hidden
Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 4.0.12 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{a2a7dca1-0f67-4a82-bc2c-11911fa92dcc}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{33e3ea9c-baed-4e8a-8dbb-4792a27c9066}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.05 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{2357cd84-6c2b-4174-87c7-4f9f9db8746b}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{659ff51d-6e35-42de-83ec-aa394eabe9eb}) (Version: 2.0.2.2 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.2.2 - ASUSTek COMPUTER INC.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.05.09 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.53 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.06 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{684f7887-cc5b-469a-81e9-36d38142cc46}) (Version: 1.1.06 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.15 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.15 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.35 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{35381ead-8a19-4bff-a272-dcdfe38a5867}) (Version: 3.04.35 - ASUSTeK Computer Inc.)
Autodesk 3ds Max 2021 (HKLM\...\{35156605-CE91-4AF6-8207-56211CB30369}) (Version: 23.0.0.915 - Autodesk, Inc.)
Autodesk 3ds Max 2021 (HKLM\...\{91A3588B-1DB9-428B-A176-A53115C6199F}) (Version: 23.0.0.915 - Autodesk) Hidden
Autodesk Advanced Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{C9FDA270-A0B9-45EE-8748-F37DF1370767}) (Version: 19.1.23.0 - Autodesk)
Autodesk Advanced Material Library Low Resolution Image Library 2021 (HKLM-x32\...\{AB7DC10F-1D72-4F90-988F-CDC2D6323A48}) (Version: 19.1.23.0 - Autodesk)
Autodesk Advanced Material Library Medium Resolution Image Library 2021 (HKLM-x32\...\{B4545986-9002-4090-9E58-44F985F2FF4F}) (Version: 19.1.23.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.1.0.68 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Material Library 2021 (HKLM-x32\...\{8C559572-4A10-43C2-9346-6E7C7E012487}) (Version: 19.1.23.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{EFC36459-CD89-44F3-BA04-B7C5804199AF}) (Version: 19.1.23.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2021 (HKLM-x32\...\{69D8FFED-B14E-4998-BBC2-535006E195D6}) (Version: 19.1.23.0 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk) Hidden
blender (HKLM\...\{19D336E9-23B8-46C9-AA71-BC4CDC4B151B}) (Version: 2.93.0 - Blender Foundation)
Blender (HKLM\...\{A0C803A1-310C-4EFF-B881-CA10CF7CD6A7}) (Version: 2.90.1 - Blender Foundation)
Chaos Cloud Client (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Chaos Cloud Client) (Version: 1.6.5 - Chaos Software Ltd)
Chaos License Server (HKLM\...\Chaos License Server) (Version: 5.5.0 - Chaos Software Ltd)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
CPUID ROG CPU-Z 1.88 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.88 - CPUID, Inc.)
DCS World (HKLM-x32\...\DCS World_is1) (Version: - )
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
EVGA Precision X1 (HKLM\...\EVGA Precision X1) (Version: 1.2.1.0 - EVGA Corporation)
FlyByWire Installer (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\fbw_installer) (Version: 1.2.0 - FlyByWire Simulations)
FS2Crew: Pushback Express (HKLM-x32\...\FS2Crew: Pushback Express) (Version: - )
FSUIPC7 v7.2.0a (HKLM-x32\...\FSUIPC7) (Version: v7.2.0a - John L. Dowson)
Geeks3D FurMark 1.25.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.25.0.0 - Geeks3D)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
Google Chrome (HKLM\...\{33529102-FFB0-3918-BE3B-AC35F0500AC5}) (Version: 92.0.4515.131 - Google LLC)
HWiNFO64 Version 6.34 (HKLM\...\HWiNFO64_is1) (Version: 6.34 - Martin Malik - REALiX)
icecap_collection_neutral (HKLM-x32\...\{CCAFAE33-E5CD-4828-962D-B2C08326EC67}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{D74AF03C-D072-4551-9D8E-4312E22685FB}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{364E3A1B-9A41-44D6-9B81-0BF02C6FD2F0}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{144536DB-036C-465C-86F3-53ADFD9C72A2}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LED Sync (HKLM-x32\...\{417D2425-8783-46D4-97DF-EEF7CD17D656}) (Version: 1.1.1 - EVGA)
Liveries Mega Pack Manager (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Liveries_Mega_Pack_Manager) (Version: 0.4.5 - David Wheatley)
Microsoft .NET Framework 4.8 SDK (HKLM-x32\...\{DA855582-B360-4532-B8C4-ECD1E5A7095B}) (Version: 4.8.04084 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{7D846F37-3C30-47C5-BCEA-2929EE09BE9A}) (Version: 4.8.04084 - Microsoft Corporation)
Microsoft .NET SDK 5.0.202 (x64) from Visual Studio (HKLM\...\{52814288-C780-4AD7-BDD4-F3A239988F82}) (Version: 5.2.221.20118 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.62 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14228.20204 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.9.3365.38425 - Microsoft Corporation)
MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
NiceHash Miner 3.0.5.4 (only current user) (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\8abad8e2-b957-48ed-92ba-4339c2a40e78) (Version: 3.0.5.4 - H-BIT, d.o.o.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
PDFill FREE PDF Editor Basic (HKLM\...\{26037138-C111-4BC5-88E8-DD2B2F2460C7}) (Version: 15.0 - PlotSoft LLC)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PJP's JoyIDs (HKLM-x32\...\JoyIDs) (Version: - )
qBittorrent 4.3.0.1 (HKLM-x32\...\qBittorrent) (Version: 4.3.0.1 - The qBittorrent project)
RamCache III (HKLM-x32\...\RamCache III) (Version: 1.01.08 - ASUSTeKcomputer Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8751.1 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.30 - Rockstar Games)
REDlauncher (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.44.403 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.9 - Rockstar Games)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.2.12.5 - ASUSTek COMPUTER INC.)
SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK Debuggers (HKLM-x32\...\{1B2DE43F-91D0-EE1E-7C9C-EF16064EB04C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Spotify (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Spotify) (Version: 1.1.64.561.g71bd09eb - Spotify AB)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Substance in 3ds Max 2021 (HKLM\...\{9292BE37-96B0-473E-8502-675FCC31D13F}) (Version: 2.3.1 - Allegorithmic)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.17.7 - TeamViewer)
Tobii VRU02 Runtime (HKLM-x32\...\{E74E378C-4C07-416C-A6CC-B241BD002E1F}) (Version: 1.16.36 - Tobii AB)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
TypeScript SDK (HKLM-x32\...\{54BBE05F-F2AC-4403-AA5D-786BEAA645D5}) (Version: 4.1.4.0 - Microsoft Corporation) Hidden
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 115.2.10179 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{8236EB3D-576E-432C-867A-D64F390A9D38}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\59dd2153) (Version: 16.9.31205.134 - Microsoft Corporation)
VIVEPORT (HKLM-x32\...\VIVEPORT) (Version: 1.0.9.202 - HTC)
VIVEPORT DirectX 9.0 (HKLM-x32\...\{4b01ac5b-340e-4644-828b-0882c8255a4e}) (Version: 1.2.0.3 - HTC Corp.) Hidden
VIVEPORT DirectX 9.0 (x86/x64) (HKLM-x32\...\{9D42F21E-7CFA-4C87-99FD-C81CFFCB12E5}) (Version: 1.2.0.3 - HTC Corp.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0-git - VideoLAN)
V-Ray for 3dsmax 2021 for x64 (HKLM\...\V-Ray for 3dsmax 2021 for x64) (Version: 5.00.5 - Chaos Software Ltd)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{FB93144C-7671-4DA4-883B-B1D15F00176A}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{03119992-794E-4BD1-8811-050DD87BC41C}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{6E29FB21-642A-4E68-BD8B-745E679EB9F5}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{D12A3F67-709D-477A-B5D3-D820E4C745E3}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{B64FFE5E-EDCF-49DE-B528-C5AA0D0C313B}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B994480E-2AA4-4B45-98BA-C01D9F8D2C90}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D29146C4-081C-4671-A306-894FF983D18A}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{621CB344-D1D9-4F17-A5B5-36BBBC4F6FFA}) (Version: 16.9.31025 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{F4E68397-CB34-42A2-A2FC-33C63EA0CE3B}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{90BDEEC4-B67A-4ED4-A59C-E5616D5D5CA9}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{6C9A7596-C8E7-44B0-B5C1-15D5CB97499A}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Wondershare Filmora X(Build 10.0.7.0) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
WPT Redistributables (HKLM-x32\...\{FDF7ED9F-920C-CC11-0290-8B41498C1927}) (Version: 10.1.19041.685 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{BB70FD41-5199-A5A6-064F-4343723C3048}) (Version: 10.1.19041.685 - Microsoft) Hidden
Xamarin Offline Packages (HKLM-x32\...\{F83E2D4C-A653-43F3-8DFF-F68618114EEB}) (Version: 16.9.72 - Xamarin) Hidden
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{E07CBF6A-91C5-434C-8520-784D040A3907}) (Version: 16.7.0.0 - Xamarin) Hidden

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_4.0.8.0_x64__qmba6cd70vzyy [2021-03-29] (ASUSTeK COMPUTER INC.)
Cinebench -> C:\Program Files\WindowsApps\MAXONComputerGmbH.Cinebench_23.2.0.0_x64__rsne5bsk8s7tj [2020-11-18] (MAXON Computer GmbH)
HP Reverb G2 VR Headset Setup -> C:\Program Files\WindowsApps\AD2F1837.HPReverbG2VRHeadsetSetup_1.0.8.0_x64__v10z8vjag6ke6 [2021-03-11] (HP Inc.)
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2021-08-04] (0)
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.17.3.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-11-20] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-01] (NVIDIA Corp.)
OpenXR Developer Tools for Windows Mixed Reality -> C:\Program Files\WindowsApps\Microsoft.MixedRealityRuntimeDeveloperPreview_106.2104.15001.0_x64__8wekyb3d8bbwe [2021-05-15] (Microsoft Corporation)
OpenXR Preview Runtime for Windows Mixed Reality -> C:\Program Files\WindowsApps\Microsoft.WindowsMixedReality.PreviewRuntime_107.2107.7003.0_x64__8wekyb3d8bbwe [2021-07-24] (Microsoft Platform Extensions)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-12-27] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-27] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.185.0_x64__dt26b99r8h8gj [2020-11-24] (Realtek Semiconductor Corp)
Sonic Radar 3 -> C:\Program Files\WindowsApps\A-Volute.28054DF1F58B4_3.16.15.0_x64__w2gh52qy24etm [2021-01-14] (A-Volute)
Sonic Studio 3 -> C:\Program Files\WindowsApps\A-Volute.SonicStudio3_3.16.15.0_x64__w2gh52qy24etm [2021-01-14] (A-Volute)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-03-11] (VideoLAN)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2327868397-2116308143-3992419034-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2327868397-2116308143-3992419034-1001_Classes\CLSID\{5405618e-4c42-4fb9-a80a-d24d89911296}\localserver32 -> C:\Users\Waqar\AppData\Local\NhNotifSys\sonicstudio\asusns.exe (A-Volute SAS -> A-Volute)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-14] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Waqar\Desktop\MSFS.lnk -> F:\Games\MSFS\FSUIPC7\MSFS.bat ()
ShortcutWithArgument: C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AllCast Receiver.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hjbljnpdahefgnopeohlaeohgkiidnoe
 
==================== Loaded Modules (Whitelisted) =============

2020-07-08 16:42 - 2020-07-08 16:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2020-07-08 16:42 - 2020-07-08 16:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2020-07-14 16:16 - 2020-07-14 16:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2020-11-16 15:35 - 2020-10-15 23:59 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2020-11-16 15:35 - 2020-10-30 19:16 - 000886272 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2020-11-16 15:35 - 2020-10-30 19:16 - 000996864 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2020-11-16 15:35 - 2020-10-30 19:16 - 000990208 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2020-11-16 15:35 - 2020-10-30 19:16 - 000952832 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2020-11-16 15:35 - 2020-10-13 01:00 - 001667584 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2020-11-16 15:35 - 2020-10-13 01:00 - 001063424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FanInfofromProtocol.dll
2021-01-30 19:56 - 2019-12-23 17:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2021-01-30 19:56 - 2019-06-26 15:07 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\MacroControl.dll
2020-04-22 14:35 - 2020-04-22 14:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2019-06-24 18:57 - 2019-06-24 18:57 - 000626688 _____ () [File not signed] C:\Program Files\EVGA\Precision X1\scanner.dll
2020-05-27 03:08 - 2020-05-27 03:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll
2021-06-28 20:12 - 2021-08-06 18:53 - 000051456 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.02.06\PEbiosinterface32.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll
2020-11-16 15:35 - 2020-10-13 01:00 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll
2021-01-30 19:56 - 2019-10-24 10:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll
2021-06-12 14:23 - 2020-08-18 06:10 - 000090112 _____ (Bernhard Millauer,Uwe Mayer, Konrad Mattheis) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\WPFLocalizeExtension.dll
2021-06-12 14:23 - 2021-03-16 10:39 - 001198080 _____ (DotNetProjects) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\DotNetProjects.Wpf.Extended.Toolkit.dll
2021-06-12 14:23 - 2021-01-28 20:14 - 000334336 _____ (GitHub Community) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\Microsoft.Win32.TaskScheduler.dll
2021-06-12 14:23 - 2021-01-22 15:48 - 000014848 _____ (hardcodet.net) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\H.NotifyIcon.dll
2021-06-12 14:23 - 2021-01-22 15:48 - 000037376 _____ (hardcodet.net) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\Hardcodet.Wpf.TaskbarNotification.dll
2020-12-02 04:02 - 2020-12-02 04:02 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2021-01-13 07:14 - 2021-01-13 07:14 - 001953792 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\urlmon.dll
2021-06-12 14:23 - 2021-03-25 13:05 - 000820736 _____ (NLog) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\NLog.dll
2021-01-30 19:56 - 2019-06-26 15:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2021-01-30 19:56 - 2019-06-26 15:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2021-01-30 19:58 - 2020-05-14 14:15 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libcrypto-1_1-x64.dll
2021-01-30 19:58 - 2020-05-14 14:15 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libssl-1_1-x64.dll
2021-01-03 09:26 - 2021-01-03 09:26 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-01-03 09:26 - 2021-01-03 09:26 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-01-03 09:26 - 2021-01-03 09:26 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000078336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qgifd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000102400 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicnsd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000079360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicod.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000668160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qjpegd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000062976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qsvgd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000062464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtgad.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000656384 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtiffd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000060416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwbmpd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000936448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwebpd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 003425792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\platforms\qwindowsd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 011002368 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Cored.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 011547648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Guid.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000568832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Svgd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 009100288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Widgetsd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000312832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Xmld.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000304128 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\styles\qwindowsvistastyled.dll
2021-01-30 19:56 - 2019-07-31 13:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll
2021-06-12 14:23 - 2020-08-17 08:22 - 000037376 _____ (Uwe Mayer,Konrad Mattheis,Bernhard Millauer) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\XAMLMarkupExtensions.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 19:14 - 2019-12-07 19:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Waqar\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\kittyhawk_e3_withlogo_003-2-scaled.jpg
HKU\S-1-5-21-2327868397-2116308143-3992419034-1008\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "X56"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RamCache III "
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "Magnet.bootstrap_Vive"
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"


==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3CC5B900-3BBF-4F33-90AF-CEA703829FDF}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{50AF8BB1-0005-4288-9533-87CA238085E4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{1343ACAC-88CB-4FCE-A285-2485518EE2A4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{E2660EBC-E9FF-40E4-ABD1-9EC8F7D752FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{76676DC8-112E-427D-8ED4-60171631DFC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AFBF844C-2A7C-4DBD-93B3-A8CA1A34AC4E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{D5B18989-A23D-4B42-B492-9DAC32E0507C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{B9E6BD49-8A5E-496E-A033-47C7C5F86C3B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{701D34B4-0A04-4029-A7A1-BB6F600FB2C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0FE17CF1-2749-462D-B844-AA8D352D240A}] => (Allow) F:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{DE0D96EE-DEF9-4027-B944-9F59B3D2A36D}] => (Allow) F:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{0A0A643E-F54B-4D97-A5F7-D73A5F5E11CB}] => (Allow) F:\SteamLibrary\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{94175BB6-E04C-4F00-A6EF-421C33543C65}] => (Allow) F:\SteamLibrary\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{CFE541B8-F803-4E2A-981A-AE8302432327}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [{ED0711DC-98FC-42CC-AF1F-7CC7A2D98B70}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [{A03ABD05-8098-499A-9873-8185345B51FE}] => (Allow) F:\SteamLibrary\steamapps\common\MicrosoftFlightSimulator\FlightSimulator.exe (Asobo Studio) [File not signed]
FirewallRules: [{E68B0793-8D9E-49C4-A864-66FEED4E7E58}] => (Allow) F:\SteamLibrary\steamapps\common\MicrosoftFlightSimulator\FlightSimulator.exe (Asobo Studio) [File not signed]
FirewallRules: [TCP Query User{D748D12F-E742-485F-869D-DB487CF311A0}C:\users\waqar\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\waqar\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [UDP Query User{FF123B59-C0F0-450B-8367-094A3715FC96}C:\users\waqar\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\waqar\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{0381473B-F344-4669-8211-264EEF696225}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{0C02905E-1467-4287-8D8F-5F39266C7DD8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{1A6F7C37-28BE-4360-A956-4B003BCB76DE}C:\users\waqar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\waqar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{EE7FC87A-7C51-4650-AE65-853C5B8E49C1}C:\users\waqar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\waqar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{B0390ECC-E734-4F0D-A6DE-D9B42C3D29C4}C:\users\waqar\appdata\local\programs\nicehash miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe] => (Allow) C:\users\waqar\appdata\local\programs\nicehash miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe () [File not signed]
FirewallRules: [UDP Query User{DB517D8F-AD21-4A07-A4DF-573195C0FB7A}C:\users\waqar\appdata\local\programs\nicehash miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe] => (Allow) C:\users\waqar\appdata\local\programs\nicehash miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe () [File not signed]
FirewallRules: [TCP Query User{26310BDF-71B9-4149-AEFE-BABC0880D6D6}D:\games\snowrunner\en_us\sources\bin\snowrunner.exe] => (Allow) D:\games\snowrunner\en_us\sources\bin\snowrunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [UDP Query User{AC9A1C79-B8ED-4D82-86A7-4331FDDD3490}D:\games\snowrunner\en_us\sources\bin\snowrunner.exe] => (Allow) D:\games\snowrunner\en_us\sources\bin\snowrunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [{E6083982-9F14-4720-A78E-8EE30696ECC3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A3B7508F-9E6B-4E05-A388-A8C310281270}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A95AE805-F989-4705-A0E5-05E322BAA238}F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{B72C690C-C834-4CB8-9F3E-D03CB64534B8}F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{ECFE9AF8-627F-4B12-BC86-45C45E48F3CB}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Block) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7C0555D3-09CF-42E0-AAD3-C09851A81CD7}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Block) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{68051FC4-D185-494E-89FA-718A6021D42B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [{19F5F8C5-C428-4050-8925-9A540E9ECFFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{8F07A483-4AC6-497F-94D0-F5EB3F718BE8}C:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [UDP Query User{B04E2FFC-2E1D-4798-85C8-BF21F58EFA9B}C:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{38AB9665-8B78-429C-9BDF-E660646B57E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{906468D8-C9C7-493D-96F6-F5869CB03DFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{3247F5F2-7823-4762-9F3E-916F10267DFB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{F275A1EC-5418-406F-9DF1-EAA6358E7A32}] => (Allow) D:\Games\SteamLibrary\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{82D51F79-73D2-48D6-82E7-E457B088EC7A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\EarthVR\Earth.exe (Google Inc -> Google Inc)
FirewallRules: [{4A743AEB-A682-4710-B212-7CD95F1FAAA6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\EarthVR\Earth.exe (Google Inc -> Google Inc)
FirewallRules: [{A891B5DF-8C83-4C8B-BB73-CEA190EFD3D4}] => (Allow) F:\SteamLibrary\steamapps\common\Beat Saber\Beat Saber.exe () [File not signed]
FirewallRules: [{3D1E4EF4-8167-4CFB-B892-3B9AF7D5D481}] => (Allow) F:\SteamLibrary\steamapps\common\Beat Saber\Beat Saber.exe () [File not signed]
FirewallRules: [{5A193395-223A-47F9-B131-98428C393E98}] => (Allow) D:\Games\SteamLibrary\steamapps\common\DCSWorld\bin\DCS.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [{9B792F0E-941B-4C3F-A87E-7FD5EF65051E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\DCSWorld\bin\DCS.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [{37FA4EBC-001F-4F9F-AACE-30970AC3C557}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Spider-Man Far From Home VR\SpiderManFFH.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F4BA3A5A-C296-41B2-B54D-EDD686759373}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Spider-Man Far From Home VR\SpiderManFFH.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{DC8C6FDC-D083-4C4A-98A0-3ED711D59205}] => (Allow) D:\Games\SteamLibrary\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [{8A20A2EF-20E5-4CC6-98A5-9A369FABB704}] => (Allow) D:\Games\SteamLibrary\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [TCP Query User{F9C85871-9320-40E8-A36A-01A37D20371C}C:\users\waqar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\waqar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0CD95632-0C59-4721-BFD4-54012EEBBBEA}C:\users\waqar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\waqar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{1CBE4D9C-2FDA-4465-B556-A64E12234326}D:\games\steamlibrary\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steamlibrary\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [UDP Query User{F9F9AC6E-9B19-49D5-A337-EE1D502F04F7}D:\games\steamlibrary\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steamlibrary\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [TCP Query User{7C969329-BE4C-403B-B3F8-1AAE906EDA26}D:\games\red dead redemption 2\rdr2.exe] => (Allow) D:\games\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{5F05CE09-0A83-43DF-890D-6B32CCD4D5E4}D:\games\red dead redemption 2\rdr2.exe] => (Allow) D:\games\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{BA2C465B-4209-4C60-8C41-BCCA5387C316}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{0579ED9F-5889-4933-AD36-54FF958A0274}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{79343989-6336-46E3-8855-F651141FD116}] => (Allow) F:\SteamLibrary\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{C339DDFA-59C1-425B-8110-2EFF6645CC0C}] => (Allow) F:\SteamLibrary\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{3D4382D1-1CC0-4270-A471-25B8E1CE9140}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Wildlands\GRW.exe (Blue Byte GmbH -> )
FirewallRules: [{49C6F39F-689C-4AC0-85EF-2010926B7291}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Wildlands\GRW.exe (Blue Byte GmbH -> )
FirewallRules: [{DB2F7A0D-C14B-4441-924E-96147750DD94}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{42D15481-C506-49A9-80E6-1A4BB463B708}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{494DC7DB-7E8F-4DF8-BE6A-3D9FA5D7B701}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{42B3DB65-A54D-40B0-9F82-0BD11B90CD4C}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{84AE854F-FF92-48A0-98DF-AF043CDBA557}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{0A369389-1570-4BDE-860D-302075A8BC15}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{850F859F-98B9-492A-8DAA-07EB719E5B57}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7325356B-ADF5-4A7C-9793-E2B88415780A}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7C182699-C649-4AA5-AF9F-6DC7E7993F38}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{346202A2-A63F-4CAF-BB13-ACD482A5921F}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{3EB9D3CA-3263-4577-9988-0253EA1B96B3}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{1EB79E15-3EEC-4230-BAFE-70C86CDF0F15}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{574AD1FB-09A9-42F2-98F9-8CE19E221CD8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE0087AB-9999-433F-8A77-A723CADCB505}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3EE56E5B-3AEF-4B31-A09D-1874F4AC9D2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{576DA218-7485-428C-A91E-91EAC51A4DAC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{919F6F2D-88EF-4624-832B-7CE1C6E5FF94}D:\games\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) D:\games\steamlibrary\steamapps\common\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{516C0002-10C9-4144-8E28-F48B077E30D8}D:\games\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) D:\games\steamlibrary\steamapps\common\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{EC94371C-F085-4135-9F28-61A900F42430}C:\users\waqar\appdata\local\temp\rar$exa26424.30129\vertcoin-qt.exe] => (Allow) C:\users\waqar\appdata\local\temp\rar$exa26424.30129\vertcoin-qt.exe => No File
FirewallRules: [UDP Query User{DF68FEAB-FB67-462D-A64B-FCD936752B59}C:\users\waqar\appdata\local\temp\rar$exa26424.30129\vertcoin-qt.exe] => (Allow) C:\users\waqar\appdata\local\temp\rar$exa26424.30129\vertcoin-qt.exe => No File
FirewallRules: [{9819A24C-8557-4074-ABED-1EBC65C66842}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF2C895B-09F5-442E-8E0B-66C7D4996227}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BFB92714-4EB8-493A-B168-05033919FB0C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\MixedRealityVRDriver\bin\win64\Launch.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A399DF8-201E-4647-8FDA-342EC3C5CFF8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\MixedRealityVRDriver\bin\win64\Launch.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C7B0938-45CF-46AA-A857-8296D2F6F7C1}] => (Allow) D:\Games\SteamLibrary\steamapps\common\DeoVR Video Player\DeoVR.exe (Infomediji d.o.o. -> )
FirewallRules: [{7EC6FAA5-A1A9-4259-BDDE-F5044014FB91}] => (Allow) D:\Games\SteamLibrary\steamapps\common\DeoVR Video Player\DeoVR.exe (Infomediji d.o.o. -> )
FirewallRules: [TCP Query User{EE440E72-C55A-40C0-B78D-CF538103AA07}D:\games\dcs world\bin\dcs.exe] => (Allow) D:\games\dcs world\bin\dcs.exe (Eagle Dynamics) [File not signed]
FirewallRules: [UDP Query User{7EE83679-299A-4669-ADE0-482918149443}D:\games\dcs world\bin\dcs.exe] => (Allow) D:\games\dcs world\bin\dcs.exe (Eagle Dynamics) [File not signed]
FirewallRules: [TCP Query User{138DCEC8-A6D8-43A9-BA7C-57B634E3A621}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F934E28B-3FAD-4E41-9826-6154A0BC1541}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7A57E360-B1D7-4BA0-ABC4-81C72CB0246C}D:\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{00B5840B-8024-474F-9807-6CEDCBF9D48E}D:\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{1FE8931C-97E7-4F6E-8114-F06D9F1A9F14}D:\ue_4.26\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\ue_4.26\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{242C59B3-F9BD-4E96-83D3-7BEB07D2D3B3}D:\ue_4.26\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\ue_4.26\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E894B377-75E3-42B3-A790-55C311A4302D}C:\users\waqar\appdata\local\temp\rar$exa7040.2056\vertcoin-qt.exe] => (Allow) C:\users\waqar\appdata\local\temp\rar$exa7040.2056\vertcoin-qt.exe => No File
FirewallRules: [UDP Query User{F89355C5-5B44-4803-B86C-FF3CD62C5DFF}C:\users\waqar\appdata\local\temp\rar$exa7040.2056\vertcoin-qt.exe] => (Allow) C:\users\waqar\appdata\local\temp\rar$exa7040.2056\vertcoin-qt.exe => No File
FirewallRules: [TCP Query User{ACA5837D-5ABC-4FF2-ABB0-349E33C5459E}D:\vt\vertcoin-qt.exe] => (Allow) D:\vt\vertcoin-qt.exe () [File not signed]
FirewallRules: [UDP Query User{3548124D-3D6A-4A72-94EB-94CE46C9B919}D:\vt\vertcoin-qt.exe] => (Allow) D:\vt\vertcoin-qt.exe () [File not signed]
FirewallRules: [{28487742-AC35-4F21-B90D-F04A22F95852}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{8C1FD764-538B-4457-B10B-7EF6B43296C6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{FB989C16-1EC5-4EBD-BD12-9DADCF0E75DC}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Chaos Software Ltd. -> )
FirewallRules: [{5913C0E9-09DB-4472-BEF3-8621608A002D}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Chaos Software Ltd. -> )
FirewallRules: [{5E7E9103-4617-4731-A0D5-8B60582EC073}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C97855B7-6696-4B4C-BA75-80A83373F55A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B471C164-A1BE-484C-A6B3-662A2075A67E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{45C5A7F8-6FBA-4FFB-BD7D-16DDB7083B30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5320CA30-CF13-40BD-A21D-E38265A2DFE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{729A1554-58AA-4319-9E9B-6039B0402D33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9051116C-37A0-4F0B-8BB0-876269EB1428}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C7D1A446-3484-4478-B1B5-1571E859746A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9C542A52-967C-4088-B771-7E64DB12A9AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFCB9D82-6B93-4B9E-A850-FCD058904DC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE0FC963-47EF-4842-98F3-6253C7678679}] => (Allow) D:\Games\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{646D62A7-C467-4B7F-99F9-83EC5F6F384F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [TCP Query User{47F806DE-419F-46C1-9E55-3DF552DEFFBF}F:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) F:\steamlibrary\steamapps\common\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{850D8C67-3944-46E5-9730-CE7BB9FAC701}F:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) F:\steamlibrary\steamapps\common\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{53CE5773-85F0-414D-B564-998CA2CF1CAB}D:\ue5\ue_5.0ea\engine\binaries\win64\unrealeditor.exe] => (Allow) D:\ue5\ue_5.0ea\engine\binaries\win64\unrealeditor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A64AA4BE-5911-4633-8FAB-3A34C9CFC337}D:\ue5\ue_5.0ea\engine\binaries\win64\unrealeditor.exe] => (Allow) D:\ue5\ue_5.0ea\engine\binaries\win64\unrealeditor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{ACEED315-840C-474C-B03F-98B6BBB96F0F}D:\games\steamlibrary\steamapps\common\need for speed(tm) most wanted\nfs13.exe] => (Allow) D:\games\steamlibrary\steamapps\common\need for speed(tm) most wanted\nfs13.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [UDP Query User{0E4070D5-AF82-4609-8B89-F86095A0384E}D:\games\steamlibrary\steamapps\common\need for speed(tm) most wanted\nfs13.exe] => (Allow) D:\games\steamlibrary\steamapps\common\need for speed(tm) most wanted\nfs13.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [TCP Query User{09740BAC-26A4-46C3-8772-85E320D8EE7E}D:\games\totalwarsagatroy\troy.exe] => (Allow) D:\games\totalwarsagatroy\troy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{E921A815-5E6C-4685-8B9F-CC29E1B7921F}D:\games\totalwarsagatroy\troy.exe] => (Allow) D:\games\totalwarsagatroy\troy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{8FA4FB44-1620-4ADB-8391-B7AB01602E7B}D:\games\ue_4.27\engine\binaries\win64\ue4editor.exe] => (Allow) D:\games\ue_4.27\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7E70EEAD-386E-4A93-AC38-6F27E430CB3D}D:\games\ue_4.27\engine\binaries\win64\ue4editor.exe] => (Allow) D:\games\ue_4.27\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{FF391AC3-CF91-4F64-BFE4-BA44BC1E9807}D:\games\ue_4.27\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\games\ue_4.27\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A32A4C6F-8D11-40E9-86D7-BC300ED9431F}D:\games\ue_4.27\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\games\ue_4.27\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{CA7E89A7-AFD3-4AEE-AF03-0C7A9F9543F2}F:\games\overcooked2\overcooked2.exe] => (Allow) F:\games\overcooked2\overcooked2.exe () [File not signed]
FirewallRules: [UDP Query User{D466EC42-6738-4CC3-BD30-13ED9C845E5B}F:\games\overcooked2\overcooked2.exe] => (Allow) F:\games\overcooked2\overcooked2.exe () [File not signed]
FirewallRules: [{2D365539-3FCC-48F3-9FA1-42D53BC94C05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C433994-BE77-4B49-BE41-E635993672FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0AD04DA3-BED3-4CD6-AE67-8DDCEF0CCB9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9D60B383-91E4-4F98-BA4A-3DDAB38A0AC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4DEFBFA0-65F6-43B4-AF2A-383CD00CE57F}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{37020FF4-4B48-48FF-B1A7-6D74051823E5}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{5F940E12-4F90-40B5-9637-542F75C58737}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{FD5492D7-1180-4892-9F5D-62487A10F612}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8117FAC0-5174-431F-989D-7BE0DA025CD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5ADBB502-A973-45D6-85E9-D986D853E80A}] => (Allow) F:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{E9D10F3B-A68E-440A-A8C5-3FFF95D7BB5B}] => (Allow) F:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{1C05BACD-357A-480C-BEAE-8143528E03B1}] => (Allow) F:\SteamLibrary\steamapps\common\PavlovVR\Pavlov.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{639A5614-7911-43A3-B122-9098A60A9F51}] => (Allow) F:\SteamLibrary\steamapps\common\PavlovVR\Pavlov.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{D57CD577-698E-484E-968E-B1322CB81046}F:\steamlibrary\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe (Vankrupt Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{FA3B6022-F11D-48CC-BB17-9437254A5CCA}F:\steamlibrary\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe (Vankrupt Games, Inc.) [File not signed]
FirewallRules: [{0A002530-BC43-4569-BCAB-012D4E9FDD62}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{AEEBDABC-27EE-43CF-A974-A797B30A1265}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{15E4D78E-0012-467C-ADEC-42529CEE6109}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{E3574E33-75E0-43BD-A148-65DF8BD548B8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{627DA4D5-66AE-4D3C-AEE4-0BB2DFBB52B0}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{417BB700-8D3C-4808-9946-631D186E48BB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [TCP Query User{F50A8F32-95F8-4113-A740-78D29F347551}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{BB5AE993-E1E2-4A67-8C8D-571C165D2760}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{F1C7CBF7-1F99-4474-B0E3-09E798A2D9D2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{96770CC4-A801-4916-8F70-487D082619F0}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C194BFF-C5AA-49C2-8F05-86342B841237}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\93.0.961.11\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B2AE3A4-45D6-4B47-8991-D696E41FB158}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{912FECF9-3BB7-4DCE-A1F0-92F8BB4EF2B3}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{2A89490D-B925-4EFB-BF37-FC6D22A36350}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Green Hell\GH.exe () [File not signed]
FirewallRules: [{CA3EC0EB-D62D-4DB2-B5A7-1C04EF6115BB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Green Hell\GH.exe () [File not signed]
FirewallRules: [{06C8E03E-A537-486C-8836-6DC2BA147970}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2B661B72-569F-42D4-A21E-D6CAF1F1DDF9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{CECB05C4-2A71-43B7-84D0-BF92692BBCF8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{6AC7E2E0-5B59-445B-9AFB-269C9A5CAF7A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{13327BEE-2CA4-4BB1-BB35-7D3D0E5D0919}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
 
==================== Restore Points =========================

01-08-2021 05:51:10 Windows Modules Installer
06-08-2021 19:09:47 Patriot Viper DRAM RGB

==================== Faulty Device Manager Devices ============

Name: Saitek Bulk Interface
Description: Saitek Bulk Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Saitek Bulk Interface
Description: Saitek Bulk Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/05/2021 09:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Faulting module name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Exception code: 0xc0000005
Fault offset: 0x0000000000019884
Faulting process ID: 0x62a0
Faulting application start time: 0x01d789defa2331c2
Faulting application path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Faulting module path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Report ID: 0571df34-e23b-449e-b4df-347b9cc5753d
Faulting package full name:
Faulting package-relative application ID:

Error: (08/05/2021 07:46:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vrserver.exe, version: 1.18.7.0, time stamp: 0x60e616a3
Faulting module name: KERNELBASE.dll, version: 10.0.19041.662, time stamp: 0xec58f015
Exception code: 0xc0000409
Fault offset: 0x000000000010bd5c
Faulting process ID: 0x70b4
Faulting application start time: 0x01d789d895eb8f67
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win64\vrserver.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 34ebf916-08e6-42c6-bd25-2d313e9e5cc7
Faulting package full name:
Faulting package-relative application ID:

Error: (08/04/2021 10:21:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Faulting module name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Exception code: 0xc0000005
Fault offset: 0x0000000000019884
Faulting process ID: 0x57f4
Faulting application start time: 0x01d7892a7625699a
Faulting application path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Faulting module path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Report ID: 2901eca5-2bc2-4408-a047-6f0f5fe8aa18
Faulting package full name:
Faulting package-relative application ID:

Error: (08/04/2021 08:54:38 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/01/2021 06:05:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVDisplay.Container.exe, version: 1.33.2988.2648, time stamp: 0x6082bd2b
Faulting module name: NVDisplay.Container.exe, version: 1.33.2988.2648, time stamp: 0x6082bd2b
Exception code: 0xc0000409
Fault offset: 0x0000000000060d75
Faulting process ID: 0x8e4
Faulting application start time: 0x01d786abdebe0ded
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe
Report ID: 440d2b2d-453a-45e5-af52-ac983a219247
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2021 04:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 12.2.11.0, time stamp: 0x610001ed
Faulting module name: KERNELBASE.dll, version: 10.0.19041.662, time stamp: 0xec58f015
Exception code: 0xc000041d
Fault offset: 0x000000000002d759
Faulting process ID: 0xf28
Faulting application start time: 0x01d7832745ff2e17
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 5c4a4e1f-2a57-4cfc-a85f-b23dcd13e974
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2021 04:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 12.2.11.0, time stamp: 0x610001ed
Faulting module name: KERNELBASE.dll, version: 10.0.19041.662, time stamp: 0xec58f015
Exception code: 0x00004000
Fault offset: 0x000000000002d759
Faulting process ID: 0xf28
Faulting application start time: 0x01d7832745ff2e17
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 8aecd765-2258-48d9-adf3-d514c696d4be
Faulting package full name:
Faulting package-relative application ID:

Error: (07/31/2021 07:09:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Faulting module name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Exception code: 0xc0000005
Fault offset: 0x0000000000019884
Faulting process ID: 0x6a94
Faulting application start time: 0x01d785d69d550e76
Faulting application path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Faulting module path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Report ID: bd67a378-f71d-4347-83c6-7d1271ca903d
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/06/2021 07:22:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 4 time(s).

Error: (08/06/2021 07:07:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 3 time(s).

Error: (08/06/2021 06:57:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 2 time(s).

Error: (08/06/2021 06:56:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/06/2021 06:50:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The OpenSSH SSH Server service terminated unexpectedly. It has done this 1 time(s).

Error: (08/06/2021 06:50:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AIMSR73)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (08/06/2021 06:50:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AIMSR73)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (08/06/2021 05:14:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 18 time(s).


Windows Defender:
================
Date: 2021-08-06 19:29:28
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win64/CoinMiner
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Waqar\AppData\Local\Programs\NiceHash Miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Waqar\Downloads\FRST64.exe
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0, NIS: 1.343.2244.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-06 19:28:45
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:BAT/AutoKms!MTB
Severity: High
Category: Tool
Path: file:_C:\Users\Waqar\Downloads\Office Activator.bat
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Waqar\Downloads\FRST64.exe
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0, NIS: 1.343.2244.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-05 18:03:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Keygen!MSR
Severity: High
Category: Tool
Path: file:_C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0, NIS: 1.343.2244.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-05 18:02:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0, NIS: 1.343.2244.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-05 18:02:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Keygen!MSR
Severity: High
Category: Tool
Path: file:_C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0, NIS: 1.343.2244.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-05 18:47:47
Description:
Microsoft Defender Antivirus has encountered an error trying to restore an item from quarantine.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Error Code: 0x80508014
Error description: The quarantined item cannot be restored.
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0
Engine Version: 1.1.18300.4

Date: 2021-08-05 18:03:04
Description:
Microsoft Defender Antivirus has encountered an error trying to restore an item from quarantine.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Error Code: 0x80508014
Error description: The quarantined item cannot be restored.
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0
Engine Version: 1.1.18300.4

Date: 2021-07-27 20:17:22
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

CodeIntegrity:
===============
Date: 2021-01-13 05:49:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{86535B88-4D20-4DC9-AC04-C063FDD35421}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-13 05:41:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{08EC53CD-85F1-4311-8D29-5E90064EC3EE}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-12 15:18:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{7080A2DA-DEC2-4D1A-AD49-A2E5E0400D3F}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-12 05:37:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{95575613-3FB0-421D-B1D9-C8E7A81B93EB}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-12 00:35:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{044AB73C-4437-459D-BFDC-38A87D5A6AD7}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-11 18:36:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{E49B6127-7FC5-4F22-B9F7-F2EB7C6249D3}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-11 17:41:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{40CCD1F2-6A5A-4CBF-9238-3D6F87D076DD}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-10 18:16:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD67A752-4B6B-431D-BAFF-77AA2D9251A2}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-10 16:21:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A7C85A1-4558-4C05-A4C0-E60908CFF3CE}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-06 08:43:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2020-12-06 08:43:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 4002 06/15/2021
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX X570-E GAMING
Processor: AMD Ryzen 9 5950X 16-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 32678.49 MB
Available physical RAM: 26020.73 MB
Total Virtual: 37542.49 MB
Available Virtual: 28305.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224 GB) (Free:33.88 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1863.02 GB) (Free:336.76 GB) NTFS
Drive f: () (Fixed) (Total:706.9 GB) (Free:285.35 GB) NTFS

\\?\Volume{7171d437-ac00-4f87-920f-bbba51861cbd}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{9edf256d-2173-9bd6-5e4b-a6f2756c24f3}\ () (Fixed) (Total:1.64 GB) (Free:0 GB) NTFS
\\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{d846055c-bca3-484c-a95c-562489f24694}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3D16C317)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 05957B2A)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

==================== End of Addition.txt =======================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
RogueKiller Anti-Malware V15.0.9.0 (x64) [Aug 5 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
Started in : Normal mode
User : Waqar [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210805_090601, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/08/07 21:17:34 (Duration : 00:05:07)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Adw.Gen (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|Wondershare Helper Compact.exe -- [%ProgramFiles%\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe] -> Deleted
[Adw.Gen (Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|Wondershare Helper Compact.exe -- [%programfiles(x86)%\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe] -> Deleted
[Miner.Gen (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B0390ECC-E734-4F0D-A6DE-D9B42C3D29C4}C:\users\waqar\appdata\local\programs\nicehash miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe -- [%localappdata%\programs\nicehash miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe] -> Deleted
[Miner.Gen (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{DB517D8F-AD21-4A07-A4DF-573195C0FB7A}C:\users\waqar\appdata\local\programs\nicehash miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe -- [%localappdata%\programs\nicehash miner\miner_plugins\e7a58030-94eb-11ea-a64d-17be303ea466\bins\15.0\miner.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{DF68FEAB-FB67-462D-A64B-FCD936752B59}C:\users\waqar\appdata\local\temp\rar$exa26424.30129\vertcoin-qt.exe -- [%localappdata%\temp\rar$exa26424.30129\vertcoin-qt.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EC94371C-F085-4135-9F28-61A900F42430}C:\users\waqar\appdata\local\temp\rar$exa26424.30129\vertcoin-qt.exe -- [%localappdata%\temp\rar$exa26424.30129\vertcoin-qt.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{F89355C5-5B44-4803-B86C-FF3CD62C5DFF}C:\users\waqar\appdata\local\temp\rar$exa7040.2056\vertcoin-qt.exe -- [%localappdata%\temp\rar$exa7040.2056\vertcoin-qt.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E894B377-75E3-42B3-A790-55C311A4302D}C:\users\waqar\appdata\local\temp\rar$exa7040.2056\vertcoin-qt.exe -- [%localappdata%\temp\rar$exa7040.2056\vertcoin-qt.exe] -> Deleted
[Miner.Gen (Malicious)] NiceHash Miner -- %localappdata%\Programs\NiceHash Miner -> Deleted
[Adw.Gen (Malicious)] Wondershare Helper Compact -- %programfiles(x86)%\Common Files\Wondershare\Wondershare Helper Compact -> Deleted
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 07/08/2021
Scan Time: 21:19
Log File: 50e0df70-f771-11eb-bfea-244bfe5e9600.json

-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.43944
Licence: Trial

-System Information-
OS: Windows 10 (Build 19042.746)
CPU: x64
File System: NTFS
User: DESKTOP-AIMSR73\Waqar

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 425193
Threats Detected: 43
Threats Quarantined: 43
Time Elapsed: 3 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 6
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454721, , , , , ,
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454680, , , , , ,
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454688, , , , , ,
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454721, , , , , ,
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454721, , , , , ,
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454721, , , , , ,

File: 37
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\27AEE0E43C7B9C8E.VIR, Quarantined, 919, 915344, 1.0.43944, , ame, , 6D429203C00C037F88592E7D4E87AB5B, E349C86716906AE18733F0E66C6CA81990E309507A1290B2C033AB4E99A5E450
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\49B516B39204EC26.VIR, Quarantined, 919, 934043, 1.0.43944, , ame, , 70B4045D7195BE71A9157B00284D77EB, 0DD1254201F08A05D491D8748CA497D613DBF80DA4BC67A3CD94758A31074681
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\8740A76E126CF934.VIR, Quarantined, 919, 915344, 1.0.43944, , ame, , 76C763B7ECBF8B8EA696BDC993EEA331, DF4733D043172945E03BB51DCD710681ADE82329F09DE1FBF38723252E19C886
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\9C55C21FC68A4862.VIR, Quarantined, 919, 943917, 1.0.43944, , ame, , 508EC4EF1B91D689AF0305ED3B5CE13A, 13BFD213444FC603590AB61C9DA91EEA7F2740E4CA315F57FEDBE7E2EE171FD9
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BC1E33798B5ACD00.VIR, Quarantined, 919, 943917, 1.0.43944, , ame, , 686FC66B9093EE850162E5BF5C66A082, 281C7AE6D9CDC8FEC3CD631C2D83D11CAE6BBE82F0B290F8287C58E479D73468
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BF4F38E4198027CF.VIR, Quarantined, 919, 934039, 1.0.43944, 39D2F4E686FD6AB0136BCA97, dds, 01367164, 42B5C233174FF676E4BC58B85774EB82, 108DEA26FC0A8C5220E19920FD3F2ED272D264CE47C61AF2DA19EC45A115DEE4
Malware.AI.2266457522, C:\USERS\WAQAR\APPDATA\ROAMING\VERTCOIN-OCM\MINERS\9BE5D3855C45AF1077EE2E8BCC5CB688C55688DCFDE5327E70F7554098ECD35D, Quarantined, 1000000, 0, 1.0.43944, 5BD516F5F33C2CE0871765B2, dds, 01367164, AC9102436AFF02DE0C983B98C4EA5D57, 9BE5D3855C45AF1077EE2E8BCC5CB688C55688DCFDE5327E70F7554098ECD35D
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\C07A9CB3ABF9A160.VIR, Quarantined, 919, 964006, 1.0.43944, , ame, , 38F0041A4B951C7EDBC35E916D2374B1, D82CCC15CBF868A1735EFEF207F134219985C5627F34B7FE2B5D3BD7512292BF
Malware.AI.3959894790, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\C27D443BE4F0A336.VIR, Quarantined, 1000000, 0, 1.0.43944, 872D3AAF9C2E2E52EC073306, dds, 01367164, 1FE86FAA7B506B169045C95C4D94F844, 7BB3594585506A337D762F296ED415AAC4C9CE43BDB52A25BFB83199FBF98892
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\C415CA635C5141BA.VIR, Quarantined, 919, 934044, 1.0.43944, , ame, , 95DBE858751671BAD3B66C2F8469C60D, 809929A214A5ACD40AA272F9A258E67221989D48AE30C97487C325406C9EBFA2
Malware.AI.2266457522, C:\USERS\WAQAR\APPDATA\ROAMING\VERTCOIN-OCM\MINERS\UNPACKED-9BE5D3855C45AF1077EE2E8BCC5CB688C55688DCFDE5327E70F7554098ECD35D\VERTHASHMINER-0.7.0-CUDA11-WINDOWS\VERTHASHMINER.EXE, Quarantined, 1000000, 0, 1.0.43944, 5BD516F5F33C2CE0871765B2, dds, 01367164, 9758C566D75EDD90F6F2F420FF7FF3E0, A812522F65DEE95E8F412F240C16B06B33B2A35F8CAEFD202D041E1B563D13BD
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\1A3F302EF6C7879D.VIR, Quarantined, 919, 877371, 1.0.43944, 00315C48BFE131A5D0C77506, dds, 01367164, 52BAEA69AB171186EA88B8D4F5025C29, 7BFB2C036B54DE51F7C68AF321CF28F77396AF863FCE63B13216F3B1729599AF
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\305AEC75CCE474AA.VIR, Quarantined, 919, 936329, 1.0.43944, , ame, , F8C0C84DD1628773C81F8C63ACDCAFD9, 49F27CEA429AF9ED1457489064DBB5E521ECF90B3257A220A12F234066994AAD
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\47406676B0F1D0FE.VIR, Quarantined, 919, 936329, 1.0.43944, 1A733472A8E6788CD946C68B, dds, 01367164, 4951165F4EFCFEED692F032D30000E7C, 39696C15C30665195EC189A3E6DB7B6413638E31E264ACC2573BBA9709888342
Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\52225DDA450F7C06.VIR, Quarantined, 0, 392686, 1.0.43944, , shuriken, , 243F5A7F179B900A4900325EE4AE3BA0, 8872318EBAF90D1EC75964ABBF994245FC24AB000FEF61B3E970C59A271B34AD
Trojan.WindowsDefenderExclusion, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\5F41DBBBC5997643.VIR, Quarantined, 17218, 944073, 1.0.43944, , ame, , 8DBFC278561DB475566A3BC628435B47, 42E76FFC373E28736239E96A1DE45E5368E5E36CE4E9BE04A008B242D629748E
Bitcoin.Trojan.Miner.DDS, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\638ED0AF4E2B19AF.VIR, Quarantined, 1000002, 0, 1.0.43944, 09F7FF56446F2CA37BC5A64B, dds, 01367164, BBD844DEC81C60C5D4CC7DD856DC8475, 816C684A48E1C905593CE03B268F6FCBE0038AE8626411072B8FCB65F051636A
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\79971E90142A74A1.VIR, Quarantined, 919, 936327, 1.0.43944, , ame, , D8B1DE51642D8F140D24E8E66893498F, FF3091F9B4FF068C16CD05707EC7120C3DE2FA84B8130037EA3D13477B24B59D
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\7C22DECF020A0021.VIR, Quarantined, 919, 936329, 1.0.43944, , ame, , 580207ABECC230481ACBFE53AA1B53B7, A1F72972D64E1B65EC8B0B8091A8AC55CDA7532DB927DCC20803F64B7891D035
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\C4C5978E96272605.VIR, Quarantined, 919, 934043, 1.0.43944, , ame, , 54C676BB92EE7EA71F8E0DDBE6B3929A, 853D7AEB1DEB980CDF159D009358C2962F632351B25E755FEDBA578B48AC280D
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\CA1247B0CB2AED32.VIR, Quarantined, 919, 934039, 1.0.43944, 39D2F4E686FD6AB0136BCA97, dds, 01367164, FAA2260EDC7A6FD148405D46526C3766, 903715B3B553BE707FD944B56117605AD3D873B6789DCA09763D53CFD94AC775
RiskWare.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\D72DD84371888B17.VIR, Quarantined, 919, 965337, 1.0.43944, , ame, , 3C7D55545A2D2BC7B152211F9BE6BF6A, 378DCA9D8D9871BC8B74350527BCFD05DE736B1CD9F80CDA1132991D5E9DDC87
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 297, 454721, , , , , D22818DB813935631CE168B32DE5F813, 15BDD0049EEE33017B0D18C1D4175B554AB0969CE1E964E73703B4C5715A8438
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\003586.ldb, Quarantined, 297, 454721, , , , , 0E2E98199B18620154108135C7793524, 99AB30F7DE86E8D270B7211C20757669A2BF6FF2F9780844E13CB66BC36A3393
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\003587.log, Quarantined, 297, 454721, , , , , 7C66F24DD6ACD5B92F2B862A78C06602, 1D15F53B840350BDE7A849D7275E40D1AA1F1A91FE517F37A4E1B92C02B27775
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\003588.ldb, Quarantined, 297, 454721, , , , , 8AE8F8CEFF0DB0456F1AFD5149CF752E, 82C29D16B7A17C209982A0CDF9B078523FF722357993D9EF4A7F2492804BCF6A
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 297, 454721, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 297, 454721, , , , , ,
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 297, 454721, , , , , 68180FB988E0BAF67990DE1950041097, 05A9A1735F2259D483655581B051C805A449DAF61CDE98252439E6BE0B374D02
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 297, 454721, , , , , CAC46F8313BCDEC06910C40CCB5C87D3, A7F55CE767E2BCCF5E77B3FC1A5C39774F52C3216CB77B62C7F37177277E9BB8
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 297, 454721, , , , , 6A13298833C5C8383C8DBA986B871EC4, DAFE50C3FEEC5928B43F6DB27F9C7E78A47D4776C9715DF1205427B0CEDF9810
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 297, 454721, 1.0.43944, , ame, , 2B5B3C13D3EE68F7DA4E2B4A0BD586D6, FCF70A5E7934409F8A2250B4AEFCBCD9BEA330C267D9995FC8BC97331BE5F33B
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 297, 454680, 1.0.43944, , ame, , 81B8B06ADE8D70A272C63D962EAA9D76, E6B9D4F0922946BC72479192297DD97B2736FB68106F99DFA0847EAB7DCAE20F
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 297, 454688, 1.0.43944, , ame, , 2DFEF465A9A01287F088C42E93068719, 046A20AF227CC8856CA4C24366BBCD94BAC14129D61C8141B40BCA65816EB27F
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 297, 454721, 1.0.43944, , ame, , 2DFEF465A9A01287F088C42E93068719, 046A20AF227CC8856CA4C24366BBCD94BAC14129D61C8141B40BCA65816EB27F
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 297, 454721, 1.0.43944, , ame, , 81B8B06ADE8D70A272C63D962EAA9D76, E6B9D4F0922946BC72479192297DD97B2736FB68106F99DFA0847EAB7DCAE20F
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 297, 454721, 1.0.43944, , ame, , 2DFEF465A9A01287F088C42E93068719, 046A20AF227CC8856CA4C24366BBCD94BAC14129D61C8141B40BCA65816EB27F

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-08-05.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-07-2021
# Duration: 00:00:01
# OS: Windows 10 Education
# Cleaned: 7
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted animeshow.tv
Deleted au.banggood.com
Deleted azlyrics.com
Deleted http://www.oursurfing.com/?type=hp&...id=WDCXWD3200AAJS-00L7A0_WD-WMAV2211074210742
Deleted http://www.oursurfing.com/?type=hp&...id=WDCXWD3200AAJS-00L7A0_WD-WMAV2211074210742
Deleted http://www.oursurfing.com/?type=hpp...id=WDCXWD3200AAJS-00L7A0_WD-WMAV2211074210742
Deleted oursurfing
Not Deleted oursurfing

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2156 octets] - [07/08/2021 21:27:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
I reran malware bytes and found more threats

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 07/08/2021
Scan Time: 21:44
Log File: ce427980-f774-11eb-bc52-244bfe5e9600.json

-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.43944
Licence: Trial

-System Information-
OS: Windows 10 (Build 19042.746)
CPU: x64
File System: NTFS
User: DESKTOP-AIMSR73\Waqar

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 425172
Threats Detected: 14
Threats Quarantined: 14
Time Elapsed: 0 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454680, , , , , ,
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 297, 454721, , , , , ,

File: 12
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 297, 454721, 1.0.43944, , ame, , 2DA557C218560553ACBB6AA11ABC176D, 6A4B76998F073FD0E6EDE6237DEC8A3E56215566ED8361BDA6832950AC2E8272
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 297, 454688, 1.0.43944, , ame, , 2DA557C218560553ACBB6AA11ABC176D, 6A4B76998F073FD0E6EDE6237DEC8A3E56215566ED8361BDA6832950AC2E8272
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log, Quarantined, 297, 454680, , , , , 13354FC7793B87930A84B2B89367931B, B9813D53E74AA567184A9522F95FE85B1AB73806A8D7B18729BDA3039F7E61FA
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 297, 454680, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 297, 454680, , , , , ,
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 297, 454680, , , , , B4C380050C85AF1FF1C41CA4F2D0EBA3, BF1A6D83A42FEFC19333E07F16F7DC57E3774736BB2EE4ECBDD84FDAB0529736
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 297, 454680, , , , , 8F8889A3161C2BE758FF282FD6E41B6F, CCDF745054F80028AFE74124BFF6754D041E76E8DABFF1385213BB79A664E31E
Adware.Elex.ShrtCln, C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 297, 454680, , , , , 5AF87DFD673BA2115E2FCF5CFDB727AB, F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 297, 454680, , , , , 44D67950ACFD161BBDB053FEF1A5F678, F1BC56AD0AD1082F2EDB838FD2E3E3EDB0C87EC78B06B6FFFC48EE5809CD65A5
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 297, 454680, 1.0.43944, , ame, , C135C972AE08422F3974B3B51286C49D, CE6DE039235478F496B87276A9EBDE867DFAB550F8EEF971557211C4C6D4AA59
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 297, 454721, 1.0.43944, , ame, , C135C972AE08422F3974B3B51286C49D, CE6DE039235478F496B87276A9EBDE867DFAB550F8EEF971557211C4C6D4AA59
Adware.Elex.ShrtCln, C:\USERS\WAQAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 297, 454721, 1.0.43944, , ame, , 2DA557C218560553ACBB6AA11ABC176D, 6A4B76998F073FD0E6EDE6237DEC8A3E56215566ED8361BDA6832950AC2E8272

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2021
Ran by Waqar (administrator) on DESKTOP-AIMSR73 (08-08-2021 10:21:27)
Running from C:\Users\Waqar\Downloads
Loaded Profiles: Waqar
Platform: Windows 10 Education Version 20H2 19042.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(ASUSTeK Computer Inc. -> ASUSTek Compputer Inc.) C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicSvc64.exe <2>
(A-Volute -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe <2>
(A-Volute SAS -> A-Volute) C:\Users\Waqar\AppData\Local\NhNotifSys\sonicstudio\asusns.exe
(Chaos Software Ltd. -> ) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
(DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(EVGA Corp. -> EVGA Co., Ltd.) C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <23>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.28001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.28001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> ) C:\Windows\System32\OpenSSH\sshd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Spectrum.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WebManagement.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe <2>
(NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tobii AB -> ) C:\Program Files (x86)\Tobii\Tobii VRU02 Runtime\platform_runtime_VR4U2P2_service.exe
(TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe
(Travis Nickles -> DS4Windows) C:\Users\Waqar\Downloads\DS4Windows\DS4Windows.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <4>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [961824 2019-07-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [RamCache III ] => C:\Program Files (x86)\RamCache III\RamCache.exe [5416728 2020-11-24] (FNet Co., Ltd. -> FNet Co., Ltd)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\Waqar\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33264096 2021-08-04] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [Spotify] => C:\Users\Waqar\AppData\Roaming\Spotify\Spotify.exe [24276096 2021-08-04] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [Magnet.bootstrap_Vive] => "C:\Program Files (x86)\VIVE\PCClient\Vive.exe" --silent
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65096 2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [38824 2021-03-21] (PlotSoft LLC -> Windows (R) Codename Longhorn DDK provider)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\93.0.961.11\Installer\setup.exe [2021-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-05] (Google LLC -> Google LLC)
Startup: C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-06-12]
ShortcutTarget: DS4Windows.lnk -> C:\Users\Waqar\Downloads\DS4Windows\DS4Windows.exe (Travis Nickles -> DS4Windows)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0058C5EF-4FF3-4599-85AD-F61938E95C68} - System32\Tasks\NahimicTask64 => C:\Windows\system32\.\NahimicSvc64.exe [1066416 2020-11-04] (A-Volute -> Nahimic)
Task: {03816C2A-5847-4083-8AF4-38E8A473917D} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-11-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {05C9F490-0191-431F-8129-A064CD396BEB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {1386F695-B164-426E-A645-CB2AA6700042} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64936 2021-04-17] (Microsoft Corporation -> Microsoft)
Task: {19CD352D-8E71-420F-946D-2419EF644835} - System32\Tasks\EVGAPrecisionX => C:\Program Files\EVGA\Precision X1\PrecisionX_x64.exe [27703944 2021-06-02] (EVGA Corp. -> EVGA Co., Ltd.)
Task: {1B7B3DDC-5672-4EC4-929C-E292350D13DC} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {212DC347-DAAB-43D8-8A4F-11B22F4E4A9D} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [56784 2020-08-27] (ASUSTeK Computer Inc. -> )
Task: {25ADC58E-2FE5-4C4D-92F7-E598D67E2A86} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2A289D52-71F1-4840-9BCD-175E9A486088} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1469800 2020-10-30] (ASUSTeK Computer Inc. -> )
Task: {3119EBB3-2EDA-4AC1-A015-FC21D4B04B84} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3323136D-786D-4651-99EB-8924AC613429} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4386054B-210E-4044-8781-438B65C9B732} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4726EC48-3F5D-4442-B474-8431D3ABE786} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113992 2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BEC0D5A-FEA4-433F-B2EA-F96C5378B323} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {590768F0-628A-41AB-9ABD-532DB0391984} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113992 2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D62815A-083F-40ED-9E9C-2E3AFD472D22} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253376 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {72D9D692-9901-41C8-B5DB-8CE31E89CDC8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8DC4E236-9B97-4146-B630-EBFBE8C6F552} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282288 2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FF8AE46-0799-4654-8E4C-AC5167F4EB27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {923DB172-11B1-4339-8A0B-886CAE4112A9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A4E50EC-7DF0-47BE-885A-8FE525F81C16} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [822704 2020-11-04] (A-Volute -> Nahimic)
Task: {9D2D039F-D106-43A9-AB44-E82C7EFF99EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A33AD2D8-8C18-4D2A-BDDB-3ECA480B1478} - System32\Tasks\NahimicTask32 => C:\Windows\system32\..\SysWOW64\NahimicSvc32.exe [822704 2020-11-04] (A-Volute -> Nahimic)
Task: {A4D5C04B-68B7-4ECE-ACBD-4C2172AF2928} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4282288 2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6031097-AC1E-4FC6-9456-E11B96291C7B} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1899656 2020-11-25] (ASUSTeK Computer Inc. -> ASUS)
Task: {AC4CE1FE-75E3-4B4E-90E0-DB0224225BE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-15] (Google LLC -> Google LLC)
Task: {BC1C11FA-A811-4F5C-A04D-47420066D662} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253376 2021-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0608248-468D-4F9A-AA49-79B832433D4D} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1066416 2020-11-04] (A-Volute -> Nahimic)
Task: {C12B1701-2311-4893-B856-2C4825E07643} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2020-10-13] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {C203BD24-5587-418B-AE8F-C3FD022E0F2A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5922DF6-F130-4BAE-A374-7E6F9625EF85} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8D9EE3F-748F-4C4B-97FE-473D2ACAD1BD} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1238328 2021-01-21] (ASUSTeK Computer Inc. -> ASUS)
Task: {CC9CF38D-2720-4D05-BF3B-F6C16E61D705} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45540760 2021-01-13] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CCD3B5BF-E945-4428-8FBD-AE391FA7E634} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6bb3effa23db6 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-11-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {D42EB68C-88BC-4BE1-A02E-CC906393D9D0} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {D51289C2-0B1B-4984-B9FB-1AF48B9573EF} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2115632 2020-10-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {E5C4D18C-5648-4182-929E-A371D0F35FBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-15] (Google LLC -> Google LLC)
Task: {E7A52DFE-F600-4068-8401-77BCC82148E3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EAC57C20-D5F1-4521-BEAF-85B7E5628444} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F2555AA5-BEB0-4036-84E0-5FC3EBFD4B89} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [1039360 2020-11-10] (TODO: <Company name>) [File not signed]
Task: {FCDD3B7E-A12C-4CD7-87A6-26030A7E6ADA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{61fd3046-d5fe-4358-ba97-92942e7dc4aa}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Waqar\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-06]
Edge Extension: (360 Viewer) - C:\Users\Waqar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmglcbnpblebkmcllnfcgamdelbbekge [2021-08-06]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-11-22] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default [2021-08-08]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-16]
CHR Extension: (Docs) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-16]
CHR Extension: (Google Drive) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-16]
CHR Extension: (YouTube) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-07-28]
CHR Extension: (TwoSeven Extension) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjdnfmjmdligcpfcekfmenlhiopehjkd [2021-08-07]
CHR Extension: (SlitherPlus - Zoom, Skin Creator, Mod, Bots) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbghpalffgmgocmnigfhalghmaemffo [2020-11-16]
CHR Extension: (WGT Golf Challenge) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2020-11-16]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2020-11-16]
CHR Extension: (Pixlr-o-matic) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2020-11-16]
CHR Extension: (Sheets) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-16]
CHR Extension: (Alloy) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljipcgeenffdcglannkpppedokbpgjl [2020-11-16]
CHR Extension: (Google Docs Offline) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-06-24]
CHR Extension: (TU-95 - Pilot the Plane!) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjohfoloehbkffdihkengbkjgalmabj [2020-11-16]
CHR Extension: (AllCast Receiver) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2020-11-16]
CHR Extension: (Color Piano!) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2020-11-16]
CHR Extension: (Pacman) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcecjlbneginpknnnfkfijdfhaedihll [2020-11-16]
CHR Extension: (Google Forms) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2020-11-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2021-06-03]
CHR Extension: (Little Alchemy) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2020-11-16]
CHR Extension: (Until AM Web App) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2020-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-16]
CHR Extension: (Chrome Media Router) - C:\Users\Waqar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-03-04] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [348280 2021-03-25] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe [456008 2021-06-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe [1360016 2020-10-12] (ASUSTeK Computer Inc. -> ) [File not signed]
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-11-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2021-02-17] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.07\AsusFanControlService.exe [2092872 2021-06-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-11-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [842128 2021-08-08] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8912272 2021-06-15] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9141648 2021-07-21] (Microsoft Corporation -> Microsoft Corporation)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [145128 2019-06-26] (DTS, Inc. -> DTS Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810928 2021-06-12] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14288 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3210232 2021-03-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-08-07] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\93.0.961.11\elevation_service.exe [1639824 2021-08-03] (Microsoft Corporation -> Microsoft Corporation)
R2 NahimicService; C:\Windows\system32\NahimicService.exe [2719664 2020-11-04] (A-Volute -> Nahimic)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13946200 2021-08-05] (ADLICE (ASCOET JULIEN) -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1848624 2021-07-30] (Rockstar Games, Inc. -> Rockstar Games)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5632232 2021-06-18] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12871464 2021-04-30] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 Tobii VRU02 Runtime; C:\Program Files (x86)\Tobii\Tobii VRU02 Runtime\platform_runtime_VR4U2P2_service.exe [4010344 2020-01-29] (Tobii AB -> )
R2 VRLService; C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe [20309016 2021-05-09] (Chaos Software Ltd. -> )
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [35136 2020-05-25] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43920 2021-02-17] (ASUSTeK Computer Inc. -> )
R3 AVoluteSS3Vad; C:\Windows\System32\drivers\AVoluteSS3Vad.sys [85080 2019-08-14] (A-Volute -> Windows (R) Win 7 DDK provider)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [75560 2020-12-26] (Broadcom Corporation -> Broadcom Corporation.)
S3 cpuz150; C:\Windows\temp\cpuz150\cpuz150_x64.sys [44832 2021-08-06] (CPUID S.A.R.L.U. -> CPUID)
R3 Driver; C:\Program Files\EVGA\Precision X1\driver-x64.sys [39856 2020-07-23] (EVGA Corp. -> )
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 FNETHYRAMAS; C:\Windows\System32\drivers\FNETHYRAMAS.SYS [56496 2020-11-24] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 GPUZ-v2; C:\Users\Waqar\AppData\Local\Temp\GPUZ-v2.sys [50216 2021-01-10] (TechPowerUp LLC -> ) <==== ATTENTION
S3 HWiNFO_152; C:\Users\Waqar\AppData\Local\Temp\HWiNFO64A_152.SYS [63208 2021-08-06] (Martin Malik - REALiX -> REALiX(tm)) <==== ATTENTION
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2021-02-26] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [35344 2020-11-03] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
S3 LSaiMini; C:\Windows\System32\drivers\LSaiMini.sys [30840 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 LSaiNtBus; C:\Windows\system32\drivers\LSaiBus.sys [70456 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-08-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-08-07] (Malwarebytes Inc -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-20] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 SaiK2221; C:\Windows\system32\DRIVERS\SaiK2221.sys [227128 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 SaiKa221; C:\Windows\system32\DRIVERS\SaiKa221.sys [227128 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 SaiU2221; C:\Windows\system32\DRIVERS\SaiU2221.sys [33512 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
S3 SaiUa221; C:\Windows\system32\DRIVERS\SaiUa221.sys [33512 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech)
R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2020-11-22] (ATI Technologies, Inc -> ATI Technologies Inc.)
R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-08 10:21 - 2021-08-08 10:21 - 000000000 ____D C:\Users\Waqar\Downloads\FRST-OlderVersion
2021-08-08 03:35 - 2021-08-08 03:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-08-08 03:11 - 2021-08-08 03:11 - 000021567 _____ C:\Users\Waqar\Downloads\The Suicide Squad (2021) [1080p] [WEBRip] [5.1] [YTS.MX] (1).torrent
2021-08-08 03:10 - 2021-08-08 03:10 - 027516526 _____ (The qBittorrent project) C:\Users\Waqar\Downloads\qbittorrent_4.3.7_x64_setup.exe
2021-08-08 02:31 - 2021-08-08 02:31 - 000021567 _____ C:\Users\Waqar\Downloads\The Suicide Squad (2021) [1080p] [WEBRip] [5.1] [YTS.MX].torrent
2021-08-07 21:48 - 2021-08-07 21:48 - 000004239 _____ C:\Users\Waqar\Desktop\Malwarebytes2.txt
2021-08-07 21:46 - 2021-08-08 03:38 - 000003112 _____ C:\Windows\system32\Tasks\NahimicTask32
2021-08-07 21:46 - 2021-08-08 03:38 - 000003092 _____ C:\Windows\system32\Tasks\NahimicTask64
2021-08-07 21:27 - 2021-08-07 21:28 - 000000000 ____D C:\AdwCleaner
2021-08-07 21:25 - 2021-08-07 21:25 - 000011041 _____ C:\Users\Waqar\Desktop\Malwarebytes.txt
2021-08-07 21:19 - 2021-08-08 03:05 - 000000000 ____D C:\Users\Waqar\AppData\LocalLow\IGDump
2021-08-07 21:18 - 2021-08-07 21:18 - 000006782 _____ C:\Users\Waqar\Desktop\RKreport.txt
2021-08-07 21:11 - 2021-08-08 03:38 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
2021-08-07 21:11 - 2021-08-07 21:16 - 000000000 ____D C:\ProgramData\RogueKiller
2021-08-07 21:11 - 2021-08-07 21:11 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-08-07 21:11 - 2021-08-07 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-08-07 21:11 - 2021-08-07 21:11 - 000000000 ____D C:\Program Files\RogueKiller
2021-08-07 21:09 - 2021-08-07 21:10 - 008553680 _____ (Malwarebytes) C:\Users\Waqar\Downloads\AdwCleaner.exe
2021-08-07 20:53 - 2021-08-07 20:53 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-08-07 20:53 - 2021-08-07 20:53 - 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-08-07 20:53 - 2021-08-07 20:53 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-08-07 20:53 - 2021-08-07 20:53 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-07 20:53 - 2021-08-07 20:53 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-08-07 20:53 - 2021-08-07 20:53 - 000000000 ____D C:\Users\Waqar\AppData\Local\mbam
2021-08-07 20:53 - 2021-08-07 20:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-07 20:52 - 2021-08-07 20:52 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-07 20:51 - 2021-08-07 21:09 - 041875792 _____ (Adlice Software ) C:\Users\Waqar\Downloads\RogueKiller_setup.exe
2021-08-07 20:51 - 2021-08-07 20:51 - 002120496 _____ (Malwarebytes) C:\Users\Waqar\Downloads\MBSetup-122165.122165-consumer.exe
2021-08-07 20:01 - 2021-08-07 20:19 - 000248421 _____ C:\Users\Waqar\Downloads\MOHAMMAD WAQAR - Individual Tax Return 2021.PDF
2021-08-07 20:01 - 2021-08-07 20:09 - 000169577 _____ C:\Users\Waqar\Downloads\QTR 3 2021.pdf
2021-08-07 20:01 - 2021-08-07 20:08 - 000162959 _____ C:\Users\Waqar\Downloads\QTR 4 2021.pdf
2021-08-07 20:01 - 2021-08-07 20:07 - 000161299 _____ C:\Users\Waqar\Downloads\QTR 2 2021.pdf
2021-08-07 20:01 - 2021-08-07 20:05 - 000507935 _____ C:\Users\Waqar\Downloads\P&L-2020-21.pdf
2021-08-06 22:00 - 2021-08-06 22:00 - 000000000 ____D C:\Users\Waqar\AppData\LocalLow\Creepy Jar
2021-08-06 21:05 - 2021-08-06 21:18 - 000008489 _____ C:\Users\Waqar\Downloads\OCCT.config.json
2021-08-06 21:01 - 2021-08-06 21:01 - 000000000 ____D C:\Users\Waqar\Downloads\New folder
2021-08-06 21:00 - 2021-08-06 21:00 - 019382512 _____ (OCCT - Ocbase - Adrien Mercier) C:\Users\Waqar\Downloads\OCCT.exe
2021-08-06 20:00 - 2021-08-06 20:00 - 000001252 _____ C:\Users\Waqar\Desktop\AIDA64 Extreme.lnk
2021-08-06 20:00 - 2021-08-06 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2021-08-06 20:00 - 2021-08-06 20:00 - 000000000 ____D C:\Program Files (x86)\FinalWire
2021-08-06 19:28 - 2021-08-08 10:21 - 000038276 _____ C:\Users\Waqar\Downloads\FRST.txt
2021-08-06 19:28 - 2021-08-08 10:21 - 000000000 ____D C:\FRST
2021-08-06 19:28 - 2021-08-06 19:29 - 000100717 _____ C:\Users\Waqar\Downloads\Addition.txt
2021-08-06 19:27 - 2021-08-08 10:21 - 002300416 _____ (Farbar) C:\Users\Waqar\Downloads\FRST64.exe
2021-08-06 19:17 - 2021-08-06 19:17 - 000000000 ____D C:\Users\Waqar\Downloads\AIDA64Portable_5.90.4200-Extreme
2021-08-05 18:07 - 2021-08-05 18:07 - 000011592 _____ C:\Users\Waqar\Downloads\WhatsApp Image 2019-12-06 at 8.40.21 AM.jpeg
2021-08-05 18:02 - 2021-08-05 18:08 - 000771925 _____ C:\Users\Waqar\Downloads\GST REGISTRATION FORM.pdf
2021-08-04 22:10 - 2021-08-04 22:10 - 000000222 _____ C:\Users\Waqar\Desktop\Green Hell.url
2021-08-04 19:51 - 2021-08-04 19:51 - 000000000 ____D C:\Users\Waqar\Downloads\ZenTimings_v1.2.5
2021-08-04 19:36 - 2021-08-04 19:36 - 000184409 _____ C:\Users\Waqar\Desktop\DESKTOP.html
2021-08-02 20:46 - 2021-08-02 20:46 - 000000000 ____D C:\Users\Waqar\Desktop\Zeeshan
2021-08-01 22:42 - 2021-08-01 22:42 - 000369374 _____ C:\Users\Waqar\Desktop\DESKTOP-AIMSR73.html
2021-08-01 15:37 - 2021-07-14 03:07 - 001858664 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-08-01 15:37 - 2021-07-14 03:07 - 001858664 _____ C:\Windows\system32\vulkaninfo.exe
2021-08-01 15:37 - 2021-07-14 03:07 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-08-01 15:37 - 2021-07-14 03:07 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-08-01 15:37 - 2021-07-14 03:07 - 001097856 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-08-01 15:37 - 2021-07-14 03:07 - 001097856 _____ C:\Windows\system32\vulkan-1.dll
2021-08-01 15:37 - 2021-07-14 03:07 - 000951936 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-08-01 15:37 - 2021-07-14 03:07 - 000951936 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-08-01 15:37 - 2021-07-14 03:06 - 001474704 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-08-01 15:37 - 2021-07-14 03:06 - 001212560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 001520776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000716912 _____ C:\Windows\system32\nvofapi64.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000676480 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000645232 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000577152 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-08-01 15:37 - 2021-07-14 03:02 - 000564352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 002112128 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 001595520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 001171072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 000919168 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 000750208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-08-01 15:37 - 2021-07-14 03:01 - 000706176 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-08-01 15:37 - 2021-07-14 03:00 - 008854144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 007920768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 005680760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 004987520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 002925696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-08-01 15:37 - 2021-07-14 03:00 - 000447104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-08-01 15:37 - 2021-07-14 02:59 - 000849008 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-08-01 15:37 - 2021-07-12 21:32 - 000083062 _____ C:\Windows\system32\nvinfo.pb
2021-08-01 05:50 - 2021-08-01 05:50 - 000000363 _____ C:\Users\Waqar\Desktop\Train Sim World 2.url
2021-07-31 16:12 - 2021-07-31 16:13 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Liveries Mega Pack Manager
2021-07-31 16:12 - 2021-07-31 16:12 - 097104384 _____ (David Wheatley) C:\Users\Waqar\Downloads\Liveries_Mega_Pack_Manager-0.4.5-setup.exe
2021-07-31 16:12 - 2021-07-31 16:12 - 000002663 _____ C:\Users\Waqar\Desktop\Liveries Mega Pack Manager.lnk
2021-07-31 16:12 - 2021-07-31 16:12 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\David Wheatley
2021-07-31 16:12 - 2021-07-31 16:12 - 000000000 ____D C:\Users\Waqar\AppData\Local\Liveries_Mega_Pack_Manager
2021-07-22 16:18 - 2021-07-22 16:19 - 006331220 _____ C:\Windows\Minidump\072221-13546-01.dmp
2021-07-12 17:45 - 2021-07-12 17:45 - 006196188 _____ C:\Windows\Minidump\071221-21093-01.dmp
2021-07-11 14:35 - 2021-07-11 14:35 - 000000000 ____D C:\Users\Waqar\AppData\Local\Pavlov
2021-07-10 21:18 - 2021-07-10 21:18 - 000000223 _____ C:\Users\Waqar\Desktop\Transport Fever 2.url
2021-07-10 21:18 - 2021-07-10 21:18 - 000000222 _____ C:\Users\Waqar\Desktop\Pavlov VR.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-08-08 10:20 - 2020-12-11 08:31 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\qBittorrent
2021-08-08 09:59 - 2021-04-15 03:25 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-08-08 09:45 - 2020-11-15 21:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-08 04:59 - 2020-09-27 17:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-08 04:59 - 2020-09-27 17:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-08-08 04:59 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-08 04:59 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\AppReadiness
2021-08-08 04:59 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-08 03:45 - 2020-11-15 21:03 - 000840838 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-08 03:45 - 2019-12-07 19:13 - 000000000 ____D C:\Windows\INF
2021-08-08 03:40 - 2021-05-15 20:35 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-08 03:38 - 2020-11-16 04:53 - 000880672 _____ C:\Windows\system32\wpbbin.exe
2021-08-08 03:38 - 2020-11-16 04:53 - 000842128 _____ C:\Windows\system32\AsusUpdateCheck.exe
2021-08-08 03:38 - 2020-11-15 21:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-08-08 03:38 - 2020-11-15 21:07 - 000000000 ____D C:\Program Files (x86)\Steam
2021-08-08 03:38 - 2020-10-10 06:51 - 000000000 ____D C:\ProgramData\ssh
2021-08-08 03:38 - 2020-09-27 17:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-08-08 03:38 - 2020-09-27 16:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-08 03:38 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\ServiceState
2021-08-08 03:37 - 2021-06-12 14:23 - 000000000 ____D C:\Users\Waqar\Downloads\DS4Windows
2021-08-08 03:37 - 2020-11-15 21:10 - 000000000 ____D C:\Users\Waqar\AppData\Local\Spotify
2021-08-08 03:37 - 2019-12-07 19:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-08-08 03:35 - 2020-11-15 21:07 - 000000000 ____D C:\Program Files\qBittorrent
2021-08-08 02:36 - 2020-11-15 21:10 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Spotify
2021-08-07 21:44 - 2020-11-18 03:28 - 000000000 ____D C:\Users\Waqar\AppData\Local\CrashDumps
2021-08-07 20:53 - 2019-12-07 19:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-08-07 16:42 - 2020-11-19 06:37 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Microsoft Flight Simulator
2021-08-07 14:58 - 2020-11-20 15:19 - 000000000 ____D C:\Users\Waqar\AppData\Local\FlightSimulator
2021-08-06 19:10 - 2020-11-15 21:03 - 000000000 ____D C:\ProgramData\Package Cache
2021-08-05 21:03 - 2021-03-11 17:12 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\SteamVR
2021-08-05 18:51 - 2021-05-21 18:58 - 000678912 _____ () C:\Users\Waqar\Downloads\ModAssistant.exe
2021-08-05 08:46 - 2020-11-15 21:07 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-05 08:46 - 2020-11-15 21:07 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-08-05 02:40 - 2020-11-15 21:07 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-05 02:40 - 2020-11-15 21:07 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-04 22:10 - 2020-11-16 15:59 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-08-04 16:22 - 2020-09-27 17:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-08-04 16:20 - 2021-01-30 19:57 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2021-08-02 14:53 - 2020-09-27 17:36 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-02 14:53 - 2020-09-27 17:36 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-01 22:21 - 2021-01-03 09:25 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\Origin
2021-08-01 22:21 - 2021-01-03 09:25 - 000000000 ____D C:\ProgramData\Origin
2021-08-01 21:35 - 2021-01-03 09:25 - 000000000 ____D C:\Users\Waqar\AppData\Local\Origin
2021-08-01 18:04 - 2020-11-15 20:59 - 000000000 ____D C:\Users\Waqar
2021-08-01 16:29 - 2020-11-16 16:17 - 000000000 ____D C:\Users\Waqar\AppData\Local\Ubisoft Game Launcher
2021-08-01 16:09 - 2020-11-16 15:10 - 000000000 ____D C:\Users\Waqar\AppData\Local\NVIDIA
2021-08-01 16:07 - 2021-05-15 20:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-08-01 05:51 - 2019-12-07 19:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-31 19:17 - 2020-12-25 14:59 - 000000000 ____D C:\Program Files\Rockstar Games
2021-07-31 19:17 - 2020-12-25 14:59 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-07-31 16:15 - 2021-04-27 05:29 - 000000000 ____D C:\Users\Waqar\AppData\Roaming\FlyByWire Installer
2021-07-31 16:12 - 2021-04-27 05:29 - 000000000 ____D C:\Users\Waqar\AppData\Local\SquirrelTemp
2021-07-31 15:37 - 2020-09-27 16:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-31 11:48 - 2020-11-16 04:53 - 000000000 ____D C:\ProgramData\ASUS
2021-07-31 07:23 - 2021-02-22 21:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-07-30 10:42 - 2020-11-15 23:00 - 000000000 ____D C:\Users\Waqar\AppData\Local\PlaceholderTileLogoFolder
2021-07-29 06:26 - 2021-04-15 03:26 - 000003522 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2021-07-29 03:17 - 2021-01-03 09:26 - 000000000 ____D C:\Program Files (x86)\Origin
2021-07-28 06:09 - 2020-11-16 15:53 - 000000000 ____D C:\Users\Waqar\Documents\My Games
2021-07-27 06:07 - 2020-11-15 21:01 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2327868397-2116308143-3992419034-1001
2021-07-27 06:07 - 2020-11-15 21:01 - 000000000 ___RD C:\Users\Waqar\OneDrive
2021-07-27 06:07 - 2020-11-15 20:59 - 000002383 _____ C:\Users\Waqar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-24 00:43 - 2019-12-07 19:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-22 16:19 - 2020-12-02 21:28 - 000000000 ____D C:\Windows\Minidump
2021-07-22 16:18 - 2020-12-02 21:28 - 2600552530 _____ C:\Windows\MEMORY.DMP
2021-07-16 09:12 - 2020-11-15 23:06 - 000000000 ____D C:\Windows\system32\MRT
2021-07-16 09:10 - 2020-11-15 23:06 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-14 02:57 - 2021-05-15 20:34 - 007280312 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-07-14 02:57 - 2021-05-15 20:34 - 006215792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-07-11 17:01 - 2021-01-09 10:47 - 000000000 ____D C:\Users\Waqar\Documents\Assetto Corsa
2021-07-10 17:29 - 2021-06-09 18:29 - 000000000 ____D C:\Users\Waqar\Desktop\IPhone Cover

==================== Files in the root of some directories ========

2021-04-12 22:00 - 2021-04-13 21:19 - 000000205 _____ () C:\Users\Waqar\AppData\Local\oobelibMkey.log
2021-06-10 18:57 - 2021-06-10 18:57 - 000004132 _____ () C:\Users\Waqar\AppData\Local\recently-used.xbel
2020-12-26 16:27 - 2020-12-26 16:27 - 000012288 _____ () C:\Users\Waqar\AppData\Local\vita_uranus.data

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\system32\APHostClient.dll [2021-01-13] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2021
Ran by Waqar (08-08-2021 10:22:06)
Running from C:\Users\Waqar\Downloads
Windows 10 Education Version 20H2 19042.746 (X64) (2020-11-15 18:55:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2327868397-2116308143-3992419034-500 - Administrator - Disabled)
alber (S-1-5-21-2327868397-2116308143-3992419034-1003 - Limited - Disabled)
DefaultAccount (S-1-5-21-2327868397-2116308143-3992419034-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-2327868397-2116308143-3992419034-1008 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-2327868397-2116308143-3992419034-501 - Limited - Disabled)
imsay (S-1-5-21-2327868397-2116308143-3992419034-1005 - Limited - Disabled)
rifkh (S-1-5-21-2327868397-2116308143-3992419034-1002 - Limited - Disabled)
sayed (S-1-5-21-2327868397-2116308143-3992419034-1004 - Limited - Disabled)
sshd (S-1-5-21-2327868397-2116308143-3992419034-1006 - Limited - Enabled)
Waqar (S-1-5-21-2327868397-2116308143-3992419034-1001 - Administrator - Enabled) => C:\Users\Waqar
WDAGUtilityAccount (S-1-5-21-2327868397-2116308143-3992419034-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.69 - ASUSTeK Computer Inc.)
AIDA64 Extreme v6.33 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.33 - FinalWire Ltd.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.09.28.509 - Advanced Micro Devices, Inc.)
AMD Product Verification Tool version 1.0.6.0 (HKLM\...\{4242685A-EF3E-45FF-B4AE-758E49020936}}_is1) (Version: 1.0.6.0 - AMD)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.6.0.1702 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.22 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{ad7f5f31-0d6f-40f2-83b1-5556e0d0f9b1}) (Version: 2.09.28.509 - Advanced Micro Devices, Inc.) Hidden
Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 4.0.12 - ASUS)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{a2a7dca1-0f67-4a82-bc2c-11911fa92dcc}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{33e3ea9c-baed-4e8a-8dbb-4792a27c9066}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.05 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{2357cd84-6c2b-4174-87c7-4f9f9db8746b}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{659ff51d-6e35-42de-83ec-aa394eabe9eb}) (Version: 2.0.2.2 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.2.2 - ASUSTek COMPUTER INC.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.05.09 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.53 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.06 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{684f7887-cc5b-469a-81e9-36d38142cc46}) (Version: 1.1.06 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.15 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.15 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.35 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{35381ead-8a19-4bff-a272-dcdfe38a5867}) (Version: 3.04.35 - ASUSTeK Computer Inc.)
Autodesk 3ds Max 2021 (HKLM\...\{35156605-CE91-4AF6-8207-56211CB30369}) (Version: 23.0.0.915 - Autodesk, Inc.)
Autodesk 3ds Max 2021 (HKLM\...\{91A3588B-1DB9-428B-A176-A53115C6199F}) (Version: 23.0.0.915 - Autodesk) Hidden
Autodesk Advanced Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{C9FDA270-A0B9-45EE-8748-F37DF1370767}) (Version: 19.1.23.0 - Autodesk)
Autodesk Advanced Material Library Low Resolution Image Library 2021 (HKLM-x32\...\{AB7DC10F-1D72-4F90-988F-CDC2D6323A48}) (Version: 19.1.23.0 - Autodesk)
Autodesk Advanced Material Library Medium Resolution Image Library 2021 (HKLM-x32\...\{B4545986-9002-4090-9E58-44F985F2FF4F}) (Version: 19.1.23.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.1.0.68 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Material Library 2021 (HKLM-x32\...\{8C559572-4A10-43C2-9346-6E7C7E012487}) (Version: 19.1.23.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{EFC36459-CD89-44F3-BA04-B7C5804199AF}) (Version: 19.1.23.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2021 (HKLM-x32\...\{69D8FFED-B14E-4998-BBC2-535006E195D6}) (Version: 19.1.23.0 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk) Hidden
blender (HKLM\...\{19D336E9-23B8-46C9-AA71-BC4CDC4B151B}) (Version: 2.93.0 - Blender Foundation)
Blender (HKLM\...\{A0C803A1-310C-4EFF-B881-CA10CF7CD6A7}) (Version: 2.90.1 - Blender Foundation)
Chaos Cloud Client (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Chaos Cloud Client) (Version: 1.6.5 - Chaos Software Ltd)
Chaos License Server (HKLM\...\Chaos License Server) (Version: 5.5.0 - Chaos Software Ltd)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
CPUID ROG CPU-Z 1.88 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.88 - CPUID, Inc.)
DCS World (HKLM-x32\...\DCS World_is1) (Version: - )
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
EVGA Precision X1 (HKLM\...\EVGA Precision X1) (Version: 1.2.1.0 - EVGA Corporation)
FlyByWire Installer (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\fbw_installer) (Version: 1.2.0 - FlyByWire Simulations)
FS2Crew: Pushback Express (HKLM-x32\...\FS2Crew: Pushback Express) (Version: - )
FSUIPC7 v7.2.0a (HKLM-x32\...\FSUIPC7) (Version: v7.2.0a - John L. Dowson)
Geeks3D FurMark 1.25.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.25.0.0 - Geeks3D)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
Google Chrome (HKLM\...\{33529102-FFB0-3918-BE3B-AC35F0500AC5}) (Version: 92.0.4515.131 - Google LLC)
HWiNFO64 Version 6.34 (HKLM\...\HWiNFO64_is1) (Version: 6.34 - Martin Malik - REALiX)
icecap_collection_neutral (HKLM-x32\...\{CCAFAE33-E5CD-4828-962D-B2C08326EC67}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{D74AF03C-D072-4551-9D8E-4312E22685FB}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{364E3A1B-9A41-44D6-9B81-0BF02C6FD2F0}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{144536DB-036C-465C-86F3-53ADFD9C72A2}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LED Sync (HKLM-x32\...\{417D2425-8783-46D4-97DF-EEF7CD17D656}) (Version: 1.1.1 - EVGA)
Liveries Mega Pack Manager (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Liveries_Mega_Pack_Manager) (Version: 0.4.5 - David Wheatley)
Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)
Microsoft .NET Framework 4.8 SDK (HKLM-x32\...\{DA855582-B360-4532-B8C4-ECD1E5A7095B}) (Version: 4.8.04084 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{7D846F37-3C30-47C5-BCEA-2929EE09BE9A}) (Version: 4.8.04084 - Microsoft Corporation)
Microsoft .NET SDK 5.0.202 (x64) from Visual Studio (HKLM\...\{52814288-C780-4AD7-BDD4-F3A239988F82}) (Version: 5.2.221.20118 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.67 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14228.20204 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.9.3365.38425 - Microsoft Corporation)
MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
NiceHash Miner 3.0.5.4 (only current user) (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\8abad8e2-b957-48ed-92ba-4339c2a40e78) (Version: 3.0.5.4 - H-BIT, d.o.o.)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
PDFill FREE PDF Editor Basic (HKLM\...\{26037138-C111-4BC5-88E8-DD2B2F2460C7}) (Version: 15.0 - PlotSoft LLC)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PJP's JoyIDs (HKLM-x32\...\JoyIDs) (Version: - )
qBittorrent 4.3.7 (HKLM-x32\...\qBittorrent) (Version: 4.3.7 - The qBittorrent project)
RamCache III (HKLM-x32\...\RamCache III) (Version: 1.01.08 - ASUSTeKcomputer Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8751.1 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.30 - Rockstar Games)
REDlauncher (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.44.403 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.9 - Rockstar Games)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.2.12.5 - ASUSTek COMPUTER INC.)
RogueKiller version 15.0.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.9.0 - Adlice Software)
SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK Debuggers (HKLM-x32\...\{1B2DE43F-91D0-EE1E-7C9C-EF16064EB04C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Spotify (HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\Spotify) (Version: 1.1.64.561.g71bd09eb - Spotify AB)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Substance in 3ds Max 2021 (HKLM\...\{9292BE37-96B0-473E-8502-675FCC31D13F}) (Version: 2.3.1 - Allegorithmic)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.17.7 - TeamViewer)
Tobii VRU02 Runtime (HKLM-x32\...\{E74E378C-4C07-416C-A6CC-B241BD002E1F}) (Version: 1.16.36 - Tobii AB)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
TypeScript SDK (HKLM-x32\...\{54BBE05F-F2AC-4403-AA5D-786BEAA645D5}) (Version: 4.1.4.0 - Microsoft Corporation) Hidden
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 115.2.10179 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{8236EB3D-576E-432C-867A-D64F390A9D38}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\59dd2153) (Version: 16.9.31205.134 - Microsoft Corporation)
VIVEPORT (HKLM-x32\...\VIVEPORT) (Version: 1.0.9.202 - HTC)
VIVEPORT DirectX 9.0 (HKLM-x32\...\{4b01ac5b-340e-4644-828b-0882c8255a4e}) (Version: 1.2.0.3 - HTC Corp.) Hidden
VIVEPORT DirectX 9.0 (x86/x64) (HKLM-x32\...\{9D42F21E-7CFA-4C87-99FD-C81CFFCB12E5}) (Version: 1.2.0.3 - HTC Corp.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0-git - VideoLAN)
V-Ray for 3dsmax 2021 for x64 (HKLM\...\V-Ray for 3dsmax 2021 for x64) (Version: 5.00.5 - Chaos Software Ltd)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{FB93144C-7671-4DA4-883B-B1D15F00176A}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{03119992-794E-4BD1-8811-050DD87BC41C}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{6E29FB21-642A-4E68-BD8B-745E679EB9F5}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{D12A3F67-709D-477A-B5D3-D820E4C745E3}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{B64FFE5E-EDCF-49DE-B528-C5AA0D0C313B}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B994480E-2AA4-4B45-98BA-C01D9F8D2C90}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D29146C4-081C-4671-A306-894FF983D18A}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{621CB344-D1D9-4F17-A5B5-36BBBC4F6FFA}) (Version: 16.9.31025 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{F4E68397-CB34-42A2-A2FC-33C63EA0CE3B}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{90BDEEC4-B67A-4ED4-A59C-E5616D5D5CA9}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{6C9A7596-C8E7-44B0-B5C1-15D5CB97499A}) (Version: 16.9.31004 - Microsoft Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Wondershare Filmora X(Build 10.0.7.0) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
WPT Redistributables (HKLM-x32\...\{FDF7ED9F-920C-CC11-0290-8B41498C1927}) (Version: 10.1.19041.685 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{BB70FD41-5199-A5A6-064F-4343723C3048}) (Version: 10.1.19041.685 - Microsoft) Hidden
Xamarin Offline Packages (HKLM-x32\...\{F83E2D4C-A653-43F3-8DFF-F68618114EEB}) (Version: 16.9.72 - Xamarin) Hidden
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{E07CBF6A-91C5-434C-8520-784D040A3907}) (Version: 16.7.0.0 - Xamarin) Hidden
 
Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_4.0.8.0_x64__qmba6cd70vzyy [2021-03-29] (ASUSTeK COMPUTER INC.)
Cinebench -> C:\Program Files\WindowsApps\MAXONComputerGmbH.Cinebench_23.2.0.0_x64__rsne5bsk8s7tj [2020-11-18] (MAXON Computer GmbH)
HP Reverb G2 VR Headset Setup -> C:\Program Files\WindowsApps\AD2F1837.HPReverbG2VRHeadsetSetup_1.0.8.0_x64__v10z8vjag6ke6 [2021-03-11] (HP Inc.)
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2021-08-04] (0)
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.17.3.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-11-20] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-01] (NVIDIA Corp.)
OpenXR Developer Tools for Windows Mixed Reality -> C:\Program Files\WindowsApps\Microsoft.MixedRealityRuntimeDeveloperPreview_106.2104.15001.0_x64__8wekyb3d8bbwe [2021-05-15] (Microsoft Corporation)
OpenXR Preview Runtime for Windows Mixed Reality -> C:\Program Files\WindowsApps\Microsoft.WindowsMixedReality.PreviewRuntime_107.2107.7003.0_x64__8wekyb3d8bbwe [2021-07-24] (Microsoft Platform Extensions)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-12-27] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-27] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.185.0_x64__dt26b99r8h8gj [2020-11-24] (Realtek Semiconductor Corp)
Sonic Radar 3 -> C:\Program Files\WindowsApps\A-Volute.28054DF1F58B4_3.16.15.0_x64__w2gh52qy24etm [2021-01-14] (A-Volute)
Sonic Studio 3 -> C:\Program Files\WindowsApps\A-Volute.SonicStudio3_3.16.15.0_x64__w2gh52qy24etm [2021-01-14] (A-Volute)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-03-11] (VideoLAN)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2327868397-2116308143-3992419034-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2327868397-2116308143-3992419034-1001_Classes\CLSID\{5405618e-4c42-4fb9-a80a-d24d89911296}\localserver32 -> C:\Users\Waqar\AppData\Local\NhNotifSys\sonicstudio\asusns.exe (A-Volute SAS -> A-Volute)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-14] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Waqar\Desktop\MSFS.lnk -> F:\Games\MSFS\FSUIPC7\MSFS.bat ()

==================== Loaded Modules (Whitelisted) =============

2020-07-08 16:42 - 2020-07-08 16:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2020-07-08 16:42 - 2020-07-08 16:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2020-07-14 16:16 - 2020-07-14 16:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2020-11-16 15:35 - 2020-10-15 23:59 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2020-11-16 15:35 - 2020-10-30 19:16 - 000886272 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2020-11-16 15:35 - 2020-10-30 19:16 - 000996864 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2020-11-16 15:35 - 2020-10-30 19:16 - 000990208 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2020-11-16 15:35 - 2020-10-30 19:16 - 000952832 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2020-11-16 15:35 - 2020-10-13 01:00 - 001667584 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2020-11-16 15:35 - 2020-10-13 01:00 - 001063424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FanInfofromProtocol.dll
2021-01-30 19:56 - 2019-12-23 17:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2021-01-30 19:56 - 2019-06-26 15:07 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\MacroControl.dll
2020-04-22 14:35 - 2020-04-22 14:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2019-06-24 18:57 - 2019-06-24 18:57 - 000626688 _____ () [File not signed] C:\Program Files\EVGA\Precision X1\scanner.dll
2020-05-27 03:08 - 2020-05-27 03:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll
2021-06-28 20:12 - 2021-08-08 03:38 - 000051456 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.02.06\PEbiosinterface32.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll
2020-11-16 15:35 - 2020-10-13 01:00 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll
2021-01-30 19:56 - 2019-10-24 10:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll
2021-06-12 14:23 - 2020-08-18 06:10 - 000090112 _____ (Bernhard Millauer,Uwe Mayer, Konrad Mattheis) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\WPFLocalizeExtension.dll
2021-06-12 14:23 - 2021-03-16 10:39 - 001198080 _____ (DotNetProjects) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\DotNetProjects.Wpf.Extended.Toolkit.dll
2021-06-12 14:23 - 2021-01-28 20:14 - 000334336 _____ (GitHub Community) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\Microsoft.Win32.TaskScheduler.dll
2021-06-12 14:23 - 2021-01-22 15:48 - 000014848 _____ (hardcodet.net) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\H.NotifyIcon.dll
2021-06-12 14:23 - 2021-01-22 15:48 - 000037376 _____ (hardcodet.net) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\Hardcodet.Wpf.TaskbarNotification.dll
2020-12-02 04:02 - 2020-12-02 04:02 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2021-01-13 07:14 - 2021-01-13 07:14 - 001953792 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\urlmon.dll
2021-06-12 14:23 - 2021-03-25 13:05 - 000820736 _____ (NLog) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\NLog.dll
2021-01-30 19:56 - 2019-06-26 15:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2021-01-30 19:56 - 2019-06-26 15:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2021-01-30 19:58 - 2020-05-14 14:15 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libcrypto-1_1-x64.dll
2021-01-30 19:58 - 2020-05-14 14:15 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libssl-1_1-x64.dll
2021-01-03 09:26 - 2021-01-03 09:26 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-01-03 09:26 - 2021-01-03 09:26 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-01-03 09:26 - 2021-01-03 09:26 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-07-29 03:17 - 2021-01-03 09:26 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000078336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qgifd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000102400 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicnsd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000079360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicod.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000668160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qjpegd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000062976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qsvgd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000062464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtgad.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000656384 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtiffd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000060416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwbmpd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000936448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwebpd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 003425792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\platforms\qwindowsd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 011002368 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Cored.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 011547648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Guid.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000568832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Svgd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 009100288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Widgetsd.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000312832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Xmld.dll
2020-11-16 15:35 - 2020-10-15 23:59 - 000304128 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\styles\qwindowsvistastyled.dll
2021-01-30 19:56 - 2019-07-31 13:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll
2021-06-12 14:23 - 2020-08-17 08:22 - 000037376 _____ (Uwe Mayer,Konrad Mattheis,Bernhard Millauer) [File not signed] [File is in use] C:\Users\Waqar\Downloads\DS4Windows\XAMLMarkupExtensions.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2021-01-13] (Microsoft Corporation) [File not signed]
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 19:14 - 2019-12-07 19:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Waqar\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\kittyhawk_e3_withlogo_003-2-scaled.jpg
HKU\S-1-5-21-2327868397-2116308143-3992419034-1008\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "X56"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RamCache III "
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "Magnet.bootstrap_Vive"
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3CC5B900-3BBF-4F33-90AF-CEA703829FDF}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{50AF8BB1-0005-4288-9533-87CA238085E4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{1343ACAC-88CB-4FCE-A285-2485518EE2A4}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{E2660EBC-E9FF-40E4-ABD1-9EC8F7D752FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{76676DC8-112E-427D-8ED4-60171631DFC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B9E6BD49-8A5E-496E-A033-47C7C5F86C3B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{701D34B4-0A04-4029-A7A1-BB6F600FB2C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0FE17CF1-2749-462D-B844-AA8D352D240A}] => (Allow) F:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{DE0D96EE-DEF9-4027-B944-9F59B3D2A36D}] => (Allow) F:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{0A0A643E-F54B-4D97-A5F7-D73A5F5E11CB}] => (Allow) F:\SteamLibrary\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{94175BB6-E04C-4F00-A6EF-421C33543C65}] => (Allow) F:\SteamLibrary\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{CFE541B8-F803-4E2A-981A-AE8302432327}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [{ED0711DC-98FC-42CC-AF1F-7CC7A2D98B70}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [{A03ABD05-8098-499A-9873-8185345B51FE}] => (Allow) F:\SteamLibrary\steamapps\common\MicrosoftFlightSimulator\FlightSimulator.exe (Asobo Studio) [File not signed]
FirewallRules: [{E68B0793-8D9E-49C4-A864-66FEED4E7E58}] => (Allow) F:\SteamLibrary\steamapps\common\MicrosoftFlightSimulator\FlightSimulator.exe (Asobo Studio) [File not signed]
FirewallRules: [TCP Query User{D748D12F-E742-485F-869D-DB487CF311A0}C:\users\waqar\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\waqar\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [UDP Query User{FF123B59-C0F0-450B-8367-094A3715FC96}C:\users\waqar\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\waqar\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{0381473B-F344-4669-8211-264EEF696225}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{0C02905E-1467-4287-8D8F-5F39266C7DD8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{1A6F7C37-28BE-4360-A956-4B003BCB76DE}C:\users\waqar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\waqar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{EE7FC87A-7C51-4650-AE65-853C5B8E49C1}C:\users\waqar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\waqar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{26310BDF-71B9-4149-AEFE-BABC0880D6D6}D:\games\snowrunner\en_us\sources\bin\snowrunner.exe] => (Allow) D:\games\snowrunner\en_us\sources\bin\snowrunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [UDP Query User{AC9A1C79-B8ED-4D82-86A7-4331FDDD3490}D:\games\snowrunner\en_us\sources\bin\snowrunner.exe] => (Allow) D:\games\snowrunner\en_us\sources\bin\snowrunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [{E6083982-9F14-4720-A78E-8EE30696ECC3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A3B7508F-9E6B-4E05-A388-A8C310281270}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A95AE805-F989-4705-A0E5-05E322BAA238}F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{B72C690C-C834-4CB8-9F3E-D03CB64534B8}F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{ECFE9AF8-627F-4B12-BC86-45C45E48F3CB}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Block) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7C0555D3-09CF-42E0-AAD3-C09851A81CD7}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Block) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{68051FC4-D185-494E-89FA-718A6021D42B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [{19F5F8C5-C428-4050-8925-9A540E9ECFFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{8F07A483-4AC6-497F-94D0-F5EB3F718BE8}C:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [UDP Query User{B04E2FFC-2E1D-4798-85C8-BF21F58EFA9B}C:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{38AB9665-8B78-429C-9BDF-E660646B57E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{906468D8-C9C7-493D-96F6-F5869CB03DFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{3247F5F2-7823-4762-9F3E-916F10267DFB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{F275A1EC-5418-406F-9DF1-EAA6358E7A32}] => (Allow) D:\Games\SteamLibrary\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{82D51F79-73D2-48D6-82E7-E457B088EC7A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\EarthVR\Earth.exe (Google Inc -> Google Inc)
FirewallRules: [{4A743AEB-A682-4710-B212-7CD95F1FAAA6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\EarthVR\Earth.exe (Google Inc -> Google Inc)
FirewallRules: [{A891B5DF-8C83-4C8B-BB73-CEA190EFD3D4}] => (Allow) F:\SteamLibrary\steamapps\common\Beat Saber\Beat Saber.exe () [File not signed]
FirewallRules: [{3D1E4EF4-8167-4CFB-B892-3B9AF7D5D481}] => (Allow) F:\SteamLibrary\steamapps\common\Beat Saber\Beat Saber.exe () [File not signed]
FirewallRules: [{5A193395-223A-47F9-B131-98428C393E98}] => (Allow) D:\Games\SteamLibrary\steamapps\common\DCSWorld\bin\DCS.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [{9B792F0E-941B-4C3F-A87E-7FD5EF65051E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\DCSWorld\bin\DCS.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [{37FA4EBC-001F-4F9F-AACE-30970AC3C557}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Spider-Man Far From Home VR\SpiderManFFH.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F4BA3A5A-C296-41B2-B54D-EDD686759373}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Spider-Man Far From Home VR\SpiderManFFH.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{DC8C6FDC-D083-4C4A-98A0-3ED711D59205}] => (Allow) D:\Games\SteamLibrary\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [{8A20A2EF-20E5-4CC6-98A5-9A369FABB704}] => (Allow) D:\Games\SteamLibrary\steamapps\common\assettocorsa\AssettoCorsa.exe (Kunos Simulazioni) [File not signed]
FirewallRules: [TCP Query User{F9C85871-9320-40E8-A36A-01A37D20371C}C:\users\waqar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\waqar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0CD95632-0C59-4721-BFD4-54012EEBBBEA}C:\users\waqar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\waqar\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{1CBE4D9C-2FDA-4465-B556-A64E12234326}D:\games\steamlibrary\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steamlibrary\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [UDP Query User{F9F9AC6E-9B19-49D5-A337-EE1D502F04F7}D:\games\steamlibrary\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steamlibrary\steamapps\common\assettocorsa\acs.exe () [File not signed]
FirewallRules: [TCP Query User{7C969329-BE4C-403B-B3F8-1AAE906EDA26}D:\games\red dead redemption 2\rdr2.exe] => (Allow) D:\games\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{5F05CE09-0A83-43DF-890D-6B32CCD4D5E4}D:\games\red dead redemption 2\rdr2.exe] => (Allow) D:\games\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{BA2C465B-4209-4C60-8C41-BCCA5387C316}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{0579ED9F-5889-4933-AD36-54FF958A0274}D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{79343989-6336-46E3-8855-F651141FD116}] => (Allow) F:\SteamLibrary\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{C339DDFA-59C1-425B-8110-2EFF6645CC0C}] => (Allow) F:\SteamLibrary\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{3D4382D1-1CC0-4270-A471-25B8E1CE9140}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Wildlands\GRW.exe (Blue Byte GmbH -> )
FirewallRules: [{49C6F39F-689C-4AC0-85EF-2010926B7291}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Wildlands\GRW.exe (Blue Byte GmbH -> )
FirewallRules: [{DB2F7A0D-C14B-4441-924E-96147750DD94}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{42D15481-C506-49A9-80E6-1A4BB463B708}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{494DC7DB-7E8F-4DF8-BE6A-3D9FA5D7B701}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{42B3DB65-A54D-40B0-9F82-0BD11B90CD4C}] => (Allow) F:\Games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{84AE854F-FF92-48A0-98DF-AF043CDBA557}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{0A369389-1570-4BDE-860D-302075A8BC15}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{850F859F-98B9-492A-8DAA-07EB719E5B57}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7325356B-ADF5-4A7C-9793-E2B88415780A}] => (Allow) D:\Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7C182699-C649-4AA5-AF9F-6DC7E7993F38}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{346202A2-A63F-4CAF-BB13-ACD482A5921F}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{3EB9D3CA-3263-4577-9988-0253EA1B96B3}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{1EB79E15-3EEC-4230-BAFE-70C86CDF0F15}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{574AD1FB-09A9-42F2-98F9-8CE19E221CD8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE0087AB-9999-433F-8A77-A723CADCB505}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3EE56E5B-3AEF-4B31-A09D-1874F4AC9D2B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{576DA218-7485-428C-A91E-91EAC51A4DAC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{919F6F2D-88EF-4624-832B-7CE1C6E5FF94}D:\games\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) D:\games\steamlibrary\steamapps\common\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{516C0002-10C9-4144-8E28-F48B077E30D8}D:\games\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) D:\games\steamlibrary\steamapps\common\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9819A24C-8557-4074-ABED-1EBC65C66842}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF2C895B-09F5-442E-8E0B-66C7D4996227}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BFB92714-4EB8-493A-B168-05033919FB0C}] => (Allow) D:\Games\SteamLibrary\steamapps\common\MixedRealityVRDriver\bin\win64\Launch.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A399DF8-201E-4647-8FDA-342EC3C5CFF8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\MixedRealityVRDriver\bin\win64\Launch.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C7B0938-45CF-46AA-A857-8296D2F6F7C1}] => (Allow) D:\Games\SteamLibrary\steamapps\common\DeoVR Video Player\DeoVR.exe (Infomediji d.o.o. -> )
FirewallRules: [{7EC6FAA5-A1A9-4259-BDDE-F5044014FB91}] => (Allow) D:\Games\SteamLibrary\steamapps\common\DeoVR Video Player\DeoVR.exe (Infomediji d.o.o. -> )
FirewallRules: [TCP Query User{EE440E72-C55A-40C0-B78D-CF538103AA07}D:\games\dcs world\bin\dcs.exe] => (Allow) D:\games\dcs world\bin\dcs.exe (Eagle Dynamics) [File not signed]
FirewallRules: [UDP Query User{7EE83679-299A-4669-ADE0-482918149443}D:\games\dcs world\bin\dcs.exe] => (Allow) D:\games\dcs world\bin\dcs.exe (Eagle Dynamics) [File not signed]
FirewallRules: [TCP Query User{138DCEC8-A6D8-43A9-BA7C-57B634E3A621}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F934E28B-3FAD-4E41-9826-6154A0BC1541}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7A57E360-B1D7-4BA0-ABC4-81C72CB0246C}D:\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{00B5840B-8024-474F-9807-6CEDCBF9D48E}D:\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{1FE8931C-97E7-4F6E-8114-F06D9F1A9F14}D:\ue_4.26\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\ue_4.26\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
 
FirewallRules: [UDP Query User{242C59B3-F9BD-4E96-83D3-7BEB07D2D3B3}D:\ue_4.26\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\ue_4.26\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{ACA5837D-5ABC-4FF2-ABB0-349E33C5459E}D:\vt\vertcoin-qt.exe] => (Allow) D:\vt\vertcoin-qt.exe () [File not signed]
FirewallRules: [UDP Query User{3548124D-3D6A-4A72-94EB-94CE46C9B919}D:\vt\vertcoin-qt.exe] => (Allow) D:\vt\vertcoin-qt.exe () [File not signed]
FirewallRules: [{28487742-AC35-4F21-B90D-F04A22F95852}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{8C1FD764-538B-4457-B10B-7EF6B43296C6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{FB989C16-1EC5-4EBD-BD12-9DADCF0E75DC}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Chaos Software Ltd. -> )
FirewallRules: [{5913C0E9-09DB-4472-BEF3-8621608A002D}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe (Chaos Software Ltd. -> )
FirewallRules: [{5E7E9103-4617-4731-A0D5-8B60582EC073}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C97855B7-6696-4B4C-BA75-80A83373F55A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B471C164-A1BE-484C-A6B3-662A2075A67E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{45C5A7F8-6FBA-4FFB-BD7D-16DDB7083B30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5320CA30-CF13-40BD-A21D-E38265A2DFE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{729A1554-58AA-4319-9E9B-6039B0402D33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9051116C-37A0-4F0B-8BB0-876269EB1428}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C7D1A446-3484-4478-B1B5-1571E859746A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9C542A52-967C-4088-B771-7E64DB12A9AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFCB9D82-6B93-4B9E-A850-FCD058904DC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE0FC963-47EF-4842-98F3-6253C7678679}] => (Allow) D:\Games\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{646D62A7-C467-4B7F-99F9-83EC5F6F384F}] => (Allow) D:\Games\SteamLibrary\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [TCP Query User{47F806DE-419F-46C1-9E55-3DF552DEFFBF}F:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) F:\steamlibrary\steamapps\common\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{850D8C67-3944-46E5-9730-CE7BB9FAC701}F:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) F:\steamlibrary\steamapps\common\fifa 21\fifa21.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{53CE5773-85F0-414D-B564-998CA2CF1CAB}D:\ue5\ue_5.0ea\engine\binaries\win64\unrealeditor.exe] => (Allow) D:\ue5\ue_5.0ea\engine\binaries\win64\unrealeditor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A64AA4BE-5911-4633-8FAB-3A34C9CFC337}D:\ue5\ue_5.0ea\engine\binaries\win64\unrealeditor.exe] => (Allow) D:\ue5\ue_5.0ea\engine\binaries\win64\unrealeditor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{ACEED315-840C-474C-B03F-98B6BBB96F0F}D:\games\steamlibrary\steamapps\common\need for speed(tm) most wanted\nfs13.exe] => (Allow) D:\games\steamlibrary\steamapps\common\need for speed(tm) most wanted\nfs13.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [UDP Query User{0E4070D5-AF82-4609-8B89-F86095A0384E}D:\games\steamlibrary\steamapps\common\need for speed(tm) most wanted\nfs13.exe] => (Allow) D:\games\steamlibrary\steamapps\common\need for speed(tm) most wanted\nfs13.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [TCP Query User{09740BAC-26A4-46C3-8772-85E320D8EE7E}D:\games\totalwarsagatroy\troy.exe] => (Allow) D:\games\totalwarsagatroy\troy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{E921A815-5E6C-4685-8B9F-CC29E1B7921F}D:\games\totalwarsagatroy\troy.exe] => (Allow) D:\games\totalwarsagatroy\troy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{8FA4FB44-1620-4ADB-8391-B7AB01602E7B}D:\games\ue_4.27\engine\binaries\win64\ue4editor.exe] => (Allow) D:\games\ue_4.27\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7E70EEAD-386E-4A93-AC38-6F27E430CB3D}D:\games\ue_4.27\engine\binaries\win64\ue4editor.exe] => (Allow) D:\games\ue_4.27\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{FF391AC3-CF91-4F64-BFE4-BA44BC1E9807}D:\games\ue_4.27\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\games\ue_4.27\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{A32A4C6F-8D11-40E9-86D7-BC300ED9431F}D:\games\ue_4.27\engine\binaries\dotnet\swarmagent.exe] => (Allow) D:\games\ue_4.27\engine\binaries\dotnet\swarmagent.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{CA7E89A7-AFD3-4AEE-AF03-0C7A9F9543F2}F:\games\overcooked2\overcooked2.exe] => (Allow) F:\games\overcooked2\overcooked2.exe () [File not signed]
FirewallRules: [UDP Query User{D466EC42-6738-4CC3-BD30-13ED9C845E5B}F:\games\overcooked2\overcooked2.exe] => (Allow) F:\games\overcooked2\overcooked2.exe () [File not signed]
FirewallRules: [{2D365539-3FCC-48F3-9FA1-42D53BC94C05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C433994-BE77-4B49-BE41-E635993672FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0AD04DA3-BED3-4CD6-AE67-8DDCEF0CCB9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9D60B383-91E4-4F98-BA4A-3DDAB38A0AC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4DEFBFA0-65F6-43B4-AF2A-383CD00CE57F}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{37020FF4-4B48-48FF-B1A7-6D74051823E5}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{5F940E12-4F90-40B5-9637-542F75C58737}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{FD5492D7-1180-4892-9F5D-62487A10F612}] => (Allow) F:\SteamLibrary\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8117FAC0-5174-431F-989D-7BE0DA025CD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5ADBB502-A973-45D6-85E9-D986D853E80A}] => (Allow) F:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{E9D10F3B-A68E-440A-A8C5-3FFF95D7BB5B}] => (Allow) F:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{1C05BACD-357A-480C-BEAE-8143528E03B1}] => (Allow) F:\SteamLibrary\steamapps\common\PavlovVR\Pavlov.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{639A5614-7911-43A3-B122-9098A60A9F51}] => (Allow) F:\SteamLibrary\steamapps\common\PavlovVR\Pavlov.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{D57CD577-698E-484E-968E-B1322CB81046}F:\steamlibrary\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe (Vankrupt Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{FA3B6022-F11D-48CC-BB17-9437254A5CCA}F:\steamlibrary\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe (Vankrupt Games, Inc.) [File not signed]
FirewallRules: [{0A002530-BC43-4569-BCAB-012D4E9FDD62}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{AEEBDABC-27EE-43CF-A974-A797B30A1265}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{15E4D78E-0012-467C-ADEC-42529CEE6109}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{E3574E33-75E0-43BD-A148-65DF8BD548B8}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{627DA4D5-66AE-4D3C-AEE4-0BB2DFBB52B0}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{417BB700-8D3C-4808-9946-631D186E48BB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [TCP Query User{F50A8F32-95F8-4113-A740-78D29F347551}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{BB5AE993-E1E2-4A67-8C8D-571C165D2760}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{96770CC4-A801-4916-8F70-487D082619F0}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C194BFF-C5AA-49C2-8F05-86342B841237}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\93.0.961.11\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A89490D-B925-4EFB-BF37-FC6D22A36350}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Green Hell\GH.exe () [File not signed]
FirewallRules: [{CA3EC0EB-D62D-4DB2-B5A7-1C04EF6115BB}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Green Hell\GH.exe () [File not signed]
FirewallRules: [{06C8E03E-A537-486C-8836-6DC2BA147970}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{466B6FF1-8621-4BCC-8041-0DE7C227D7AE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{39927599-C092-42A7-A996-C30BB63E7A72}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{929BAB1A-6A06-4605-9C84-4BBD8CF559BD}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{3C00E097-A965-485A-8CCA-421D1F5A17B9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{1B737AA4-865E-4A2C-B842-E35A6678E2A6}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{37AB1BE8-D3CC-4758-A52D-BCBF02B7BBC9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{F29453E0-5B0D-4634-8164-B38CE0781161}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4BA8FF4D-F66B-4201-873D-6F3CB54EA15A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{DBB710E6-CC32-4E95-A03D-B3C6F1579586}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)


==================== Restore Points =========================

01-08-2021 05:51:10 Windows Modules Installer
06-08-2021 19:09:47 Patriot Viper DRAM RGB

==================== Faulty Device Manager Devices ============

Name: Saitek Bulk Interface
Description: Saitek Bulk Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Saitek Bulk Interface
Description: Saitek Bulk Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/07/2021 09:44:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.1073, time stamp: 0x60f9d1c9
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process ID: 0x11a8
Faulting application start time: 0x01d78b7ed11dde48
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report ID: 23e79a62-f6ec-4534-ad44-d12d17ba4a42
Faulting package full name:
Faulting package-relative application ID:

Error: (08/07/2021 04:43:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Faulting module name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Exception code: 0xc0000005
Fault offset: 0x0000000000019884
Faulting process ID: 0x4c34
Faulting application start time: 0x01d78b48e27f4208
Faulting application path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Faulting module path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Report ID: 162c7863-fb22-43fd-83ed-d3b1714f588e
Faulting package full name:
Faulting package-relative application ID:

Error: (08/07/2021 02:56:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Faulting module name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Exception code: 0xc0000005
Fault offset: 0x0000000000019884
Faulting process ID: 0x5568
Faulting application start time: 0x01d78b46e20417af
Faulting application path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Faulting module path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Report ID: 5815bc64-2bb9-4b06-92d3-7144ea2e70ed
Faulting package full name:
Faulting package-relative application ID:

Error: (08/07/2021 02:56:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlightSimulator.exe, version: 1.18.15.0, time stamp: 0x00000000
Faulting module name: FlightSimulator.exe, version: 1.18.15.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000009dea68
Faulting process ID: 0x4e90
Faulting application start time: 0x01d78b46a5e04f27
Faulting application path: F:\SteamLibrary\steamapps\common\MicrosoftFlightSimulator\FlightSimulator.exe
Faulting module path: F:\SteamLibrary\steamapps\common\MicrosoftFlightSimulator\FlightSimulator.exe
Report ID: 13157338-3ff7-4ce5-ae63-af4ff40e2336
Faulting package full name:
Faulting package-relative application ID:

Error: (08/07/2021 02:41:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Faulting module name: FSUIPC7.exe, version: 7.2.0.0, time stamp: 0x60a65c57
Exception code: 0xc0000005
Fault offset: 0x0000000000019884
Faulting process ID: 0x1624
Faulting application start time: 0x01d78b40998a47f9
Faulting application path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Faulting module path: F:\Games\MSFS\FSUIPC7\FSUIPC7.exe
Report ID: e9d9c30e-3c1d-47b3-af7a-8310b01ca7f3
Faulting package full name:
Faulting package-relative application ID:

Error: (08/06/2021 09:55:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/06/2021 09:55:27 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/06/2021 09:55:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SharedRealitySvc, version: 10.0.19041.546, time stamp: 0x058e175a
Faulting module name: ntdll.dll, version: 10.0.19041.662, time stamp: 0x27bfa5f0
Exception code: 0xc0000409
Fault offset: 0x00000000000a3808
Faulting process ID: 0x10a8
Faulting application start time: 0x01d78aa092f19d37
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: 7a88923c-8e10-4bf4-8186-af8f18302d73
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/08/2021 03:54:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 4 time(s).

Error: (08/08/2021 03:51:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 3 time(s).

Error: (08/08/2021 03:43:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 2 time(s).

Error: (08/08/2021 03:40:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/08/2021 03:37:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The OpenSSH SSH Server service terminated unexpectedly. It has done this 1 time(s).

Error: (08/08/2021 12:21:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 8 time(s).

Error: (08/07/2021 11:51:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 7 time(s).

Error: (08/07/2021 10:01:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 6 time(s).


Windows Defender:
================
Date: 2021-08-07 20:18:32
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: !PseudoThreat_c00006b5
Severity: Low
Category: Permitted
Path: file:_C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Security intelligence Version: AV: 1.343.2354.0, AS: 1.343.2354.0, NIS: 1.343.2354.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-07 20:18:03
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: !PseudoThreat_c00006b5
Severity: Low
Category: Permitted
Path: file:_C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
Security intelligence Version: AV: 1.343.2354.0, AS: 1.343.2354.0, NIS: 1.343.2354.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-07 20:14:39
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: !PseudoThreat_c00006b5
Severity: Low
Category: Permitted
Path: file:_C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Security intelligence Version: AV: 1.343.2354.0, AS: 1.343.2354.0, NIS: 1.343.2354.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-07 20:10:31
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: !PseudoThreat_c00006b5
Severity: Low
Category: Permitted
Path: file:_C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Security intelligence Version: AV: 1.343.2354.0, AS: 1.343.2354.0, NIS: 1.343.2354.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-07 20:09:07
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: !PseudoThreat_c00006b5
Severity: Low
Category: Permitted
Path: file:_C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\amtlib.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Security intelligence Version: AV: 1.343.2354.0, AS: 1.343.2354.0, NIS: 1.343.2354.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

Date: 2021-08-05 18:47:47
Description:
Microsoft Defender Antivirus has encountered an error trying to restore an item from quarantine.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Error Code: 0x80508014
Error description: The quarantined item cannot be restored.
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0
Engine Version: 1.1.18300.4

Date: 2021-08-05 18:03:04
Description:
Microsoft Defender Antivirus has encountered an error trying to restore an item from quarantine.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Error Code: 0x80508014
Error description: The quarantined item cannot be restored.
Security intelligence Version: AV: 1.343.2244.0, AS: 1.343.2244.0
Engine Version: 1.1.18300.4

Date: 2021-07-27 20:17:22
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

CodeIntegrity:
===============
Date: 2021-01-13 05:49:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{86535B88-4D20-4DC9-AC04-C063FDD35421}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-13 05:41:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{08EC53CD-85F1-4311-8D29-5E90064EC3EE}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-12 15:18:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{7080A2DA-DEC2-4D1A-AD49-A2E5E0400D3F}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-12 05:37:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{95575613-3FB0-421D-B1D9-C8E7A81B93EB}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-12 00:35:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{044AB73C-4437-459D-BFDC-38A87D5A6AD7}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-11 18:36:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{E49B6127-7FC5-4F22-B9F7-F2EB7C6249D3}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-11 17:41:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{40CCD1F2-6A5A-4CBF-9238-3D6F87D076DD}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-10 18:16:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD67A752-4B6B-431D-BAFF-77AA2D9251A2}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-10 16:21:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A7C85A1-4558-4C05-A4C0-E60908CFF3CE}\mpengine.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-06 08:43:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2020-12-06 08:43:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\WWAHost.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 4002 06/15/2021
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX X570-E GAMING
Processor: AMD Ryzen 9 5950X 16-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 32678.49 MB
Available physical RAM: 25999.75 MB
Total Virtual: 37542.49 MB
Available Virtual: 27836.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224 GB) (Free:29.43 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1863.02 GB) (Free:333.68 GB) NTFS
Drive f: () (Fixed) (Total:706.9 GB) (Free:285.35 GB) NTFS

\\?\Volume{7171d437-ac00-4f87-920f-bbba51861cbd}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{9edf256d-2173-9bd6-5e4b-a6f2756c24f3}\ () (Fixed) (Total:1.64 GB) (Free:0 GB) NTFS
\\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{d846055c-bca3-484c-a95c-562489f24694}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3D16C317)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 05957B2A)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

==================== End of Addition.txt =======================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.5 KB · Views: 97
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-08-2021
Ran by Waqar (08-08-2021 21:32:19) Run:1
Running from C:\Users\Waqar\Desktop
Loaded Profiles: Waqar & DevToolsUser
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
S3 GPUZ-v2; C:\Users\Waqar\AppData\Local\Temp\GPUZ-v2.sys [50216 2021-01-10] (TechPowerUp LLC -> ) <==== ATTENTION
S3 HWiNFO_152; C:\Users\Waqar\AppData\Local\Temp\HWiNFO64A_152.SYS [63208 2021-08-06] (Martin Malik - REALiX -> REALiX(tm)) <==== ATTENTION
C:\Users\Waqar\AppData\Local\Temp\GPUZ-v2.sys
C:\Users\Waqar\AppData\Local\Temp\HWiNFO64A_152.SYS
2021-04-12 22:00 - 2021-04-13 21:19 - 000000205 _____ () C:\Users\Waqar\AppData\Local\oobelibMkey.log
2021-06-10 18:57 - 2021-06-10 18:57 - 000004132 _____ () C:\Users\Waqar\AppData\Local\recently-used.xbel
2020-12-26 16:27 - 2020-12-26 16:27 - 000012288 _____ () C:\Users\Waqar\AppData\Local\vita_uranus.data
FCheck: C:\Windows\system32\APHostClient.dll [2021-01-13] <==== ATTENTION (zero byte File/Folder)
CustomCLSID: HKU\S-1-5-21-2327868397-2116308143-3992419034-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
FirewallRules: [TCP Query User{A95AE805-F989-4705-A0E5-05E322BAA238}F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{B72C690C-C834-4CB8-9F3E-D03CB64534B8}F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File

*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\System\CurrentControlSet\Services\GPUZ-v2 => removed successfully
GPUZ-v2 => service removed successfully
HKLM\System\CurrentControlSet\Services\HWiNFO_152 => removed successfully
HWiNFO_152 => service removed successfully
C:\Users\Waqar\AppData\Local\Temp\GPUZ-v2.sys => moved successfully
C:\Users\Waqar\AppData\Local\Temp\HWiNFO64A_152.SYS => moved successfully
C:\Users\Waqar\AppData\Local\oobelibMkey.log => moved successfully
C:\Users\Waqar\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Waqar\AppData\Local\vita_uranus.data => moved successfully
C:\Windows\system32\APHostClient.dll => moved successfully
HKU\S-1-5-21-2327868397-2116308143-3992419034-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A95AE805-F989-4705-A0E5-05E322BAA238}F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B72C690C-C834-4CB8-9F3E-D03CB64534B8}F:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully


The system needed a reboot.

==== End of Fixlog 21:32:19 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 23-12-2020
Ran by Waqar (administrator) on 13-08-2021 at 18:23:54
Running from "C:\Users\Waqar\Downloads"
Microsoft Windows 10 Education (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 
Back