Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Microsoft just killed the Windows 10 Beta Channel again

Featured Deal: Get this $35 ethical hacking bundle deal for the IT job seeker on your list

Latest Buyer's Guide: PureVPN review: How good is it in 2024?

MSERT says found infected files but then when done scanning says it found none

Started by thatoneguyyep101 , Nov 11 2024 03:20 AM

Please log in to reply

5 replies to this topic

#1 thatoneguyyep101

Members
364 posts
OFFLINE

Gender:Male
Local time:03:02 AM

Posted 11 November 2024 - 03:20 AM

I want to start off by saying thank you to the amazing people the volunteer here. Even if my problem doesn't get resolved I think it's awesome that there are people here assisting others and trying to help them fix their things!

I have a topic at: https://www.bleepingcomputer.com/forums/t/803053/windows-11-pro-23h2-wont-do-an-inplace-upgrade-says-0x8007042b-0x4000d/ and as you can see in post #21 I was asked to do a scan using MSERT which I did. It says it found 43 infected files last I looked at it.. then once the scan finishes it says nothing was detected. I provided pictures in post #23.

Pretty much what the topic was originally about is that I opened microsoft store and a lot of apps refused to update. They kept saying "something happened on our end" with an error code of 0x80073CFE

After trying a ton of different cmd commands, powershell commands, a few troubleshooters, etc the issue still persisted. I was over trying.. so figured it made more sense to just reinstall windows while keeping my data and settings/doing an in place upgrade or whatever it's called.

But that also failed to work.

It eventually failed at around 88% in saying it undid the changes and 0x8007042B - 0x4000D failed in second_boot phase with an error during migrate_data operation.

Someone then suggested I do some commands for rebuilding the StateRepository database. Then after doing that tried doing the in place upgrade again and it worked!

I am currently able to open microsoft store and update apps! But I wanted to make sure that the integrity of the system is ok now, that there's no damaged necessary files, etc. Was asked to do a scan using MSERT and during the scan it says it found stuff, then at the end of the scan says it found nothing.

If anymore details are needed please refer to the topic I linked above.. it gives more details!

I ran FRST as asked and will post the logs below...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2024 02
Ran by that1 (administrator) on DESKTOP-I9DA849 (ASUS System Product Name) (11-11-2024 02:02:31)
Running from C:\Users\that1\Desktop\FRST64.exe
Loaded Profiles: that1
Platform: Microsoft Windows 11 Pro Version 24H2 26100.2033 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A-Volute SAS -> A-Volute) C:\Users\that1\AppData\Local\NhNotifSys\sonicstudio\asusns.exe
(C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\SetThreadAffinityMaskX64.exe
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe ->) (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Logi\LogiBolt\LogiBolt.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiBolt\logi_crashpad_handler.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.68\msedgewebview2.exe <12>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logi_crashpad_handler.exe <2>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Discord Inc. -> Discord Inc.) C:\Users\that1\AppData\Local\Discord\app-1.0.9169\Discord.exe <6>
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(explorer.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiBolt\LogiBolt.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <30>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Now.gg, INC -> now.gg, Inc.) C:\Users\that1\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe <4>
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe
(explorer.exe ->) (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC) C:\Program Files (x86)\Toolkit\Toolkit.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(FNet Co., Ltd. -> FNet Co., Ltd) C:\Program Files (x86)\RamCache III\RamCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24101.35.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <25>
(services.exe ->) (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.43\AsusFanControlService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.03.12\atkexComSvc.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_289adb86c54e3a76\Intel_PIE_Service.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ea7f458f0e49497d\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4c10eeff886a3252\RtkAudUService64.exe <2>
(services.exe ->) (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC) C:\ProgramData\Toolkit\SeagateSecureService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(svchost.exe ->) (GT Booster Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\GameFirst\GameTurbo.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
Failed to access process -> vmmemCmZygote

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4c10eeff886a3252\RtkAudUService64.exe [1591672 2023-06-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [RamCache III ] => C:\Program Files (x86)\RamCache III\RamCache.exe [5416728 2023-06-05] (FNet Co., Ltd. -> FNet Co., Ltd)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [381288 2023-05-23] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4412512 2024-11-05] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [3396704 2024-11-05] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [Discord] => C:\Users\that1\AppData\Local\Discord\Update.exe [1525016 2023-04-26] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365512 2023-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [MicrosoftEdgeAutoLaunch_33782F20435822D0E87DF0A7FD203D78] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3856464 2024-11-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [RazerAxon] => C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe [454432 2024-10-26] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [Toolkit] => C:\Program Files (x86)\Toolkit\Toolkit.exe [1625584 2024-10-07] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\that1\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-05-08] (Now.gg, INC -> now.gg, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\130.0.6723.117\Installer\chrmstp.exe [2024-11-07] (Google LLC -> Google LLC)
Startup: C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Processor Identification Utility.lnk [2023-06-06]
ShortcutTarget: Intel® Processor Identification Utility.lnk -> C:\Program Files (x86)\Intel Corporation\Intel Processor Identification Utility\ProcID.exe (Intel Corporation -> Intel Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FE6BA63E-C9EC-48D2-BCBF-AB75F2A857D0} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusHotkey.exe" -CancelShutdown (No File)
Task: {FAE0D05B-5FE9-44D5-ADB1-C524398C9184} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (No File)
Task: {08040C0E-7341-4089-BE15-FC23E2FA42EF} - System32\Tasks\ASUS\Armoury Crate Service Task_CountDown => C:\ProgramData\ASUS\FestsEffect\data\CountDown\CountDown.exe (No File)
Task: {9B693205-15B3-464C-B2F1-DD0CE8DBA949} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (No File)
Task: {0B16CCBB-B1E0-40D3-836E-DA4E827FE27D} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2159944 2021-10-18] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {619BEB8B-D6BC-4557-9B36-095905038ECD} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1471104 2021-10-22] (ASUSTeK Computer Inc. -> )
Task: {FD79E9A9-EA17-4B7D-8DDD-0C7EDA43ED15} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1610808 2021-04-14] (ASUSTeK Computer Inc. -> )
Task: {5CF3674E-960C-4FBE-8A65-D34E72B7E340} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe --delay (No File)
Task: {6DFDCDCD-C72A-4DCB-BF04-A3AC8E33091B} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2021-10-13] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {01BC6C2E-1276-47CF-9F1A-A88B28CD082E} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (No File)
Task: {A8F8EC69-F4F5-4951-82BD-DBC13AA61292} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {B220717F-6B72-4534-8DA5-C566C0690166} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe" -j0 (No File)
Task: {7208BA73-4187-47D8-B3B6-48C66F8C1653} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-09-16] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {63C8D6EB-474E-4609-8DB6-74316B8C4026} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [2827752 2024-10-04] (Microsoft Windows -> Microsoft Corporation)
Task: {24A24D55-F88A-4EB9-9110-EF04684F851C} - System32\Tasks\GameTurbo => C:\Program Files (x86)\ASUS\GameFirst\\GameTurbo.exe [1460144 2023-04-12] (GT Booster Inc. -> ASUSTek COMPUTER INC.)
Task: {697A1ED6-DC51-45F6-A99E-88C48187EA39} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem131.0.6776.0{66D82911-2E66-423A-9E49-1F71F6E7C2AA} => C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe [5507168 2024-10-14] (Google LLC -> Google LLC)
Task: {022FAD44-8AC4-465F-9EE9-153B863B5358} - System32\Tasks\Intel\Intel Telemetry 3 => C:\Program Files\Intel\Telemetry 3.0\lrio.exe [5896048 2023-02-09] (Intel Corporation -> Intel Corporation)
Task: {3699E930-6F1B-456A-A33B-22C44D622C12} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4983528 2024-08-02] (Intel Corporation -> Intel Corporation)
Task: {B8FC27A4-C70B-4F52-B6A2-9C680158A3DE} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4983528 2024-08-02] (Intel Corporation -> Intel Corporation)
Task: {A06D9001-2882-4D6B-AD1C-F90D7340B3B1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {BD8B3A3D-A05B-4283-AADA-2A1D51A321C5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28643008 2024-10-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {8973AC6D-BE5C-41F2-80C6-9DF06A738B37} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28643008 2024-10-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {976A99C7-58C5-4877-8277-A14B7D305D1E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223344 2024-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E93B2378-AF9D-445A-8FBF-177E083D1248} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223344 2024-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {B74023C9-607C-40FE-B9CA-337AAC245849} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF6AB7E7-86B0-41AF-B548-4FED39AF4CB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FD49B57C-A6AF-47F1-8F98-BBD4BA71125D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF29986B-F60E-440A-8900-876FEBC08632} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AA0A1F96-3EF1-4B8F-AB78-EAB80AFFFD46} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34368 2024-11-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {65A14B3D-BFBC-4C99-B21C-45DA161C142B} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [837272 2023-06-07] (A-Volute SAS -> Nahimic)
Task: {5A89DC87-3E37-4CF0-B5C4-9A48D2DB6B87} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1098368 2023-06-07] (A-Volute SAS -> Nahimic)
Task: {923F4DD9-AB40-4F01-B0B2-C7D75D465A32} - System32\Tasks\NahimicTask32 => C:\Windows\System32\..\SysWOW64\NahimicSvc32.exe [837272 ] (A-Volute SAS -> Nahimic)
Task: {8E68BB31-255C-48A2-BBA0-E1876FA75488} - System32\Tasks\NahimicTask64 => C:\Windows\System32\.\NahimicSvc64.exe [1098368 ] (A-Volute SAS -> Nahimic)
Task: {3FFD9199-4D36-499A-8F7D-F54F9885BD76} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4338510F-E449-4ABE-B380-54DF52CACC13} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C43AFECC-7BD7-4DE5-8F38-29F40A8F8198} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {04C0ED6D-66F4-4567-B6A7-2F2DCE164C2E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AD8AC754-67D2-4BAA-99C1-012FAD74E29A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {99FFB951-7E8A-4C17-BA61-BE6823CB5213} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1E060C2A-2002-4A11-A0AF-96620DE128A7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3013A72F-007F-4D79-B174-6465ED957E0C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0286EBCC-A394-485E-9806-33AFF4638990} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EF5C1A2E-D86B-4FB1-B7E1-A211E288AFC4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {04089634-FCC9-4F2A-945B-CE1AC218B792} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2826018304-3046952284-471009816-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-11-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 1.0.0.1
Tcpip\..\Interfaces\{36ca48a4-0b38-4ad3-822b-8b594694e7bd}: [NameServer] 100.64.100.1
Tcpip\..\Interfaces\{ab6e9cbe-f1b6-4712-94a7-4dd5a2b58912}: [DhcpNameServer] 192.168.254.254 1.0.0.1
Tcpip\..\Interfaces\{f8f2c572-4566-4504-a9f1-567ad6491722}: [DhcpNameServer] 192.168.254.254 1.0.0.1
Tcpip\..\Interfaces\{f8f2c572-4566-4504-a9f1-567ad6491722}: [DhcpDomain] Home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\that1\AppData\Local\Microsoft\Edge\User Data\Default [2024-11-11]
Edge Notifications: Default -> hxxps://sniffies.com,*"
Edge Session Restore: Default -> is enabled.
Edge Extension: (Spoof Geolocation) - C:\Users\that1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fnnngapjnekgpbhfcjkojkelonnllkej [2024-08-26]
Edge Extension: (Google Docs Offline) - C:\Users\that1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-11-05]
Edge Extension: (Edge relevant text changes) - C:\Users\that1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]

FireFox:
========
FF DefaultProfile: u5hctt14.default
FF ProfilePath: C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\u5hctt14.default [2023-06-07]
FF ProfilePath: C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release [2024-11-11]
FF Notifications: Mozilla\Firefox\Profiles\bpff57y8.default-release -> hxxps://tinder.com; hxxps://sniffies.com
FF Extension: (Photo Editor & Search) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\addon@photoeditor.net.xpi [2024-09-28]
FF Extension: (Bookmark Dupes) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\bookmarkdupes@martin-vaeth.org.xpi [2024-10-14]
FF Extension: (Firefox Color) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\FirefoxColor@mozilla.com.xpi [2023-06-07]
FF Extension: (Honey) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2023-06-07]
FF Extension: (Tab Session Manager) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2024-08-21]
FF Extension: (Colourful Spectrum) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{2365ada2-af27-463b-9830-071c51531043}.xpi [2023-06-07]
FF Extension: (Blue Mozilla Firefox) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{250785ec-4aec-42b6-823f-05343d80e109}.xpi [2023-06-07]
FF Extension: (ANIMATED In the Beginning by candelora) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{252b9dd5-f423-44d9-b8b5-20a49a74b9de}.xpi [2023-06-07]
FF Extension: (Colorful Fractal) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{36c0bcea-70d9-4400-b2ea-f43c385507e6}.xpi [2023-06-07]
FF Extension: (Black Pixel Firefox) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{46f60d87-d458-4083-b2a6-d8165d1c296c}.xpi [2023-06-07]
FF Extension: (Aurora Australis) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{53dae7e9-b173-4eff-9d38-af2e398a5912}.xpi [2023-06-07]
FF Extension: (blue-dirty V2) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{59f5c705-6c66-4158-ab87-b9abd73f25aa}.xpi [2023-06-07]
FF Extension: (Spoof Geolocation) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{61173a74-ece7-4ef3-86a7-525538b78430}.xpi [2024-08-26]
FF Extension: (Frontier Slither) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{6dcd76ee-8f52-4ee4-9677-6377c9698595}.xpi [2023-09-10]
FF Extension: (Colorful Abstract Neon) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{9fd56529-f621-4820-8128-f0bbbdbd8a73}.xpi [2023-07-15]
FF Extension: (Bookmarks clean up) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{a1087d5d-d793-445a-b988-088b1d86f2a6}.xpi [2024-10-14]
FF Extension: (SciFi) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{a7f8e0cd-f3f4-41bb-9043-d3fc0e9e0b92}.xpi [2023-06-07]
FF Extension: (witchdoctor) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{a915096e-21c5-4c28-8c4c-5cd7a5a519ec}.xpi [2023-09-10]
FF Extension: (Firefox - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{ac40163c-8804-4dad-90fc-e25ebd6e9a57}.xpi [2023-06-07]
FF Extension: (Cosmic Cloud) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{cdabc232-3126-426f-8624-3d4b1609e431}.xpi [2024-05-01]
FF Extension: (Apple TV HD) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{ea5ba13a-228e-4d09-b611-c8709329b2e4}.xpi [2023-06-07]
FF Extension: (MATRIX_PURPLE) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{eae1760f-9efe-475a-ab47-62e482c7d91c}.xpi [2023-06-07]
FF Extension: (Northern Lake FT by MaDonna) - C:\Users\that1\AppData\Roaming\Mozilla\Firefox\Profiles\bpff57y8.default-release\Extensions\{fcebb804-5eb9-43d9-a12a-30f6ca1b9b1b}.xpi [2023-06-07]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-05-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\that1\AppData\Local\Google\Chrome\User Data\Default [2024-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\that1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-10-17]
CHR Extension: (NTL MOD for Slither.io) - C:\Users\that1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpgaehmokjbdfkbgkeifbfogjalkpfgb [2024-10-17]
CHR Extension: (Frontier Slither) - C:\Users\that1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfiikecahagonfbnjfhjphocjlaacmc [2024-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\that1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.03.12\atkexComSvc.exe [908648 2024-09-21] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe [1360016 2020-12-22] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [502120 2023-11-22] (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.43\AsusFanControlService.exe [1854312 2024-09-21] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [1132000 2024-11-11] (ASUSTeK COMPUTER INC. -> )
S2 CamoService; C:\Program Files (x86)\Camo Studio\Service\CamoService.exe [513632 2024-08-22] (REINCUBATE LIMITED -> Reincubate)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13650648 2024-10-27] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4581320 2023-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [47000 2024-09-26] (Intel Corporation -> Intel)
R2 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [330136 2024-09-26] (Intel Corporation -> Intel)
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [18753120 2024-11-05] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-06-22] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [437096 2023-05-23] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [437096 2023-05-23] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [437096 2023-05-23] (EXPRSVPN LLC -> ExpressVPN)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncHelper.exe [3524624 2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1924248 2023-06-07] (A-Volute SAS -> Nahimic)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ea7f458f0e49497d\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.201.1006.0005\OneDriveUpdaterService.exe [3869216 2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19777944 2024-11-07] (Logitech Inc -> Logitech, Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2024-05-15] (Razer USA Ltd. -> Razer Inc.)
R2 SeagateSecure; C:\ProgramData\Toolkit\SeagateSecureService.exe [375064 2024-06-10] (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [505608 2024-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2024-04-12] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [34112 2019-07-02] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [34384 2022-02-10] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [59344 2023-11-22] (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.)
R3 AVoluteSS3Vad; C:\WINDOWS\System32\drivers\AVoluteSS3Vad.sys [94712 2023-06-07] (A-Volute -> Windows ® Win 7 DDK provider)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2024-09-16] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 camodriver; C:\WINDOWS\System32\DriverStore\FileRepository\camodriver.inf_amd64_99bad0a66e30f6f3\x64\camodriver.sys [36912 2024-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Reincubate Ltd.)
S3 Camo_e070661c-ac3f-4aae-aa3f-7d4e8ded5142; C:\WINDOWS\System32\drivers\vacrnckd.sys [193120 2024-08-22] (Muzychenko Evgenii Viktorovich, IP -> )
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2024-04-12] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2023-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2023-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 e2fexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e2f.inf_amd64_b0343b02ae8bdfed\e2f.sys [530048 2024-01-26] (Intel Corporation -> Intel Corporation)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2023-05-23] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2021-12-07] (Express VPN International Ltd. -> ExpressVPN)
R0 FNETHYRAMAS; C:\WINDOWS\System32\drivers\FNETHYRAMAS.SYS [56496 2023-06-05] (FNet Co., Ltd. -> FNet Co., Ltd.)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [222528 2024-11-06] (Microsoft Windows -> Microsoft Corporation)
R1 gnf; C:\WINDOWS\System32\drivers\gnf.sys [102416 2022-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 HHTHid; C:\WINDOWS\System32\drivers\HHTHid.sys [24784 2019-10-10] (Shenzhen Evision Semiconductor Technology Co.,Ltd. -> 0)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 IGO_VSD; C:\WINDOWS\system32\drivers\igovsd.sys [40224 2020-12-22] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelli-go)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2024-01-26] (Intel Corporation -> Intel Corporation)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [54888 2024-09-04] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [132512 2024-11-06] (Microsoft Windows -> Microsoft Corporation)
R2 Ld9BoxSup; C:\Program Files\ldplayer9box\Ld9BoxSup.sys [376144 2023-07-16] (Shanghai Chang Zhi Network Technology Co,. Ltd. -> Oracle Corporation)
R3 MpKslda5e3c39; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02126E40-A8D3-4D82-BF8F-361FA25E8003}\MpKslDrv.sys [267552 2024-11-11] (Microsoft Windows -> Microsoft Corporation)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19672 2023-12-10] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 R0GameTurbo; C:\ProgramData\ASUS\GameFirst\hd.sys [14544 2024-11-11] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R3 RtkUsbAD_2342; C:\WINDOWS\System32\DriverStore\FileRepository\rtdusbad_asus.inf_amd64_18c806ee4356d088\RtUsbA64.sys [496440 2023-06-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [61496 2021-12-07] (ExprsVPN LLC -> The OpenVPN Project)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 vkrnlintvsc; C:\WINDOWS\System32\DriverStore\FileRepository\wvkrnlintvsc.inf_amd64_ae7c1fb85fc0224e\vkrnlintvsc.sys [79168 2024-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 vkrnlintvsp; C:\WINDOWS\System32\DriverStore\FileRepository\wvkrnlintvsp.inf_amd64_7f25c22c694a2f52\vkrnlintvsp.sys [79264 2024-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2024-11-06] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-31] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-11-11 02:02 - 2024-11-11 02:03 - 000042711 _____ C:\Users\that1\Desktop\FRST.txt
2024-11-11 02:01 - 2024-11-11 02:02 - 000000000 ____D C:\FRST
2024-11-11 01:59 - 2024-11-11 01:59 - 002400768 _____ (Farbar) C:\Users\that1\Desktop\FRST64.exe
2024-11-08 00:45 - 2024-11-08 00:45 - 000001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi Plugin Service.lnk
2024-11-08 00:45 - 2024-11-08 00:45 - 000000859 _____ C:\Users\Public\Desktop\Logi Options+.lnk
2024-11-08 00:45 - 2024-11-08 00:45 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-11-06 22:32 - 2024-11-06 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerShell
2024-11-06 22:32 - 2024-11-06 22:32 - 000000000 ____D C:\Program Files\PowerShell
2024-11-06 22:22 - 2024-11-06 22:24 - 000000000 ____D C:\Users\that1\Desktop\advancedrun
2024-11-06 20:27 - 2024-11-09 22:22 - 000000000 ____D C:\WINDOWS\Panther
2024-11-06 05:42 - 2024-11-06 05:42 - 000000000 ____D C:\Users\that1\Desktop\powershell
2024-11-06 05:41 - 2024-11-06 05:41 - 111161483 _____ C:\Users\that1\Desktop\PowerShell-7.4.6-win-x64.zip
2024-11-06 05:14 - 2024-11-06 05:14 - 000000677 _____ C:\Users\that1\Desktop\reinstall-preinstalledApps.zip
2024-11-06 05:12 - 2024-11-06 05:12 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2024-11-06 05:12 - 2024-11-06 05:12 - 000000000 ____D C:\Program Files\Unlocker
2024-11-06 05:11 - 2024-11-06 05:11 - 000000000 ____D C:\Users\that1\AppData\Roaming\Babylon
2024-11-06 05:11 - 2024-11-06 05:11 - 000000000 ____D C:\Users\that1\AppData\Local\Babylon
2024-11-06 05:11 - 2024-11-06 05:11 - 000000000 ____D C:\ProgramData\Babylon
2024-11-06 05:01 - 2024-11-10 19:58 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-11-06 04:54 - 2024-11-06 04:54 - 000000000 ____H C:\Users\that1\Documents\Default.rdp
2024-11-06 02:27 - 2024-11-06 02:27 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-11-06 02:25 - 2024-11-11 01:38 - 000791338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-11-06 02:25 - 2024-11-06 02:25 - 000001266 __RSH C:\ProgramData\ntuser.pol
2024-11-06 02:25 - 2024-11-06 02:25 - 000000020 ___SH C:\Users\that1\ntuser.ini
2024-11-06 02:24 - 2024-11-11 01:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-11-06 02:24 - 2024-11-06 02:24 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-06 02:24 - 2024-11-06 02:24 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-06 02:24 - 2024-11-06 02:24 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2826018304-3046952284-471009816-1001
2024-11-06 02:24 - 2024-11-06 02:24 - 000003042 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2024-11-06 02:24 - 2024-11-06 02:24 - 000003034 _____ C:\WINDOWS\system32\Tasks\ASUS Optimization 36D18D69AFC3
2024-11-06 02:24 - 2024-11-06 02:24 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000002970 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-11-06 02:24 - 2024-11-06 02:24 - 000002956 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2024-11-06 02:24 - 2024-11-06 02:24 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000002820 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2024-11-06 02:24 - 2024-11-06 02:24 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-11-06 02:24 - 2024-11-06 02:24 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-11-06 02:24 - 2024-11-06 02:24 - 000002654 _____ C:\WINDOWS\system32\Tasks\GameTurbo
2024-11-06 02:24 - 2024-11-06 02:24 - 000002604 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-11-06 02:24 - 2024-11-06 02:24 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-11-06 02:24 - 2024-11-06 02:24 - 000002342 _____ C:\WINDOWS\system32\Tasks\NahimicSvc64Run
2024-11-06 02:24 - 2024-11-06 02:24 - 000002342 _____ C:\WINDOWS\system32\Tasks\NahimicSvc32Run
2024-11-06 02:24 - 2024-11-06 02:24 - 000002212 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2024-11-06 02:24 - 2024-11-06 02:24 - 000002192 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2024-11-06 02:24 - 2024-11-06 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-11-06 02:24 - 2024-11-06 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2024-11-06 02:24 - 2024-11-06 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-11-06 02:24 - 2024-11-06 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2024-11-06 02:23 - 2024-11-06 02:23 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-11-06 02:22 - 2024-11-11 01:34 - 000001022 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2024-11-06 02:12 - 2024-11-10 21:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-11-06 02:12 - 2024-11-06 20:27 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2024-11-06 02:12 - 2024-11-06 02:12 - 000334688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-11-06 02:08 - 2024-11-06 04:11 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Crypto
2024-11-06 02:08 - 2024-11-06 02:08 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\SystemCertificates
2024-11-06 02:08 - 2024-11-06 02:08 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Network
2024-11-06 02:05 - 2024-11-10 02:40 - 000000000 ____D C:\Users\that1
2024-11-06 02:05 - 2024-11-06 04:11 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-11-06 02:05 - 2024-11-06 04:11 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Spelling
2024-11-06 02:05 - 2024-11-06 02:27 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Windows
2024-11-06 02:05 - 2024-11-06 02:05 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-11-06 02:04 - 2024-11-06 02:04 - 000000000 ___SD C:\WINDOWS\system32\Containers
2024-11-06 02:04 - 2024-11-06 02:04 - 000000000 ____D C:\WINDOWS\system32\HvsiSettingsProviders
2024-11-06 01:59 - 2024-11-06 01:59 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-11-06 00:10 - 2024-11-06 00:12 - 000000000 ____D C:\SRBackup
2024-11-05 19:59 - 2024-11-06 00:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-11-04 23:26 - 2024-11-04 23:26 - 000000000 ____D C:\Users\that1\Desktop\Armoury Crate Uninstall Tool V2.2.12.0
2024-11-03 21:59 - 2024-11-03 21:59 - 000956928 _____ (Farbar) C:\Users\that1\Desktop\MiniToolBox.exe
2024-11-03 21:54 - 2024-11-06 04:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2024-11-03 21:54 - 2024-11-03 21:54 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2024-11-03 21:54 - 2024-11-03 21:54 - 000000000 ____D C:\Program Files\Speccy
2024-11-03 21:53 - 2024-11-03 21:53 - 018824928 _____ (Piriform Software Ltd) C:\Users\that1\Desktop\spsetup133.exe
2024-11-03 12:51 - 2024-11-10 21:56 - 000000000 ____D C:\Users\that1\Desktop\windows sucks
2024-11-03 00:26 - 2024-11-02 22:43 - 000001205 _____ C:\Users\that1\Desktop\AOMEI Partition Assistant 10.5.0.lnk
2024-11-02 23:24 - 2024-11-02 23:57 - 000000000 ____D C:\ESD
2024-11-02 23:23 - 2024-11-02 23:23 - 000000000 ___HD C:\$Windows.~WS
2024-11-02 22:43 - 2024-11-06 04:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant
2024-11-02 22:43 - 2024-11-05 00:24 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant
2024-11-02 22:43 - 2024-04-12 19:57 - 001332728 _____ C:\WINDOWS\ddmmain.exe
2024-11-02 22:43 - 2024-04-12 19:57 - 000035760 _____ C:\WINDOWS\system32\ddmdrv.sys
2024-11-02 22:42 - 2024-11-02 22:42 - 000000000 ____D C:\Users\that1\AppData\Roaming\Logitech
2024-11-02 22:42 - 2024-11-02 22:42 - 000000000 ____D C:\Users\that1\AppData\Roaming\Logishrd
2024-11-02 03:04 - 2024-11-02 03:04 - 000000000 ____D C:\Users\that1\AppData\Roaming\SmartCards
2024-10-13 03:08 - 2024-10-13 03:08 - 000000000 ____D C:\Users\Default\AppData\Local\Logi
2024-10-13 03:08 - 2024-10-13 03:08 - 000000000 ____D C:\ProgramData\Logi
2024-10-12 17:05 - 2024-10-12 17:05 - 000000000 ____D C:\Users\that1\AppData\Roaming\NVIDIA
2024-10-12 17:00 - 2024-11-06 02:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-10-12 16:57 - 2024-09-28 12:32 - 000125048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2024-10-12 16:56 - 2024-09-28 15:03 - 002060648 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-10-12 16:56 - 2024-09-28 15:03 - 002060648 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-10-12 16:56 - 2024-09-28 15:03 - 001600360 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-10-12 16:56 - 2024-09-28 15:03 - 001600360 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-10-12 16:56 - 2024-09-28 15:03 - 001452392 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-10-12 16:56 - 2024-09-28 15:03 - 001452392 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-10-12 16:56 - 2024-09-28 15:03 - 001301864 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-10-12 16:56 - 2024-09-28 15:03 - 001301864 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-10-12 16:56 - 2024-09-28 15:03 - 000477816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-10-12 16:56 - 2024-09-28 15:03 - 000374920 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-10-12 16:56 - 2024-09-28 15:00 - 001114232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-10-12 16:56 - 2024-09-28 15:00 - 000670240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-10-12 16:56 - 2024-09-28 15:00 - 000505488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-10-12 16:56 - 2024-09-28 14:59 - 025450104 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2024-10-12 16:56 - 2024-09-28 14:59 - 002184824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-10-12 16:56 - 2024-09-28 14:59 - 001634952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-10-12 16:56 - 2024-09-28 14:59 - 001554568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-10-12 16:56 - 2024-09-28 14:59 - 001209480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-10-12 16:56 - 2024-09-28 14:59 - 001041528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-10-12 16:56 - 2024-09-28 14:59 - 000863352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-10-12 16:56 - 2024-09-28 14:59 - 000801416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-10-12 16:56 - 2024-09-28 14:59 - 000461944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-10-12 16:56 - 2024-09-28 14:58 - 017737352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-10-12 16:56 - 2024-09-28 14:58 - 016811128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-10-12 16:56 - 2024-09-28 14:58 - 006952568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-10-12 16:56 - 2024-09-28 14:58 - 005909624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-10-12 16:56 - 2024-09-28 14:58 - 005435528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-10-12 16:56 - 2024-09-28 14:58 - 003807880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-10-12 16:56 - 2024-09-28 14:58 - 000853640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-10-12 16:56 - 2024-09-28 14:57 - 007157504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-10-12 16:56 - 2024-09-28 14:57 - 006234672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-10-12 16:56 - 2024-09-26 18:17 - 000132691 _____ C:\WINDOWS\system32\nvinfo.pb
2024-10-12 00:39 - 2024-10-12 00:39 - 000000000 ____D C:\Users\that1\AppData\Local\REDACTED

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-11-11 01:54 - 2024-09-24 23:11 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2024-11-11 01:50 - 2024-09-24 23:12 - 000000000 ____D C:\Users\that1\AppData\Local\BlueStacks X
2024-11-11 01:50 - 2024-09-24 23:11 - 000000000 ____D C:\Users\that1\AppData\Roaming\bluestacks-services
2024-11-11 01:50 - 2024-09-24 23:11 - 000000000 ____D C:\ProgramData\bst_boost_interprocess
2024-11-11 01:50 - 2023-06-09 17:53 - 000000000 ____D C:\Program Files (x86)\Steam
2024-11-11 01:45 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-11-11 01:38 - 2024-04-01 01:24 - 000000000 ____D C:\WINDOWS\INF
2024-11-11 01:37 - 2023-06-09 18:40 - 000000000 ____D C:\Users\that1\AppData\Roaming\discord
2024-11-11 01:36 - 2023-06-07 01:31 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-11-11 01:35 - 2024-09-16 22:16 - 000000000 ____D C:\Users\that1\AppData\Local\LogiOptionsPlus
2024-11-11 01:35 - 2024-09-04 02:24 - 000000000 ____D C:\Users\that1\AppData\Roaming\Toolkit
2024-11-11 01:35 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-11-11 01:35 - 2023-06-09 18:39 - 000000000 ____D C:\Users\that1\AppData\Local\Discord
2024-11-11 01:35 - 2023-06-06 22:34 - 000002389 _____ C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sonic Suite Companion.lnk
2024-11-11 01:35 - 2023-06-05 21:01 - 000000000 ____D C:\Users\that1\AppData\Local\LogiBolt
2024-11-11 01:35 - 2023-06-05 18:02 - 000000000 ___RD C:\Users\that1\OneDrive
2024-11-11 01:34 - 2024-04-01 01:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-11-11 01:34 - 2023-06-11 02:41 - 000000000 ____D C:\ProgramData\NVIDIA
2024-11-11 01:34 - 2023-06-05 19:46 - 000000000 ____D C:\ProgramData\ASUS
2024-11-11 01:34 - 2023-06-05 19:45 - 001180016 _____ () C:\WINDOWS\system32\wpbbin.exe
2024-11-11 01:34 - 2023-06-05 19:45 - 001132000 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2024-11-11 01:34 - 2023-06-05 19:45 - 000012288 ___SH C:\DumpStack.log.tmp
2024-11-10 23:24 - 2024-04-01 01:21 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2024-11-10 19:05 - 2023-06-05 18:00 - 000000000 ____D C:\Users\that1\AppData\Local\D3DSCache
2024-11-10 18:04 - 2024-04-01 01:26 - 000000000 ___HD C:\Program Files\WindowsApps
2024-11-08 01:56 - 2024-09-16 22:16 - 000000000 ____D C:\Users\that1\AppData\Roaming\logioptionsplus
2024-11-08 01:15 - 2023-06-05 19:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-11-08 01:15 - 2023-06-05 19:46 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-11-08 00:45 - 2023-06-05 21:01 - 000000000 ____D C:\Program Files\Logi
2024-11-08 00:45 - 2023-06-05 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-11-08 00:16 - 2023-06-07 22:58 - 000000000 ____D C:\Program Files\dotnet
2024-11-08 00:16 - 2023-06-05 18:03 - 000000000 ____D C:\ProgramData\Package Cache
2024-11-07 23:58 - 2023-09-10 21:13 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-11-07 23:58 - 2023-09-10 21:13 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-11-06 23:45 - 2024-04-01 01:26 - 000000000 ____D C:\ProgramData\USOPrivate
2024-11-06 22:51 - 2023-06-05 18:02 - 000000000 ____D C:\Users\that1\AppData\Local\PlaceholderTileLogoFolder
2024-11-06 22:31 - 2023-06-05 19:48 - 000000000 ____D C:\ProgramData\Packages
2024-11-06 22:31 - 2023-06-05 18:00 - 000000000 ____D C:\Users\that1\AppData\Local\Packages
2024-11-06 20:37 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-11-06 05:50 - 2023-06-06 22:43 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Word
2024-11-06 05:19 - 2015-06-29 16:13 - 000001067 _____ C:\Users\that1\Downloads\reinstall-preinstalledApps.ps1
2024-11-06 04:11 - 2024-09-24 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks X
2024-11-06 04:11 - 2024-08-21 23:13 - 000000000 ____D C:\WINDOWS\system32\%userprofile%
2024-11-06 04:11 - 2024-05-01 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Axon
2024-11-06 04:11 - 2024-04-01 02:03 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-11-06 04:11 - 2024-04-01 01:26 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-11-06 04:11 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-11-06 04:11 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\spool
2024-11-06 04:11 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-11-06 04:11 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-11-06 04:11 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2024-11-06 04:11 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ServiceState
2024-11-06 04:11 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-11-06 04:11 - 2024-04-01 01:26 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-11-06 04:11 - 2023-09-10 21:26 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2024-11-06 04:11 - 2023-06-13 02:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2024-11-06 04:11 - 2023-06-11 02:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2024-11-06 04:11 - 2023-06-09 19:30 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-11-06 04:11 - 2023-06-09 18:40 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-11-06 04:11 - 2023-06-09 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2024-11-06 04:11 - 2023-06-09 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2024-11-06 04:11 - 2023-06-07 01:06 - 000000000 ____D C:\WINDOWS\system32\DTS
2024-11-06 04:11 - 2023-06-07 00:50 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2024-11-06 04:11 - 2023-06-06 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2024-11-06 04:11 - 2023-06-06 23:47 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LDPlayer9
2024-11-06 04:11 - 2023-06-06 23:47 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LDMultiPlayer
2024-11-06 04:11 - 2023-06-06 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-11-06 04:11 - 2023-06-06 22:37 - 000000000 ____D C:\Program Files\Intel
2024-11-06 04:11 - 2023-06-05 23:29 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-11-06 04:11 - 2023-06-05 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-11-06 04:11 - 2023-06-05 23:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2024-11-06 04:11 - 2023-06-05 23:13 - 000000000 ____D C:\WINDOWS\system32\A-Volute
2024-11-06 04:11 - 2022-05-07 01:39 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2024-11-06 04:11 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-11-06 04:11 - 2022-05-06 23:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-11-06 04:11 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-11-06 04:11 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-11-06 03:58 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\appcompat
2024-11-06 02:25 - 2024-04-01 01:21 - 000000000 ____D C:\WINDOWS\servicing
2024-11-06 02:25 - 2023-06-05 18:00 - 000338040 _____ () C:\WINDOWS\system32\AsusDownLoadLicense.exe
2024-11-06 02:25 - 2023-06-05 18:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-11-06 02:24 - 2024-04-01 01:26 - 000000000 ___RD C:\Program Files\Windows Defender
2024-11-06 02:23 - 2024-04-01 01:26 - 000000000 __RHD C:\Users\Public\Libraries
2024-11-06 02:23 - 2024-04-01 01:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-11-06 02:12 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2024-11-06 02:10 - 2024-04-01 01:29 - 000000000 ____D C:\WINDOWS\Setup
2024-11-06 02:07 - 2024-04-01 01:26 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2024-11-06 02:06 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-11-06 02:05 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\schemas
2024-11-06 02:05 - 2023-06-13 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2024-11-06 02:05 - 2023-06-05 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2024-11-06 02:05 - 2023-06-05 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2024-11-06 02:05 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-11-06 02:04 - 2024-10-04 18:23 - 002565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2024-11-06 02:04 - 2024-10-04 18:23 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe
2024-11-06 02:04 - 2024-10-04 18:23 - 000439736 _____ (Microsoft Corporation) C:\WINDOWS\system32\nvspinfo.exe
2024-11-06 02:04 - 2024-10-04 18:23 - 000390560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmscrub.exe
2024-11-06 02:04 - 2024-10-04 18:23 - 000357816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsSandboxClient.exe
2024-11-06 02:04 - 2024-10-04 18:23 - 000316728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2024-11-06 02:04 - 2024-10-04 18:23 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpapi.dll
2024-11-06 02:04 - 2024-10-04 18:23 - 000128456 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe
2024-11-06 02:04 - 2024-10-04 18:23 - 000075192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspiper.dll
2024-11-06 02:04 - 2024-10-04 18:23 - 000075192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxyHNic.sys
2024-11-06 02:04 - 2024-10-04 18:23 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ManagedWindowsVM.ProxyStub.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 001667072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys
2024-11-06 02:04 - 2024-10-04 18:22 - 001602976 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeAgent.exe
2024-11-06 02:04 - 2024-10-04 18:22 - 001140144 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 001074504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsSandbox.exe
2024-11-06 02:04 - 2024-10-04 18:22 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\gns.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000521656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000517536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000517536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000507904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvpci.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000464304 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000439728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000398768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmiccore.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000337328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CmAgent.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000329136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vp9fs.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000271792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000243128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ManagedWindowsVM.exe
2024-11-06 02:04 - 2024-10-04 18:22 - 000214432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2024-11-06 02:04 - 2024-10-04 18:22 - 000124320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2024-11-06 02:04 - 2024-10-04 18:22 - 000083376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2024-11-06 02:04 - 2024-10-04 18:22 - 000071096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxy.sys
2024-11-06 02:04 - 2024-10-04 18:04 - 000222528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fse.sys
2024-11-06 02:04 - 2024-10-04 18:04 - 000144688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2024-11-06 02:04 - 2024-10-04 18:03 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmhbmgmt.dll
2024-11-06 02:04 - 2024-10-04 18:03 - 000116144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcsetupagent.exe
2024-11-06 02:04 - 2024-10-04 18:03 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusproxy.sys
2024-11-06 02:04 - 2024-10-04 18:03 - 000095664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2024-11-06 02:04 - 2024-10-04 18:03 - 000071088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NvAgent.dll
2024-11-06 02:04 - 2024-10-04 18:03 - 000071088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2024-11-06 02:04 - 2024-10-04 18:03 - 000066992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys
2024-11-06 02:04 - 2024-04-01 01:22 - 000652208 _____ C:\WINDOWS\system32\secfw_GenuineIntel.dll
2024-11-06 02:04 - 2024-04-01 01:22 - 000132400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpevents.dll
2024-11-06 02:04 - 2024-04-01 01:22 - 000104680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll
2024-11-06 02:04 - 2024-04-01 01:22 - 000058688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hnswfpdriver.sys
2024-11-06 02:04 - 2024-04-01 01:22 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnagent.dll
2024-11-06 02:04 - 2024-04-01 01:22 - 000046400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll
2024-11-06 02:04 - 2024-04-01 01:22 - 000026032 _____ (Microsoft Corporation) C:\WINDOWS\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2024-11-06 02:04 - 2024-04-01 01:22 - 000026016 _____ (Microsoft Corporation) C:\WINDOWS\system32\f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.dll
2024-11-06 02:04 - 2024-04-01 01:22 - 000025904 _____ (Microsoft Corporation) C:\WINDOWS\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2024-11-06 02:04 - 2024-04-01 01:22 - 000006658 _____ C:\WINDOWS\system32\VmFirmware Third-Party Notices.txt
2024-11-06 02:03 - 2024-10-04 18:23 - 000718256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2024-11-06 02:03 - 2024-10-04 18:23 - 000304560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2024-11-06 02:03 - 2024-10-04 18:23 - 000259488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2024-11-06 02:03 - 2024-10-04 18:23 - 000148920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll
2024-11-06 02:03 - 2024-10-04 18:23 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvsiproxyapp.exe
2024-11-06 02:03 - 2024-10-04 18:23 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsiproxyapp.exe
2024-11-06 02:03 - 2024-10-04 18:23 - 000050632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 004363720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2024-11-06 02:03 - 2024-10-04 18:22 - 003720328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2024-11-06 02:03 - 2024-10-04 18:22 - 000853408 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000615880 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000603552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmflexio.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000579000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000550304 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmpmem.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000435344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000431536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000329144 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmCrashDump.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000329120 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000271816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CExecSvc.exe
2024-11-06 02:03 - 2024-10-04 18:22 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnsdiag.exe
2024-11-06 02:03 - 2024-10-04 18:22 - 000234912 _____ (Microsoft Corporation) C:\WINDOWS\system32\IsolatedWindowsEnvironmentUtils.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000226624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickrnl.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCG.exe
2024-11-06 02:03 - 2024-10-04 18:22 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvirtio.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000151992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IsolatedWindowsEnvironmentUtils.dll
2024-11-06 02:03 - 2024-10-04 18:22 - 000132512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l1vhlwf.sys
2024-11-06 02:03 - 2024-10-04 18:03 - 000365984 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe
2024-11-06 02:03 - 2024-10-04 18:03 - 000096432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmsvc.dll
2024-11-06 02:03 - 2024-10-04 18:03 - 000087472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l2bridge.sys
2024-11-06 02:03 - 2024-10-04 18:03 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCGLaunchPad.dll
2024-11-06 02:03 - 2024-10-04 18:03 - 000054576 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll
2024-11-06 02:03 - 2024-10-04 18:03 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeProxy.dll
2024-11-06 02:03 - 2024-04-01 01:22 - 000190784 _____ C:\WINDOWS\system32\secfw_AuthenticAMD.dll
2024-11-06 02:03 - 2024-04-01 01:22 - 000058800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtilityVmSysprep.dll
2024-11-06 02:03 - 2024-04-01 01:22 - 000050592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmsvcext.sys
2024-11-06 02:03 - 2024-04-01 01:22 - 000026016 _____ (Microsoft Corporation) C:\WINDOWS\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2024-11-06 02:03 - 2024-04-01 01:22 - 000025904 _____ (Microsoft Corporation) C:\WINDOWS\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2024-11-06 02:03 - 2024-04-01 01:22 - 000025904 _____ (Microsoft Corporation) C:\WINDOWS\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2024-11-06 02:03 - 2024-04-01 01:22 - 000006658 _____ C:\WINDOWS\system32\VmFirmwareHcl Third-Party Notices.txt
2024-11-06 00:14 - 2023-06-05 23:06 - 000000000 ____D C:\Users\that1\AppData\Local\CrashDumps
2024-11-06 00:13 - 2023-06-07 01:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-11-06 00:13 - 2023-06-06 23:06 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-11-05 23:48 - 2023-06-07 01:31 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-11-05 23:45 - 2023-06-06 22:42 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-11-05 20:11 - 2023-06-09 18:18 - 000000000 ____D C:\ProgramData\EA Desktop
2024-11-05 00:31 - 2023-06-05 18:13 - 000000000 ____D C:\Users\that1\AppData\Roaming\Microsoft\MMC
2024-11-05 00:24 - 2023-06-06 23:53 - 000000000 ____D C:\ProgramData\AOMEIPA
2024-11-05 00:23 - 2023-06-06 23:53 - 000001024 ____H C:\AMTAG.BIN
2024-11-05 00:23 - 2023-06-06 23:52 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-11-05 00:00 - 2023-06-05 22:40 - 000000000 ____D C:\Program Files\Razer
2024-11-05 00:00 - 2023-06-05 22:21 - 000000000 ____D C:\Program Files (x86)\Razer
2024-11-04 23:28 - 2023-06-06 00:21 - 000000000 ____D C:\Program Files\ASUS
2024-11-04 23:28 - 2023-06-05 23:11 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-11-04 23:28 - 2023-06-05 18:04 - 000000000 ____D C:\Users\that1\AppData\Local\ASUS
2024-11-04 23:28 - 2023-06-05 18:02 - 000000000 ____D C:\Program Files (x86)\ASUS
2024-11-04 23:17 - 2023-06-05 22:23 - 000000000 ____D C:\Users\that1\AppData\Local\Razer
2024-11-04 23:17 - 2023-06-05 22:15 - 000000000 ____D C:\ProgramData\Razer
2024-11-04 23:15 - 2023-06-05 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-11-04 23:01 - 2023-06-09 18:40 - 000002243 _____ C:\Users\that1\Desktop\Discord.lnk
2024-11-04 23:00 - 2023-06-13 02:26 - 000000000 ____D C:\Users\that1\AppData\Roaming\asus_framework
2024-11-02 22:43 - 2023-06-06 23:53 - 000000000 ____D C:\ProgramData\AomeiBR
2024-11-02 22:15 - 2024-09-26 21:48 - 000000000 ____D C:\Program Files (x86)\ONN
2024-11-02 02:38 - 2023-07-28 20:22 - 000000000 ____D C:\Users\that1\AppData\Local\ElevatedDiagnostics
2024-11-01 18:14 - 2023-06-06 22:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-10-31 01:00 - 2023-06-05 19:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-10-28 20:57 - 2024-05-01 20:25 - 000001133 _____ C:\Users\Public\Desktop\Razer Axon.lnk
2024-10-12 17:04 - 2023-06-06 23:47 - 000000000 ____D C:\Users\that1\AppData\Local\NVIDIA
2024-10-12 17:00 - 2023-06-05 17:58 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-10-12 00:39 - 2023-06-11 02:37 - 000000000 ____D C:\Users\that1\AppData\Local\UnrealEngine
2024-10-12 00:39 - 2023-06-07 01:19 - 000000000 ____D C:\Users\that1\AppData\Local\NVIDIA Corporation

==================== Files in the root of some directories ========

2023-06-06 23:47 - 2023-06-06 23:47 - 000000068 _____ () C:\Users\that1\AppData\Roaming\changzhi_leidian.data
2023-06-07 02:57 - 2023-06-08 01:15 - 000007629 _____ () C:\Users\that1\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2024 02
Ran by that1 (11-11-2024 02:03:28)
Running from C:\Users\that1\Desktop
Microsoft Windows 11 Pro Version 24H2 26100.2033 (X64) (2024-11-06 08:25:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2826018304-3046952284-471009816-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2826018304-3046952284-471009816-503 - Limited - Disabled)
Guest (S-1-5-21-2826018304-3046952284-471009816-501 - Limited - Disabled)
that1 (S-1-5-21-2826018304-3046952284-471009816-1001 - Administrator - Enabled) => C:\Users\that1
WDAGUtilityAccount (S-1-5-21-2826018304-3046952284-471009816-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\uTorrent) (Version: 3.6.0.46812 - BitTorrent Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.01.10 - ASUSTeK Computer Inc.)
AIDA64 Extreme v6.85 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.85 - FinalWire Ltd.)
AOMEI Partition Assistant 10.5.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: 10.5.0 - AOMEI International Network Limited.)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.21.560.1027 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\BlueStacks X) (Version: 10.41.560.1001 - now.gg, Inc.)
Camo Studio Compatibility Add-on (HKLM\...\{89AC3A0E-E147-4A58-95A0-19A8D2BDC541}) (Version: 1.0.1.12935 - Reincubate)
CPUID ROG CPU-Z 1.94 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.94 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.13.0.1387 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\Discord) (Version: 1.0.9013 - Discord Inc.)
Documentation Manager (HKLM\...\{50988851-2B4A-4616-A8DF-F26FB658C163}) (Version: 23.80.1.3 - Intel Corporation) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{17F8B918-1DD0-4F52-8AC2-5604F1112276}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.335.0.5848 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{99e78c1c-d34b-42af-bb92-112bf15e2dcf}) (Version: 13.335.0.5848 - Electronic Arts)
ExpressVPN (HKLM-x32\...\{665fe0dd-e156-4620-9f2a-092367e44813}) (Version: 12.50.0.4 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B899ED7835}) (Version: 12.50.0.4 - ExpressVPN) Hidden
GameFirst VI (HKLM\...\{1256868D-A4D7-470C-B622-52E92F392A5A}) (Version: 6.1.27.6 - ASUSTek COMPUTER INC.) Hidden
GameFirst VI (HKLM-x32\...\GameFirst VI 6.1.27.6) (Version: 6.1.27.6 - ASUSTek COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 130.0.6723.117 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{FD1F89D7-58B0-4AEA-995D-72D07C5302A4}) (Version: 24.5.40.11 - Intel) Hidden
Intel Processor Diagnostic Tool 64bit (HKLM\...\{022AEC23-4961-48F9-ABFC-85EB91BF88AB}) (Version: 4.1.7 - Intel Corporation)
Intel® Chipset Device Software (HKLM\...\{2B96B7E3-FA08-4749-9D23-CDC64F1B835B}) (Version: 10.1.19600.8418 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{404581d0-19c1-47ba-bcd3-10178793c239}) (Version: 10.1.19600.8418 - Intel® Corporation)
Intel® Computing Improvement Program (HKLM\...\{89E7E64C-A30C-4D24-9D12-B354CA2335DE}) (Version: 2.4.10888 - Intel Corporation)
Intel® Extreme Tuning Utility (HKLM-x32\...\{fb8b4183-11c5-488b-afee-ff0ae6d25d0e}) (Version: 7.11.1.5 - Intel Corporation)
Intel® Icls (HKLM\...\{BB6FA9DE-4A06-4E18-857C-9FC7669F33D6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2335.5.26.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{C0166F86-9449-4821-AA99-59A2A1ACE19E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{6773A82F-8227-4090-8BC3-62B254E8BD2D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME WMI Provider (HKLM\...\{31C3AEA5-1745-45BA-9562-93E926BDF530}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2129.8 - Intel Corporation)
Intel® Serial IO (HKLM\...\{A5530342-3F3E-4C02-9ECA-20DC35944BFD}) (Version: 30.100.2129.8 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000080-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.80.0.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{43826762-6E01-46B8-81D5-79BA90ABED2F}) (Version: 24.5.40.11 - Intel)
Intel® Processor Identification Utility - Legacy (HKLM-x32\...\{C69778E0-DA28-4B61-99E2-90BFD3E6EF87}) (Version: 6.10.29.0517 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{3e8be4d7-1d82-4126-83dc-8c501c48ada5}) (Version: 23.80.1.3 - Intel Corporation) Hidden
LDPlayer (HKLM-x32\...\LDPlayer9) (Version: 9.0.53 - XUANZHI INTERNATIONAL CO., LIMITED)
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.2.6024.0 - Logi)
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.84.641293 - Logitech)
Logi Plugin Service (HKLM\...\{E49E3911-D775-41DA-9DF7-77A50142B18A}) (Version: 6.0.1.20838 - Logitech)
Logitech Unifying Software 2.52 (HKLM\...\Logitech Unifying) (Version: 2.52.33 - Logitech)
Microsoft .NET Host - 6.0.35 (x64) (HKLM\...\{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}) (Version: 48.140.21458 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.35 (x64) (HKLM\...\{E91F8AC1-4917-455E-AACA-B40B193C7A62}) (Version: 48.140.21458 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.35 (x64) (HKLM\...\{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}) (Version: 48.140.21458 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.35 (x64) (HKLM-x32\...\{96ec02bb-b5fa-4892-a305-c6128466beda}) (Version: 6.0.35.34109 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 130.0.2849.80 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 130.0.2849.68 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Home and Student 2019 - en-us (HKLM\...\HomeStudent2019Retail - en-us) (Version: 16.0.18129.20116 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.201.1006.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.35 (x64) (HKLM\...\{8AA69679-CCD6-42D9-BCDA-99BE386D57B7}) (Version: 48.140.21525 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.35 (x64) (HKLM-x32\...\{ed3bbfea-cc20-425e-b845-bc087d129675}) (Version: 6.0.35.34113 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 132.0.1 (x64 en-US)) (Version: 132.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 114.0 - Mozilla)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.28.0.417 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.417 - NVIDIA Corporation)
NVIDIA Graphics Driver 565.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 565.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.2.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.2.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18129.20100 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18129.20100 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18129.20116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
PowerShell 7-x64 (HKLM\...\{AA89DEED-9030-494E-9F28-53A4D9B55D12}) (Version: 7.4.6.0 - Microsoft Corporation)
RamCache III (HKLM-x32\...\RamCache III) (Version: 1.01.12 - ASUSTeKcomputer Inc)
Razer Axon (HKLM\...\Razer Axon_is1) (Version: 1.7.4.1 - Razer Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.2342 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.33 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Toolkit (HKLM-x32\...\Toolkit) (Version: 2.26.0.10 - Seagate)
Two-Way AI Noise Cancelation (HKLM\...\Two-Way AI Noise Cancelation) (Version: 1.0.2.3 - ASUSTek Computer Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows 11 Installation Assistant (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.3630 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Chrome apps:
============
Docs (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\1d01a9c20ab194dd30cac0629a5bd067) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\81a432664b7e1bf9f2e6de38c73bf268) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\ceaf35a7ddee61c864cd059019f83831) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\b865c727b9d41f0843f88e0039523395) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\62e0373dba193bcf924c9a7b07fe155e) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-2826018304-3046952284-471009816-1001\...\2e4ed5b8fb2eb85951302af430977fa8) (Version: 1.0 - Google\Chrome)

Packages:
=========
-> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.2911.0_x64__8wekyb3d8bbwe [2024-11-06] ()
AdobeSystemsIncorporated.AdobePhotoshopExpress -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.12.430.0_x64__ynb6jyjzte8ga [2024-11-06] (Adobe Inc.)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy [2024-11-06] (ASUSTeK COMPUTER INC.)
Network Speed Test -> C:\Program Files\WindowsApps\Microsoft.NetworkSpeedTest_1.0.0.23_x64__8wekyb3d8bbwe [2024-11-06] (Microsoft Research)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-11-06] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2024-11-06] (Realtek Semiconductor Corp)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0 [2024-11-10] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2826018304-3046952284-471009816-1001_Classes\CLSID\{2db59e37-0d0f-9458-c133-85e699bb3bdd}\localserver32 -> C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe (Razer USA Ltd. -> Razer Inc.)
CustomCLSID: HKU\S-1-5-21-2826018304-3046952284-471009816-1001_Classes\CLSID\{5405618e-4c42-4fb9-a80a-d24d89911296}\localserver32 -> C:\Users\that1\AppData\Local\NhNotifSys\sonicstudio\asusns.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-2826018304-3046952284-471009816-1001_Classes\CLSID\{995f8d89-8ab5-dd20-098d-b9419e93fd76}\localserver32 -> C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe (Razer USA Ltd. -> Razer Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2023-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2023-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] (Empty Loop -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.201.1006.0005\FileSyncShell64.dll [2024-11-05] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ea7f458f0e49497d\nvshext.dll [2024-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-14] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\that1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============
2023-03-15 02:31 - 2023-02-27 13:39 - 001393152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.Runtime.dll
2024-11-11 01:35 - 2024-11-11 01:35 - 002338304 _____ () [File not signed] \\?\C:\Users\that1\AppData\Local\Temp\a1113b10-b4f9-4d21-925c-31749786db76.tmp.node
2023-06-05 23:22 - 2021-10-22 10:10 - 000370688 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4cTDPAction.dll
2023-06-05 23:22 - 2021-10-22 10:10 - 000888320 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2023-06-05 23:22 - 2021-10-22 10:09 - 000999424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2023-06-05 23:22 - 2021-10-22 10:11 - 000992768 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2023-06-05 23:22 - 2021-10-22 10:12 - 000956416 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2023-06-05 23:22 - 2021-10-13 13:56 - 000082432 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2023-06-05 23:22 - 2021-04-07 16:45 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2023-06-05 23:22 - 2021-04-07 16:45 - 000681984 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll
2024-09-24 23:11 - 2024-05-08 02:18 - 002862080 _____ () [File not signed] C:\Users\that1\AppData\Local\Programs\bluestacks-services\ffmpeg.dll
2024-09-24 23:11 - 2024-05-08 02:18 - 000479232 _____ () [File not signed] C:\Users\that1\AppData\Local\Programs\bluestacks-services\libegl.dll
2024-09-24 23:11 - 2024-05-08 02:18 - 007513600 _____ () [File not signed] C:\Users\that1\AppData\Local\Programs\bluestacks-services\libglesv2.dll
2024-09-24 23:11 - 2024-05-08 02:18 - 005209088 _____ () [File not signed] C:\Users\that1\AppData\Local\Programs\bluestacks-services\vk_swiftshader.dll
2024-11-05 19:56 - 2024-09-26 15:57 - 005377536 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavcodec-61.dll
2024-11-05 19:56 - 2024-09-26 15:57 - 000875008 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavfilter-10.dll
2024-11-05 19:56 - 2024-09-26 15:57 - 001674240 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavformat-61.dll
2024-11-05 19:56 - 2024-09-26 15:57 - 001640960 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libavutil-59.dll
2024-11-05 19:56 - 2024-09-26 15:57 - 000630272 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libswresample-5.dll
2024-11-05 19:56 - 2024-09-26 15:57 - 001092608 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\Steam\libswscale-8.dll
2023-06-06 22:41 - 2023-06-06 22:41 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2023-06-06 22:41 - 2023-06-06 22:41 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2024-08-04 23:16 - 2024-08-04 23:16 - 003164160 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2024-11-05 19:55 - 2024-11-05 19:55 - 002849280 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2024-11-05 19:55 - 2024-11-05 19:55 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2024-11-05 19:55 - 2024-11-05 19:55 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2024-11-05 19:55 - 2024-11-05 19:55 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2024-11-05 19:55 - 2024-11-05 19:55 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2024-11-05 19:55 - 2024-11-05 19:55 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-09-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-06 23:24 - 2022-05-06 23:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Users\that1\AppData\Local\Microsoft\WindowsApps;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PowerShell\7\
HKU\S-1-5-21-2826018304-3046952284-471009816-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_2.jpg
DNS Servers: 192.168.254.254 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Intel® Ethernet Controller (3) I225-V -> e2f.sys
Ethernet 2: Intel® Ethernet Controller (3) I225-V #2 -> e2f.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Wi-Fi: Intel® Wi-Fi 6E AX210 160MHz -> Netwtw14.sys
Ethernet 3: ExpressVPN TAP Adapter -> tapexpressvpn.sys
Local Area Connection: ExpressVPN TUN Driver -> expressvpn-tun.sys

vms_vsf: Hyper-V Virtual Switch Extension Filter
ms_l1vhlwf: Nested Network Virtualization
vms_vsp: Hyper-V Virtual Switch Extension Protocol

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{21A309B6-7351-4D23-91FF-3C8C5B7F512C}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{B403614B-C273-44F5-AE68-16C66D31ED34}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{15DC7E89-01B7-4773-98A9-3512332B7694}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe => No File
FirewallRules: [{2577C4EE-75D0-4143-BDE6-A9D7070466D9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe => No File
FirewallRules: [{6989506C-E1FF-40CF-9CB2-6474C218DBDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe => No File
FirewallRules: [{38EB3B8B-3485-4E19-A388-616A1CDE49BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe => No File
FirewallRules: [{3E0724DE-848A-4C1E-A941-E1BE7E72FF6C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe => No File
FirewallRules: [{6A1FB5CF-8F8D-4799-8792-FA492BE34E70}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe => No File
FirewallRules: [{371C665A-B63A-4081-92D6-9C1E08E2C04C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{4232605C-9DB5-47B7-8459-C7E573764AAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{110AADAE-FDE3-4272-9924-CFF706E7D60A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{84670B5D-6E17-48D1-B802-47EBF6FD9001}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8B61003A-A70D-4FB1-90D7-C94275913C8D}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File
FirewallRules: [{4B033EBD-F193-4FEA-8CF6-2C7FA8657196}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File
FirewallRules: [{5FC77FF2-6C98-434C-A884-771C2601D735}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe => No File
FirewallRules: [{1053618A-3974-48EC-8BC4-6EF9CF50B53F}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{35096DB0-42F4-47F0-ABE3-76CA23A676AF}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{A9A3A808-BC60-4CBD-B7FA-F0D95D385FA7}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{295D5FC7-CE47-4634-B6E0-7B6855C2A6EE}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{AAE97546-A8DF-4000-BAA0-5ED89E37BE1E}] => (Allow) F:\SteamLibrary\steamapps\common\LOCKDOWN Protocol\LockdownProtocol.exe => No File
FirewallRules: [{69965837-DF30-4F88-BE32-FC5AE5A32C99}] => (Allow) F:\SteamLibrary\steamapps\common\LOCKDOWN Protocol\LockdownProtocol.exe => No File
FirewallRules: [{81D33CCE-4EDC-4483-AC3C-AD6005C9EB46}] => (Allow) C:\Program Files\WindowsApps\ReincubateLtd.CamoStudio_2.1.260.0_x64__9bq3v28c93p4r\CamoStudio.exe => No File
FirewallRules: [{287D2C7C-5C6E-41BA-B300-D7E493650A03}] => (Allow) C:\Program Files\WindowsApps\ReincubateLtd.CamoStudio_2.1.260.0_x64__9bq3v28c93p4r\CamoStudio.exe => No File
FirewallRules: [{D8D787F6-9F44-4198-9E02-0802B374D9FB}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [{CE54B5C9-E5D0-45A1-8554-0C968DB511D8}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{DBBC6AD2-1E5F-46CB-A619-61CD4EE14B80}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{ED1C89B6-9D4B-4B62-A7B0-01B20E0035B7}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{7D2C5566-94E1-43B6-BD7D-FD1B05831053}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{1D706693-6196-4582-AF6C-32BB2691FC28}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{9DB76E4F-C343-42BF-A0EA-F5112960BD96}] => (Allow) F:\SteamLibrary\steamapps\common\Histera\Histera.exe => No File
FirewallRules: [{663E8930-EB40-4F94-A4FC-31072630225F}] => (Allow) F:\SteamLibrary\steamapps\common\Histera\Histera.exe => No File
FirewallRules: [{3B4933AA-55D5-4658-878B-A2D5E9E62731}] => (Allow) F:\SteamLibrary\steamapps\common\Black Mesa\bms.exe => No File
FirewallRules: [{6486A58E-8857-44A6-8155-2264D7C7E56F}] => (Allow) F:\SteamLibrary\steamapps\common\Black Mesa\bms.exe => No File
FirewallRules: [{E76876B8-3657-46F6-9283-2646FAFA1ADC}] => (Allow) F:\SteamLibrary\steamapps\common\DIRDE\DeadIslandRiptideGame.exe => No File
FirewallRules: [{4B3BA651-82E2-48F5-A3A6-514A6694E304}] => (Allow) F:\SteamLibrary\steamapps\common\DIRDE\DeadIslandRiptideGame.exe => No File
FirewallRules: [{DB0B233E-DF67-402C-B8E1-4179D605F682}] => (Allow) F:\SteamLibrary\steamapps\common\Please, Touch The Artwork Too\Please, Touch The Artwork 2.exe => No File
FirewallRules: [{ECBCCE8D-0FFA-4706-9ACC-B959C9B3122E}] => (Allow) F:\SteamLibrary\steamapps\common\Please, Touch The Artwork Too\Please, Touch The Artwork 2.exe => No File
FirewallRules: [{F0A56418-C319-4353-915F-7CE1F541D816}] => (Allow) F:\SteamLibrary\steamapps\common\Anonymous Hacker Simulator Prologue\HackerLifeSimulator.exe => No File
FirewallRules: [{026C62B6-2C99-42F0-9DA4-5BA20A8057B4}] => (Allow) F:\SteamLibrary\steamapps\common\Anonymous Hacker Simulator Prologue\HackerLifeSimulator.exe => No File
FirewallRules: [{93B449A7-C315-4DD3-8C2D-9536180C455C}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStorm\Game_Content\Windows_Build\DarkStorm.exe => No File
FirewallRules: [{1AC15978-9C93-4DB4-B86B-81ED2D9706E4}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStorm\Game_Content\Windows_Build\DarkStorm.exe => No File
FirewallRules: [{3E8D81C2-FF10-47B4-9C27-223112C7409A}] => (Allow) F:\SteamLibrary\steamapps\common\Once Human\ONCE_HUMAN.exe => No File
FirewallRules: [{2D847EED-7714-4DE7-B867-BCD1C6C6D54B}] => (Allow) F:\SteamLibrary\steamapps\common\Once Human\ONCE_HUMAN.exe => No File
FirewallRules: [{835E12A6-8B3F-4799-A9D0-3B7481DB6D8B}] => (Allow) F:\SteamLibrary\steamapps\common\The Classrooms\The Classrooms.exe => No File
FirewallRules: [{994E340A-2351-41C0-A086-468D15BF3A67}] => (Allow) F:\SteamLibrary\steamapps\common\The Classrooms\The Classrooms.exe => No File
FirewallRules: [UDP Query User{3CA3EDAD-99F3-452F-B9CE-1FB035EC81D3}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2D631E2C-51A2-46BB-9E62-1B0B5508DA0B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E7FFEDC8-3B8A-482E-BB0B-1408CED44341}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killer\ZombieKiller.exe => No File
FirewallRules: [{0F7B3D31-EA5F-4D6F-9898-D1A73E70215A}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killer\ZombieKiller.exe => No File
FirewallRules: [{839411CF-EF0D-469B-8452-05C1FDF2FC49}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killing Simulator\Zombie Killing Simulator.exe => No File
FirewallRules: [{C419FB6B-F327-4704-8F8C-B6263F273B23}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killing Simulator\Zombie Killing Simulator.exe => No File
FirewallRules: [{E995220C-E9BA-4BF5-959C-A531F57ABC5A}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe => No File
FirewallRules: [{99DF4F4F-0B99-4A87-9B68-AA57D908AE4D}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe => No File
FirewallRules: [{251BF216-DC05-4F22-987F-F49753786939}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{D95A9A5C-DD13-4CFB-948B-0E55A41F1F3F}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{BB2CA51A-7A3F-488B-A9CF-9FB59FBB11AA}] => (Allow) F:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{FF8E35C8-2BAB-422D-8051-A9F85BE4C263}] => (Allow) F:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{814602C9-4A44-4F35-8F9F-D768A8744D83}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File
FirewallRules: [{5E18EE8C-A1B7-4E96-97E2-1BBBE19EF70E}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File
FirewallRules: [{87350E69-05DA-4684-B603-4E687298C384}] => (Allow) F:\SteamLibrary\steamapps\common\Pinball M\PinballM.exe => No File
FirewallRules: [{97E808D1-31B7-4AD0-AF20-FD30AC6836F5}] => (Allow) F:\SteamLibrary\steamapps\common\Pinball M\PinballM.exe => No File
FirewallRules: [{20ADFFFB-8929-4A3A-8EFF-553FDE71BB3B}] => (Allow) F:\SteamLibrary\steamapps\common\left 4 dead\left4dead.exe => No File
FirewallRules: [{993A2CA3-79C4-4A75-8CE9-821236D5FA5D}] => (Allow) F:\SteamLibrary\steamapps\common\left 4 dead\left4dead.exe => No File
FirewallRules: [{CB286469-0713-4109-9D28-AAC319AF324F}] => (Allow) F:\SteamLibrary\steamapps\common\DeadCore\DeadCore.exe => No File
FirewallRules: [{AF32E616-8B2F-4E8A-9DD5-5630D99BDADD}] => (Allow) F:\SteamLibrary\steamapps\common\DeadCore\DeadCore.exe => No File
FirewallRules: [{6073CC88-9709-43DC-BA05-32FA6F4D548F}] => (Allow) F:\SteamLibrary\steamapps\common\Beyond the Breach\BeyondTheBreach.exe => No File
FirewallRules: [{F89972C7-F853-4DF6-94B1-F71A1CF796FA}] => (Allow) F:\SteamLibrary\steamapps\common\Beyond the Breach\BeyondTheBreach.exe => No File
FirewallRules: [{EC68FA89-6F88-4183-BB2B-E60D0609B2A7}] => (Allow) F:\SteamLibrary\steamapps\common\KILLFISH\KILLFISH.exe => No File
FirewallRules: [{20950920-C61A-40D6-9F9D-58EE3E238A43}] => (Allow) F:\SteamLibrary\steamapps\common\KILLFISH\KILLFISH.exe => No File
FirewallRules: [{FD960DF5-32AF-4C89-BDA6-A18020C4A9B7}] => (Allow) F:\SteamLibrary\steamapps\common\Portal\hl2.exe => No File
FirewallRules: [{F21327BF-7142-4037-9594-6B3A7B7003C4}] => (Allow) F:\SteamLibrary\steamapps\common\Portal\hl2.exe => No File
FirewallRules: [{1E43C240-1D58-478C-A4CD-3FDCEDB003C2}] => (Allow) F:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe => No File
FirewallRules: [{B2F71196-6EB5-4E1F-BE7B-9169329B85C3}] => (Allow) F:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe => No File
FirewallRules: [{D1F3244A-A9BF-4936-8593-13B96E60B227}] => (Allow) F:\SteamLibrary\steamapps\common\Limbo\limbo.exe => No File
FirewallRules: [{E4415E3A-526F-4DEF-A744-D9914532BFCB}] => (Allow) F:\SteamLibrary\steamapps\common\Limbo\limbo.exe => No File
FirewallRules: [{3297B603-6404-4903-B9AF-4E5B33B617FE}] => (Allow) F:\SteamLibrary\steamapps\common\The Uncertain - Light At The End\splash.exe => No File
FirewallRules: [{A9F865F3-3B38-4676-BAFF-EB0E81B792F2}] => (Allow) F:\SteamLibrary\steamapps\common\The Uncertain - Light At The End\splash.exe => No File
FirewallRules: [{369BE1AA-D5BD-4D1F-994B-E01857DE198C}] => (Allow) F:\SteamLibrary\steamapps\common\Tipping Point Climate Rangers\TippingPoint.exe => No File
FirewallRules: [{E8F870AC-8C20-427E-A127-4C7E16FF3D02}] => (Allow) F:\SteamLibrary\steamapps\common\Tipping Point Climate Rangers\TippingPoint.exe => No File
FirewallRules: [{504E0E02-DE0C-4238-A1E0-6291709ABDD2}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Rulebreaker\SCPrulebreaker.exe => No File
FirewallRules: [{F2DF50B1-FAB7-4907-89AB-0C85C14F63A0}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Rulebreaker\SCPrulebreaker.exe => No File
FirewallRules: [{28A17B6A-3EF8-4A12-8F4C-77DC85C05A9F}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Secret Laboratory\SCPSL.exe => No File
FirewallRules: [{C8C04696-B10D-4097-AA12-3AEB5706E16F}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Secret Laboratory\SCPSL.exe => No File
FirewallRules: [{900F90DE-47E8-472C-B4B6-8D9CAAFA7C62}] => (Allow) F:\SteamLibrary\steamapps\common\REDACTED\REDACTED\REDACTED.exe => No File
FirewallRules: [{AA5AB2F0-ED76-4D5E-82C7-9ADD322AF3E5}] => (Allow) F:\SteamLibrary\steamapps\common\REDACTED\REDACTED\REDACTED.exe => No File
FirewallRules: [{5F150FD1-FF6C-4834-8752-824FFA67DEDC}] => (Allow) F:\SteamLibrary\steamapps\common\Deceit 2\start_protected_game.exe => No File
FirewallRules: [{57013558-5BCA-424C-896A-D591643ECA01}] => (Allow) F:\SteamLibrary\steamapps\common\Deceit 2\start_protected_game.exe => No File
FirewallRules: [{58724829-ADE1-4BDC-9931-4F297E42DDEC}] => (Allow) F:\SteamLibrary\steamapps\common\Superliminal\SuperliminalSteam.exe => No File
FirewallRules: [{D5321AA6-A172-4E85-B26F-F214CABAEEC2}] => (Allow) F:\SteamLibrary\steamapps\common\Superliminal\SuperliminalSteam.exe => No File
FirewallRules: [{80AFA248-7724-41F0-90AD-57F935E4185A}] => (Allow) F:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File
FirewallRules: [{AEF716B9-B76F-407A-89E1-1DCEF6ECA1C0}] => (Allow) F:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File
FirewallRules: [{C8C9BF63-F8A9-4284-87F1-9CB01C085D25}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{D8EC05A1-56B5-447B-A80B-83C5027969B1}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{1256563F-0956-4993-8105-8B7541F0F8E1}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{D1F9C59E-C8E1-460F-8CC4-899092E46F62}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{50DE15D1-705B-410B-9EC6-7282A8535EC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DD616675-58FC-4087-8025-D6078B9FCA1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8DD66658-B195-4FBC-B9F4-3D702FC9EC40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{852692EA-6C9D-42A8-A8AE-240DD1297646}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9E31B4E1-B957-49FA-A0F3-23038AE04A07}] => (Allow) D:\SteamLibrary\steamapps\common\URBO Dream One\URBO Dream One.exe => No File
FirewallRules: [{1BAE6CEF-47C7-4FCB-BECD-DE8CE3967E9E}] => (Allow) D:\SteamLibrary\steamapps\common\URBO Dream One\URBO Dream One.exe => No File
FirewallRules: [{BE66FB58-D69C-4871-803B-8CF66BA22C23}] => (Allow) F:\SteamLibrary\steamapps\common\Noise Hunters\NoiseHunters.exe => No File
FirewallRules: [{2928244D-DF65-4DD2-A45C-431DF9896B11}] => (Allow) F:\SteamLibrary\steamapps\common\Noise Hunters\NoiseHunters.exe => No File
FirewallRules: [{6B3A6EBC-8B6D-494F-8896-44FA22A33468}] => (Allow) F:\SteamLibrary\steamapps\common\Orwell\Orwell.exe => No File
FirewallRules: [{53122188-2033-4E44-A0E2-DDD160968195}] => (Allow) F:\SteamLibrary\steamapps\common\Orwell\Orwell.exe => No File
FirewallRules: [{C6EDD8AF-FE18-4AE9-913F-7482A09D524A}] => (Allow) F:\SteamLibrary\steamapps\common\Pure Sniper\Pure Sniper.exe => No File
FirewallRules: [{9D907AF7-0A7A-4FE0-BC9E-EBF0912062CE}] => (Allow) F:\SteamLibrary\steamapps\common\Pure Sniper\Pure Sniper.exe => No File
FirewallRules: [{CC67DAD6-F5CA-45DF-83DB-ED01D7B3C1EC}] => (Allow) F:\SteamLibrary\steamapps\common\TaxiCopter\TaxiCopter.exe => No File
FirewallRules: [{6A1E65A3-F420-4EBF-8EE7-90D81B252228}] => (Allow) F:\SteamLibrary\steamapps\common\TaxiCopter\TaxiCopter.exe => No File
FirewallRules: [{6E58DF51-E67F-4226-8B03-C893A3AA300B}] => (Allow) F:\SteamLibrary\steamapps\common\Effugium\Effugium.exe => No File
FirewallRules: [{14D01C17-21A9-4AD4-9232-6BF943DFD2BE}] => (Allow) F:\SteamLibrary\steamapps\common\Effugium\Effugium.exe => No File
FirewallRules: [{54b6d2e4-14b3-4ed6-86a4-969982b2536f}] => (Allow) C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe (Shanghai Chang Zhi Network Technology Co,. Ltd. -> Oracle Corporation)
FirewallRules: [{82417B27-4E03-47CC-8A25-0826D1568263}] => (Allow) E:\SteamLibrary\steamapps\common\Call of Duty HQ\cod.exe => No File
FirewallRules: [{4F6B5387-F0EA-468F-8131-C479F4B1CDB9}] => (Allow) E:\SteamLibrary\steamapps\common\Call of Duty HQ\cod.exe => No File
FirewallRules: [{775D1CFB-F2D9-4875-8B88-EE74B76725B0}] => (Allow) E:\SteamLibrary\steamapps\common\Deceit\start_protected_game.exe => No File
FirewallRules: [{8ABF7744-F677-4688-9A50-DCCB85D423EA}] => (Allow) E:\SteamLibrary\steamapps\common\Deceit\start_protected_game.exe => No File
FirewallRules: [UDP Query User{F42CE306-E2FB-4056-88B3-273CF078155F}C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{56D6C350-D6CE-4E30-8A44-9EFCECEE7C50}C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{3C6FD0AC-ED2F-487B-8752-DAD61BFC6218}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{C624BF51-B611-4B23-871C-762C923965E3}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{550C8144-F3D5-4316-A405-8F09B726C007}] => (Allow) D:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File
FirewallRules: [{FAA8EF80-07CD-40CF-AE15-8B4AD49DC713}] => (Allow) D:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File
FirewallRules: [{590BD306-F2F0-4D04-B9AE-940A72317432}] => (Allow) C:\Program Files (x86)\ASUS\GameFirst\GameTurbo.exe (GT Booster Inc. -> ASUSTek COMPUTER INC.)
FirewallRules: [{40E5268B-679E-4565-963F-E084608DA358}] => (Allow) C:\Program Files (x86)\ASUS\GameFirst\DUTUtil.exe (GT Booster Inc. -> Jotun Technology Inc.)
FirewallRules: [{F622BF4E-D02D-4DAD-B828-09FBCEC28BA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6DCFF70B-6263-4234-B908-F9D9C79B8C37}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{18F3AE84-6B84-4E5B-B6DB-47FFEBA2EFD8}] => (Allow) D:\SteamLibrary\steamapps\common\Only Up!\OnlyUP.exe => No File
FirewallRules: [{F5F4157F-9D3A-434D-BB37-DAE1F92A0283}] => (Allow) D:\SteamLibrary\steamapps\common\Only Up!\OnlyUP.exe => No File
FirewallRules: [{E959F046-4439-4F48-80A3-C714E1D8AA9B}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{4F21C539-782D-4D42-A08E-1F5383560289}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{0CCEC69C-3574-4598-BC15-E05E59F5871E}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{FD913B95-8EC5-4395-A277-4B6EEF205A99}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{7E3C3704-A746-4C05-BDC9-546F37AC5C94}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D0F14094-41D6-42BD-B35C-C73577E6EA86}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{14E45A03-5786-4CCE-A319-39E33945299B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{381ECBB6-B8BF-4546-B0EA-117D0F598A95}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BF936186-B3DF-4DF8-B1B5-A22FFA9FCBDE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EC4BFCF4-96E4-415A-A0AE-C78954E14959}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E117E39D-D820-4830-B7B6-B37B53AF3915}] => (Allow) C:\Users\that1\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{A4048836-A2DF-4F1B-958E-5B49A3802469}] => (Allow) C:\Users\that1\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{83a9f4b7-0a15-49ef-92d1-ebedf33612fa}] => (Allow) C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe (Shanghai Chang Zhi Network Technology Co,. Ltd. -> Oracle Corporation)
FirewallRules: [{0749E501-F082-4C6C-96C1-1F061F46CAD7}] => (Allow) C:\Users\that1\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe => No File
FirewallRules: [UDP Query User{365489ED-3470-45F4-88B9-50320492A9A6}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [TCP Query User{6E30C672-A690-490C-ADE3-CDEF47946A46}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC -> Seagate Technology LLC)
FirewallRules: [{FE2CAFA6-F4B5-4ABB-8D35-347C1A275AAF}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{170D547E-CC61-431E-8F16-13B7DAA3D232}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{CA451EED-97AF-4DB7-B327-BE2C5BC681EE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F37861C4-7E9B-4A9E-B59E-480BB74BB22A}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{AA89C7FE-85A1-416C-B649-D4A9F6A11161}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{52C23A41-A74F-4937-8756-4DF9CC673A18}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{5B462895-B419-4D3D-B718-ED7BE64A00B0}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.24.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{DEF11B24-B635-4500-BDC1-9893B1CE1B49}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24257.205.3165.2029_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6AE1AE00-C3DA-465C-B6BA-8B93AEEAD722}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24257.205.3165.2029_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3C39671-B2F5-4FF1-83B3-9EC72FB7DF89}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{30394053-81AB-4AAB-86A8-C9BC8462BE5D}] => (Allow) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe (LoupeDeck Oy -> Logitech)
FirewallRules: [{46C6089C-326D-43C1-876D-8155F573336F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D3AED690-F30E-4F7E-9EDA-2AE7344790D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{354F03CE-9C01-43E8-A814-1D771875F1B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1BCC5857-D2A8-4D5C-A263-DC5557BEB8CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B4EE4FC6-B86D-4230-8507-EA03FFA63BE2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FE918DB7-B05D-4A33-8CEE-D38A2D0E793B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3E189A4A-4AD2-4E17-94C1-ECF059F761FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1905AB1B-AE7B-432C-8B2A-E956A70AD55B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9301B1F3-5778-4431-ACE4-91B082E6DCE1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9CC2F51E-CDF4-481E-88DC-68FEFB83E092}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.250.334.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3E283390-6571-4561-AB85-1BA223503997}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{4537C5FE-B69C-4966-AEE5-D197954A289B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{FC98137A-7C16-441F-8DA8-4C1A8A77D844}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8D5B10B5-1EEE-4D8C-A33A-9C0A1D299BDA}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6DFB1578-090D-4C41-ABA1-59BB504BC026}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C473F6F3-DA09-4EE9-ADA9-4217FB24E422}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A51F4E56-6F7F-4B46-B824-BAB7F0F5DEDE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9742EDF2-9BD2-4108-BEDD-7E915C3586FB}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{09660469-D627-45A0-BA6B-7E208B6BBE6E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{AF264571-805B-4E37-90D1-65A6B9B4B6AF}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A45D1EF3-4B02-46B1-AD8D-1F208F614AFD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)

==================== Restore Points =========================

10-11-2024 18:04:00 Windows Update
10-11-2024 18:04:00 Windows Update

==================== Faulty Device Manager Devices ============
Name: Camo
Description: Camo
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Reincubate
Service: camodriver
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Camo
Description: Camo
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Reincubate
Service: Camo_e070661c-ac3f-4aae-aa3f-7d4e8ded5142
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (11/10/2024 11:23:07 PM) (Source: ESENT) (EventID: 530) (User: )
Description: taskhostw (9628,D,18,0) WebCacheLocal: The database page read from the file "C:\Users\that1\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 4947968 (0x00000000004b8000) (database page 150 (0x96)) for 32768 (0x00008000) bytes failed verification due to a lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1).

The flush state on database page 150 (0x96) was 1 while the flush state on flush map page 0 (0x0) was 2.

Context: InCache:2:-261:0:0.

If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

System errors:
=============
Error: (11/11/2024 01:45:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® SUR QC Software Asset Manager service to connect.

Error: (11/11/2024 01:36:30 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147024809. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (11/11/2024 01:35:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Intel® SUR QC Software Asset Manager service to connect.

Error: (11/11/2024 01:34:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 6 time(s).

Error: (11/11/2024 01:34:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error:
The compound file GameInput Service was produced with a newer version of storage.

Error: (11/11/2024 01:34:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/11/2024 01:34:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error:
The compound file GameInput Service was produced with a newer version of storage.

Error: (11/11/2024 01:34:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Windows Defender:
================
Date: 2024-11-09 22:33:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-11-08 02:17:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-11-08 00:44:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-11-08 00:22:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: American Megatrends Inc. 2203 02/06/2024
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX Z590-E GAMING WIFI
Processor: 11th Gen Intel® Core™ i9-11900K @ 3.50GHz
Percentage of memory in use: 57%
Total physical RAM: 32596.73 MB
Available physical RAM: 13988.39 MB
Total Virtual: 40788.73 MB
Available Virtual: 17008.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.73 GB) (Free:78.64 GB) (Model: KINGSTON SA400S37240G) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1736.83 GB) (Model: WDC WD20EARS-00MVWB0) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{116da097-853e-4906-89e3-f40af2eaf043}\ () (Fixed) (Total:0.72 GB) (Free:0.04 GB) NTFS
\\?\Volume{aaa1fd50-3d01-4745-95ed-56e5df41ee3e}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 3116BBCC)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 32AFC266)

Partition: GPT.

==================== End of Addition.txt =======================

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
59,072 posts
OFFLINE

Gender:Male
Location:California
Local time:01:02 AM

Posted 11 November 2024 - 10:18 AM

Greetings and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
59,072 posts
OFFLINE

Gender:Male
Location:California
Local time:01:02 AM

Posted 11 November 2024 - 10:21 PM

Thank you for your patience.

The MSERT scanning process can be misleading. During the scan process the program displays preliminary results of potential malware. Near the end of the process the files are uploaded to a Microsoft Server to verify the initial preliminary findings. If the files are deemed to be legitimate none of the items flagged will appear in the scan log.

C:\Users\that1\AppData\Local\REDACTED

Did you rename this folder?

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------

Please download AdwCleaner and save it to your Desktop
Close all open programs and browsers
Right click on the icon and select Run as administrator
Click Scan now
Uncheck any detected items you would to keep then click Next
If a Preinstalled software was found! screen appears review it if you'd like then click OK
Review the list of Preinstalled software and place a check mark in those you do not wish to keep
Click Quarantine, then Continue
When completed click View Log File
Copy and paste the contents in your reply
Close the AdwCleaner window

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files (x86)\ONN
Task: {FE6BA63E-C9EC-48D2-BCBF-AB75F2A857D0} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusHotkey.exe"  -CancelShutdown (No File)  
Task: {FAE0D05B-5FE9-44D5-ADB1-C524398C9184} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe  (No File)  
Task: {08040C0E-7341-4089-BE15-FC23E2FA42EF} - System32\Tasks\ASUS\Armoury Crate Service Task_CountDown => C:\ProgramData\ASUS\FestsEffect\data\CountDown\CountDown.exe  (No File)  
Task: {9B693205-15B3-464C-B2F1-DD0CE8DBA949} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe  (No File)  
Task: {5CF3674E-960C-4FBE-8A65-D34E72B7E340} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe  --delay (No File)  
Task: {01BC6C2E-1276-47CF-9F1A-A88B28CD082E} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe  (No File)  
Task: {A8F8EC69-F4F5-4951-82BD-DBC13AA61292} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)  
Task: {B220717F-6B72-4534-8DA5-C566C0690166} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe"  -j0 (No File)  
Task: {A06D9001-2882-4D6B-AD1C-F90D7340B3B1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File)  
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)  
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)  
FirewallRules: [{21A309B6-7351-4D23-91FF-3C8C5B7F512C}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File  
FirewallRules: [{B403614B-C273-44F5-AE68-16C66D31ED34}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File  
FirewallRules: [{15DC7E89-01B7-4773-98A9-3512332B7694}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe => No File  
FirewallRules: [{2577C4EE-75D0-4143-BDE6-A9D7070466D9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe => No File  
FirewallRules: [{6989506C-E1FF-40CF-9CB2-6474C218DBDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe => No File  
FirewallRules: [{38EB3B8B-3485-4E19-A388-616A1CDE49BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe => No File  
FirewallRules: [{3E0724DE-848A-4C1E-A941-E1BE7E72FF6C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe => No File  
FirewallRules: [{6A1FB5CF-8F8D-4799-8792-FA492BE34E70}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe => No File  
FirewallRules: [{371C665A-B63A-4081-92D6-9C1E08E2C04C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File  
FirewallRules: [{4232605C-9DB5-47B7-8459-C7E573764AAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File  
FirewallRules: [{110AADAE-FDE3-4272-9924-CFF706E7D60A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File  
FirewallRules: [{84670B5D-6E17-48D1-B802-47EBF6FD9001}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File  
FirewallRules: [{8B61003A-A70D-4FB1-90D7-C94275913C8D}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File  
FirewallRules: [{4B033EBD-F193-4FEA-8CF6-2C7FA8657196}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File  
FirewallRules: [{5FC77FF2-6C98-434C-A884-771C2601D735}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe => No File  
FirewallRules: [{AAE97546-A8DF-4000-BAA0-5ED89E37BE1E}] => (Allow) F:\SteamLibrary\steamapps\common\LOCKDOWN Protocol\LockdownProtocol.exe => No File  
FirewallRules: [{69965837-DF30-4F88-BE32-FC5AE5A32C99}] => (Allow) F:\SteamLibrary\steamapps\common\LOCKDOWN Protocol\LockdownProtocol.exe => No File  
FirewallRules: [{81D33CCE-4EDC-4483-AC3C-AD6005C9EB46}] => (Allow) C:\Program Files\WindowsApps\ReincubateLtd.CamoStudio_2.1.260.0_x64__9bq3v28c93p4r\CamoStudio.exe => No File  
FirewallRules: [{287D2C7C-5C6E-41BA-B300-D7E493650A03}] => (Allow) C:\Program Files\WindowsApps\ReincubateLtd.CamoStudio_2.1.260.0_x64__9bq3v28c93p4r\CamoStudio.exe => No File  
FirewallRules: [{DBBC6AD2-1E5F-46CB-A619-61CD4EE14B80}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File  
FirewallRules: [{7D2C5566-94E1-43B6-BD7D-FD1B05831053}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File  
FirewallRules: [{9DB76E4F-C343-42BF-A0EA-F5112960BD96}] => (Allow) F:\SteamLibrary\steamapps\common\Histera\Histera.exe => No File  
FirewallRules: [{663E8930-EB40-4F94-A4FC-31072630225F}] => (Allow) F:\SteamLibrary\steamapps\common\Histera\Histera.exe => No File  
FirewallRules: [{3B4933AA-55D5-4658-878B-A2D5E9E62731}] => (Allow) F:\SteamLibrary\steamapps\common\Black Mesa\bms.exe => No File  
FirewallRules: [{6486A58E-8857-44A6-8155-2264D7C7E56F}] => (Allow) F:\SteamLibrary\steamapps\common\Black Mesa\bms.exe => No File  
FirewallRules: [{E76876B8-3657-46F6-9283-2646FAFA1ADC}] => (Allow) F:\SteamLibrary\steamapps\common\DIRDE\DeadIslandRiptideGame.exe => No File  
FirewallRules: [{4B3BA651-82E2-48F5-A3A6-514A6694E304}] => (Allow) F:\SteamLibrary\steamapps\common\DIRDE\DeadIslandRiptideGame.exe => No File  
FirewallRules: [{DB0B233E-DF67-402C-B8E1-4179D605F682}] => (Allow) F:\SteamLibrary\steamapps\common\Please, Touch The Artwork Too\Please, Touch The Artwork 2.exe => No File  
FirewallRules: [{ECBCCE8D-0FFA-4706-9ACC-B959C9B3122E}] => (Allow) F:\SteamLibrary\steamapps\common\Please, Touch The Artwork Too\Please, Touch The Artwork 2.exe => No File  
FirewallRules: [{F0A56418-C319-4353-915F-7CE1F541D816}] => (Allow) F:\SteamLibrary\steamapps\common\Anonymous Hacker Simulator Prologue\HackerLifeSimulator.exe => No File  
FirewallRules: [{026C62B6-2C99-42F0-9DA4-5BA20A8057B4}] => (Allow) F:\SteamLibrary\steamapps\common\Anonymous Hacker Simulator Prologue\HackerLifeSimulator.exe => No File  
FirewallRules: [{93B449A7-C315-4DD3-8C2D-9536180C455C}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStorm\Game_Content\Windows_Build\DarkStorm.exe => No File  
FirewallRules: [{1AC15978-9C93-4DB4-B86B-81ED2D9706E4}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStorm\Game_Content\Windows_Build\DarkStorm.exe => No File  
FirewallRules: [{3E8D81C2-FF10-47B4-9C27-223112C7409A}] => (Allow) F:\SteamLibrary\steamapps\common\Once Human\ONCE_HUMAN.exe => No File  
FirewallRules: [{2D847EED-7714-4DE7-B867-BCD1C6C6D54B}] => (Allow) F:\SteamLibrary\steamapps\common\Once Human\ONCE_HUMAN.exe => No File  
FirewallRules: [{835E12A6-8B3F-4799-A9D0-3B7481DB6D8B}] => (Allow) F:\SteamLibrary\steamapps\common\The Classrooms\The Classrooms.exe => No File  
FirewallRules: [{994E340A-2351-41C0-A086-468D15BF3A67}] => (Allow) F:\SteamLibrary\steamapps\common\The Classrooms\The Classrooms.exe => No File  
FirewallRules: [{E7FFEDC8-3B8A-482E-BB0B-1408CED44341}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killer\ZombieKiller.exe => No File  
FirewallRules: [{0F7B3D31-EA5F-4D6F-9898-D1A73E70215A}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killer\ZombieKiller.exe => No File  
FirewallRules: [{839411CF-EF0D-469B-8452-05C1FDF2FC49}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killing Simulator\Zombie Killing Simulator.exe => No File  
FirewallRules: [{C419FB6B-F327-4704-8F8C-B6263F273B23}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killing Simulator\Zombie Killing Simulator.exe => No File  
FirewallRules: [{E995220C-E9BA-4BF5-959C-A531F57ABC5A}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe => No File  
FirewallRules: [{99DF4F4F-0B99-4A87-9B68-AA57D908AE4D}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe => No File  
FirewallRules: [{251BF216-DC05-4F22-987F-F49753786939}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File  
FirewallRules: [{D95A9A5C-DD13-4CFB-948B-0E55A41F1F3F}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File  
FirewallRules: [{BB2CA51A-7A3F-488B-A9CF-9FB59FBB11AA}] => (Allow) F:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe => No File  
FirewallRules: [{FF8E35C8-2BAB-422D-8051-A9F85BE4C263}] => (Allow) F:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe => No File  
FirewallRules: [{814602C9-4A44-4F35-8F9F-D768A8744D83}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File  
FirewallRules: [{5E18EE8C-A1B7-4E96-97E2-1BBBE19EF70E}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File  
FirewallRules: [{87350E69-05DA-4684-B603-4E687298C384}] => (Allow) F:\SteamLibrary\steamapps\common\Pinball M\PinballM.exe => No File  
FirewallRules: [{97E808D1-31B7-4AD0-AF20-FD30AC6836F5}] => (Allow) F:\SteamLibrary\steamapps\common\Pinball M\PinballM.exe => No File  
FirewallRules: [{20ADFFFB-8929-4A3A-8EFF-553FDE71BB3B}] => (Allow) F:\SteamLibrary\steamapps\common\left 4 dead\left4dead.exe => No File  
FirewallRules: [{993A2CA3-79C4-4A75-8CE9-821236D5FA5D}] => (Allow) F:\SteamLibrary\steamapps\common\left 4 dead\left4dead.exe => No File  
FirewallRules: [{CB286469-0713-4109-9D28-AAC319AF324F}] => (Allow) F:\SteamLibrary\steamapps\common\DeadCore\DeadCore.exe => No File  
FirewallRules: [{AF32E616-8B2F-4E8A-9DD5-5630D99BDADD}] => (Allow) F:\SteamLibrary\steamapps\common\DeadCore\DeadCore.exe => No File  
FirewallRules: [{6073CC88-9709-43DC-BA05-32FA6F4D548F}] => (Allow) F:\SteamLibrary\steamapps\common\Beyond the Breach\BeyondTheBreach.exe => No File  
FirewallRules: [{F89972C7-F853-4DF6-94B1-F71A1CF796FA}] => (Allow) F:\SteamLibrary\steamapps\common\Beyond the Breach\BeyondTheBreach.exe => No File  
FirewallRules: [{EC68FA89-6F88-4183-BB2B-E60D0609B2A7}] => (Allow) F:\SteamLibrary\steamapps\common\KILLFISH\KILLFISH.exe => No File  
FirewallRules: [{20950920-C61A-40D6-9F9D-58EE3E238A43}] => (Allow) F:\SteamLibrary\steamapps\common\KILLFISH\KILLFISH.exe => No File  
FirewallRules: [{FD960DF5-32AF-4C89-BDA6-A18020C4A9B7}] => (Allow) F:\SteamLibrary\steamapps\common\Portal\hl2.exe => No File  
FirewallRules: [{F21327BF-7142-4037-9594-6B3A7B7003C4}] => (Allow) F:\SteamLibrary\steamapps\common\Portal\hl2.exe => No File  
FirewallRules: [{1E43C240-1D58-478C-A4CD-3FDCEDB003C2}] => (Allow) F:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe => No File  
FirewallRules: [{B2F71196-6EB5-4E1F-BE7B-9169329B85C3}] => (Allow) F:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe => No File  
FirewallRules: [{D1F3244A-A9BF-4936-8593-13B96E60B227}] => (Allow) F:\SteamLibrary\steamapps\common\Limbo\limbo.exe => No File  
FirewallRules: [{E4415E3A-526F-4DEF-A744-D9914532BFCB}] => (Allow) F:\SteamLibrary\steamapps\common\Limbo\limbo.exe => No File  
FirewallRules: [{3297B603-6404-4903-B9AF-4E5B33B617FE}] => (Allow) F:\SteamLibrary\steamapps\common\The Uncertain - Light At The End\splash.exe => No File  
FirewallRules: [{A9F865F3-3B38-4676-BAFF-EB0E81B792F2}] => (Allow) F:\SteamLibrary\steamapps\common\The Uncertain - Light At The End\splash.exe => No File  
FirewallRules: [{369BE1AA-D5BD-4D1F-994B-E01857DE198C}] => (Allow) F:\SteamLibrary\steamapps\common\Tipping Point Climate Rangers\TippingPoint.exe => No File  
FirewallRules: [{E8F870AC-8C20-427E-A127-4C7E16FF3D02}] => (Allow) F:\SteamLibrary\steamapps\common\Tipping Point Climate Rangers\TippingPoint.exe => No File  
FirewallRules: [{504E0E02-DE0C-4238-A1E0-6291709ABDD2}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Rulebreaker\SCPrulebreaker.exe => No File  
FirewallRules: [{F2DF50B1-FAB7-4907-89AB-0C85C14F63A0}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Rulebreaker\SCPrulebreaker.exe => No File  
FirewallRules: [{28A17B6A-3EF8-4A12-8F4C-77DC85C05A9F}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Secret Laboratory\SCPSL.exe => No File  
FirewallRules: [{C8C04696-B10D-4097-AA12-3AEB5706E16F}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Secret Laboratory\SCPSL.exe => No File  
FirewallRules: [{900F90DE-47E8-472C-B4B6-8D9CAAFA7C62}] => (Allow) F:\SteamLibrary\steamapps\common\REDACTED\REDACTED\REDACTED.exe => No File  
FirewallRules: [{AA5AB2F0-ED76-4D5E-82C7-9ADD322AF3E5}] => (Allow) F:\SteamLibrary\steamapps\common\REDACTED\REDACTED\REDACTED.exe => No File  
FirewallRules: [{5F150FD1-FF6C-4834-8752-824FFA67DEDC}] => (Allow) F:\SteamLibrary\steamapps\common\Deceit 2\start_protected_game.exe => No File  
FirewallRules: [{57013558-5BCA-424C-896A-D591643ECA01}] => (Allow) F:\SteamLibrary\steamapps\common\Deceit 2\start_protected_game.exe => No File  
FirewallRules: [{58724829-ADE1-4BDC-9931-4F297E42DDEC}] => (Allow) F:\SteamLibrary\steamapps\common\Superliminal\SuperliminalSteam.exe => No File  
FirewallRules: [{D5321AA6-A172-4E85-B26F-F214CABAEEC2}] => (Allow) F:\SteamLibrary\steamapps\common\Superliminal\SuperliminalSteam.exe => No File  
FirewallRules: [{80AFA248-7724-41F0-90AD-57F935E4185A}] => (Allow) F:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File  
FirewallRules: [{AEF716B9-B76F-407A-89E1-1DCEF6ECA1C0}] => (Allow) F:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File  
FirewallRules: [{C8C9BF63-F8A9-4284-87F1-9CB01C085D25}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File  
FirewallRules: [{D8EC05A1-56B5-447B-A80B-83C5027969B1}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File  
FirewallRules: [{1256563F-0956-4993-8105-8B7541F0F8E1}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File  
FirewallRules: [{D1F9C59E-C8E1-460F-8CC4-899092E46F62}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File  
FirewallRules: [{9E31B4E1-B957-49FA-A0F3-23038AE04A07}] => (Allow) D:\SteamLibrary\steamapps\common\URBO Dream One\URBO Dream One.exe => No File  
FirewallRules: [{1BAE6CEF-47C7-4FCB-BECD-DE8CE3967E9E}] => (Allow) D:\SteamLibrary\steamapps\common\URBO Dream One\URBO Dream One.exe => No File  
FirewallRules: [{BE66FB58-D69C-4871-803B-8CF66BA22C23}] => (Allow) F:\SteamLibrary\steamapps\common\Noise Hunters\NoiseHunters.exe => No File  
FirewallRules: [{2928244D-DF65-4DD2-A45C-431DF9896B11}] => (Allow) F:\SteamLibrary\steamapps\common\Noise Hunters\NoiseHunters.exe => No File  
FirewallRules: [{6B3A6EBC-8B6D-494F-8896-44FA22A33468}] => (Allow) F:\SteamLibrary\steamapps\common\Orwell\Orwell.exe => No File  
FirewallRules: [{53122188-2033-4E44-A0E2-DDD160968195}] => (Allow) F:\SteamLibrary\steamapps\common\Orwell\Orwell.exe => No File  
FirewallRules: [{C6EDD8AF-FE18-4AE9-913F-7482A09D524A}] => (Allow) F:\SteamLibrary\steamapps\common\Pure Sniper\Pure Sniper.exe => No File  
FirewallRules: [{9D907AF7-0A7A-4FE0-BC9E-EBF0912062CE}] => (Allow) F:\SteamLibrary\steamapps\common\Pure Sniper\Pure Sniper.exe => No File  
FirewallRules: [{CC67DAD6-F5CA-45DF-83DB-ED01D7B3C1EC}] => (Allow) F:\SteamLibrary\steamapps\common\TaxiCopter\TaxiCopter.exe => No File  
FirewallRules: [{6A1E65A3-F420-4EBF-8EE7-90D81B252228}] => (Allow) F:\SteamLibrary\steamapps\common\TaxiCopter\TaxiCopter.exe => No File  
FirewallRules: [{6E58DF51-E67F-4226-8B03-C893A3AA300B}] => (Allow) F:\SteamLibrary\steamapps\common\Effugium\Effugium.exe => No File  
FirewallRules: [{14D01C17-21A9-4AD4-9232-6BF943DFD2BE}] => (Allow) F:\SteamLibrary\steamapps\common\Effugium\Effugium.exe => No File  
FirewallRules: [{82417B27-4E03-47CC-8A25-0826D1568263}] => (Allow) E:\SteamLibrary\steamapps\common\Call of Duty HQ\cod.exe => No File  
FirewallRules: [{4F6B5387-F0EA-468F-8131-C479F4B1CDB9}] => (Allow) E:\SteamLibrary\steamapps\common\Call of Duty HQ\cod.exe => No File  
FirewallRules: [{775D1CFB-F2D9-4875-8B88-EE74B76725B0}] => (Allow) E:\SteamLibrary\steamapps\common\Deceit\start_protected_game.exe => No File  
FirewallRules: [{8ABF7744-F677-4688-9A50-DCCB85D423EA}] => (Allow) E:\SteamLibrary\steamapps\common\Deceit\start_protected_game.exe => No File  
FirewallRules: [UDP Query User{F42CE306-E2FB-4056-88B3-273CF078155F}C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe => No File  
FirewallRules: [TCP Query User{56D6C350-D6CE-4E30-8A44-9EFCECEE7C50}C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe => No File  
FirewallRules: [{550C8144-F3D5-4316-A405-8F09B726C007}] => (Allow) D:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File  
FirewallRules: [{FAA8EF80-07CD-40CF-AE15-8B4AD49DC713}] => (Allow) D:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File  
FirewallRules: [{18F3AE84-6B84-4E5B-B6DB-47FFEBA2EFD8}] => (Allow) D:\SteamLibrary\steamapps\common\Only Up!\OnlyUP.exe => No File  
FirewallRules: [{F5F4157F-9D3A-434D-BB37-DAE1F92A0283}] => (Allow) D:\SteamLibrary\steamapps\common\Only Up!\OnlyUP.exe => No File  
FirewallRules: [{E959F046-4439-4F48-80A3-C714E1D8AA9B}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe => No File  
FirewallRules: [{4F21C539-782D-4D42-A08E-1F5383560289}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe => No File  
FirewallRules: [{0CCEC69C-3574-4598-BC15-E05E59F5871E}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File  
FirewallRules: [{FD913B95-8EC5-4395-A277-4B6EEF205A99}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File  
FirewallRules: [{0749E501-F082-4C6C-96C1-1F061F46CAD7}] => (Allow) C:\Users\that1\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe => No File  
FirewallRules: [{FE2CAFA6-F4B5-4ABB-8D35-347C1A275AAF}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe => No File  
FirewallRules: [{170D547E-CC61-431E-8F16-13B7DAA3D232}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe => No File  
Task: {FE6BA63E-C9EC-48D2-BCBF-AB75F2A857D0} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusHotkey.exe"  -CancelShutdown (No File)  
2024-11-11 01:35 - 2024-11-11 01:35 - 002338304 _____ () [File not signed] \\?\C:\Users\that1\AppData\Local\Temp\a1113b10-b4f9-4d21-925c-31749786db76.tmp.node  
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Rename folder?
AdwCleaner report
Fixlog

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#4 thatoneguyyep101

Topic Starter

Members
364 posts
OFFLINE

Gender:Male
Local time:03:02 AM

Posted 13 November 2024 - 12:05 AM

Redacted is the name of a scary game from Steam. I have a firecuda gaminghub 8tb hdd but it requires it's own electrical outlet so I usually have it unplugged so maybe that's why some stuff says no file?

Because my games are stored on that. But I have it unplugged right now.

I have attached the logs you asked for, thank you!

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-10-23.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-12-2024
# Duration: 00:00:01
# OS:       Windows 11 (Build 26100.2033)
# Cleaned: 1
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Classes\Prod.cap

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1478 octets] - [12/11/2024 22:51:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2024
Ran by that1 (12-11-2024 22:56:55) Run:1
Running from C:\Users\that1\Desktop
Loaded Profiles: that1
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Program Files (x86)\ONN
Task: {FE6BA63E-C9EC-48D2-BCBF-AB75F2A857D0} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusHotkey.exe" -CancelShutdown (No File)
Task: {FAE0D05B-5FE9-44D5-ADB1-C524398C9184} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (No File)
Task: {08040C0E-7341-4089-BE15-FC23E2FA42EF} - System32\Tasks\ASUS\Armoury Crate Service Task_CountDown => C:\ProgramData\ASUS\FestsEffect\data\CountDown\CountDown.exe (No File)
Task: {9B693205-15B3-464C-B2F1-DD0CE8DBA949} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (No File)
Task: {5CF3674E-960C-4FBE-8A65-D34E72B7E340} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe --delay (No File)
Task: {01BC6C2E-1276-47CF-9F1A-A88B28CD082E} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (No File)
Task: {A8F8EC69-F4F5-4951-82BD-DBC13AA61292} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {B220717F-6B72-4534-8DA5-C566C0690166} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSSystemAnalysis\AsusSystemAnalysis.exe" -j0 (No File)
Task: {A06D9001-2882-4D6B-AD1C-F90D7340B3B1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
FirewallRules: [{21A309B6-7351-4D23-91FF-3C8C5B7F512C}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{B403614B-C273-44F5-AE68-16C66D31ED34}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{15DC7E89-01B7-4773-98A9-3512332B7694}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe => No File
FirewallRules: [{2577C4EE-75D0-4143-BDE6-A9D7070466D9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe => No File
FirewallRules: [{6989506C-E1FF-40CF-9CB2-6474C218DBDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe => No File
FirewallRules: [{38EB3B8B-3485-4E19-A388-616A1CDE49BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe => No File
FirewallRules: [{3E0724DE-848A-4C1E-A941-E1BE7E72FF6C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe => No File
FirewallRules: [{6A1FB5CF-8F8D-4799-8792-FA492BE34E70}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe => No File
FirewallRules: [{371C665A-B63A-4081-92D6-9C1E08E2C04C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{4232605C-9DB5-47B7-8459-C7E573764AAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{110AADAE-FDE3-4272-9924-CFF706E7D60A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{84670B5D-6E17-48D1-B802-47EBF6FD9001}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8B61003A-A70D-4FB1-90D7-C94275913C8D}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe => No File
FirewallRules: [{4B033EBD-F193-4FEA-8CF6-2C7FA8657196}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe => No File
FirewallRules: [{5FC77FF2-6C98-434C-A884-771C2601D735}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe => No File
FirewallRules: [{AAE97546-A8DF-4000-BAA0-5ED89E37BE1E}] => (Allow) F:\SteamLibrary\steamapps\common\LOCKDOWN Protocol\LockdownProtocol.exe => No File
FirewallRules: [{69965837-DF30-4F88-BE32-FC5AE5A32C99}] => (Allow) F:\SteamLibrary\steamapps\common\LOCKDOWN Protocol\LockdownProtocol.exe => No File
FirewallRules: [{81D33CCE-4EDC-4483-AC3C-AD6005C9EB46}] => (Allow) C:\Program Files\WindowsApps\ReincubateLtd.CamoStudio_2.1.260.0_x64__9bq3v28c93p4r\CamoStudio.exe => No File
FirewallRules: [{287D2C7C-5C6E-41BA-B300-D7E493650A03}] => (Allow) C:\Program Files\WindowsApps\ReincubateLtd.CamoStudio_2.1.260.0_x64__9bq3v28c93p4r\CamoStudio.exe => No File
FirewallRules: [{DBBC6AD2-1E5F-46CB-A619-61CD4EE14B80}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{7D2C5566-94E1-43B6-BD7D-FD1B05831053}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{9DB76E4F-C343-42BF-A0EA-F5112960BD96}] => (Allow) F:\SteamLibrary\steamapps\common\Histera\Histera.exe => No File
FirewallRules: [{663E8930-EB40-4F94-A4FC-31072630225F}] => (Allow) F:\SteamLibrary\steamapps\common\Histera\Histera.exe => No File
FirewallRules: [{3B4933AA-55D5-4658-878B-A2D5E9E62731}] => (Allow) F:\SteamLibrary\steamapps\common\Black Mesa\bms.exe => No File
FirewallRules: [{6486A58E-8857-44A6-8155-2264D7C7E56F}] => (Allow) F:\SteamLibrary\steamapps\common\Black Mesa\bms.exe => No File
FirewallRules: [{E76876B8-3657-46F6-9283-2646FAFA1ADC}] => (Allow) F:\SteamLibrary\steamapps\common\DIRDE\DeadIslandRiptideGame.exe => No File
FirewallRules: [{4B3BA651-82E2-48F5-A3A6-514A6694E304}] => (Allow) F:\SteamLibrary\steamapps\common\DIRDE\DeadIslandRiptideGame.exe => No File
FirewallRules: [{DB0B233E-DF67-402C-B8E1-4179D605F682}] => (Allow) F:\SteamLibrary\steamapps\common\Please, Touch The Artwork Too\Please, Touch The Artwork 2.exe => No File
FirewallRules: [{ECBCCE8D-0FFA-4706-9ACC-B959C9B3122E}] => (Allow) F:\SteamLibrary\steamapps\common\Please, Touch The Artwork Too\Please, Touch The Artwork 2.exe => No File
FirewallRules: [{F0A56418-C319-4353-915F-7CE1F541D816}] => (Allow) F:\SteamLibrary\steamapps\common\Anonymous Hacker Simulator Prologue\HackerLifeSimulator.exe => No File
FirewallRules: [{026C62B6-2C99-42F0-9DA4-5BA20A8057B4}] => (Allow) F:\SteamLibrary\steamapps\common\Anonymous Hacker Simulator Prologue\HackerLifeSimulator.exe => No File
FirewallRules: [{93B449A7-C315-4DD3-8C2D-9536180C455C}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStorm\Game_Content\Windows_Build\DarkStorm.exe => No File
FirewallRules: [{1AC15978-9C93-4DB4-B86B-81ED2D9706E4}] => (Allow) F:\SteamLibrary\steamapps\common\DarkStorm\Game_Content\Windows_Build\DarkStorm.exe => No File
FirewallRules: [{3E8D81C2-FF10-47B4-9C27-223112C7409A}] => (Allow) F:\SteamLibrary\steamapps\common\Once Human\ONCE_HUMAN.exe => No File
FirewallRules: [{2D847EED-7714-4DE7-B867-BCD1C6C6D54B}] => (Allow) F:\SteamLibrary\steamapps\common\Once Human\ONCE_HUMAN.exe => No File
FirewallRules: [{835E12A6-8B3F-4799-A9D0-3B7481DB6D8B}] => (Allow) F:\SteamLibrary\steamapps\common\The Classrooms\The Classrooms.exe => No File
FirewallRules: [{994E340A-2351-41C0-A086-468D15BF3A67}] => (Allow) F:\SteamLibrary\steamapps\common\The Classrooms\The Classrooms.exe => No File
FirewallRules: [{E7FFEDC8-3B8A-482E-BB0B-1408CED44341}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killer\ZombieKiller.exe => No File
FirewallRules: [{0F7B3D31-EA5F-4D6F-9898-D1A73E70215A}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killer\ZombieKiller.exe => No File
FirewallRules: [{839411CF-EF0D-469B-8452-05C1FDF2FC49}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killing Simulator\Zombie Killing Simulator.exe => No File
FirewallRules: [{C419FB6B-F327-4704-8F8C-B6263F273B23}] => (Allow) F:\SteamLibrary\steamapps\common\Zombie Killing Simulator\Zombie Killing Simulator.exe => No File
FirewallRules: [{E995220C-E9BA-4BF5-959C-A531F57ABC5A}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe => No File
FirewallRules: [{99DF4F4F-0B99-4A87-9B68-AA57D908AE4D}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe => No File
FirewallRules: [{251BF216-DC05-4F22-987F-F49753786939}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{D95A9A5C-DD13-4CFB-948B-0E55A41F1F3F}] => (Allow) F:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File
FirewallRules: [{BB2CA51A-7A3F-488B-A9CF-9FB59FBB11AA}] => (Allow) F:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{FF8E35C8-2BAB-422D-8051-A9F85BE4C263}] => (Allow) F:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{814602C9-4A44-4F35-8F9F-D768A8744D83}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File
FirewallRules: [{5E18EE8C-A1B7-4E96-97E2-1BBBE19EF70E}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File
FirewallRules: [{87350E69-05DA-4684-B603-4E687298C384}] => (Allow) F:\SteamLibrary\steamapps\common\Pinball M\PinballM.exe => No File
FirewallRules: [{97E808D1-31B7-4AD0-AF20-FD30AC6836F5}] => (Allow) F:\SteamLibrary\steamapps\common\Pinball M\PinballM.exe => No File
FirewallRules: [{20ADFFFB-8929-4A3A-8EFF-553FDE71BB3B}] => (Allow) F:\SteamLibrary\steamapps\common\left 4 dead\left4dead.exe => No File
FirewallRules: [{993A2CA3-79C4-4A75-8CE9-821236D5FA5D}] => (Allow) F:\SteamLibrary\steamapps\common\left 4 dead\left4dead.exe => No File
FirewallRules: [{CB286469-0713-4109-9D28-AAC319AF324F}] => (Allow) F:\SteamLibrary\steamapps\common\DeadCore\DeadCore.exe => No File
FirewallRules: [{AF32E616-8B2F-4E8A-9DD5-5630D99BDADD}] => (Allow) F:\SteamLibrary\steamapps\common\DeadCore\DeadCore.exe => No File
FirewallRules: [{6073CC88-9709-43DC-BA05-32FA6F4D548F}] => (Allow) F:\SteamLibrary\steamapps\common\Beyond the Breach\BeyondTheBreach.exe => No File
FirewallRules: [{F89972C7-F853-4DF6-94B1-F71A1CF796FA}] => (Allow) F:\SteamLibrary\steamapps\common\Beyond the Breach\BeyondTheBreach.exe => No File
FirewallRules: [{EC68FA89-6F88-4183-BB2B-E60D0609B2A7}] => (Allow) F:\SteamLibrary\steamapps\common\KILLFISH\KILLFISH.exe => No File
FirewallRules: [{20950920-C61A-40D6-9F9D-58EE3E238A43}] => (Allow) F:\SteamLibrary\steamapps\common\KILLFISH\KILLFISH.exe => No File
FirewallRules: [{FD960DF5-32AF-4C89-BDA6-A18020C4A9B7}] => (Allow) F:\SteamLibrary\steamapps\common\Portal\hl2.exe => No File
FirewallRules: [{F21327BF-7142-4037-9594-6B3A7B7003C4}] => (Allow) F:\SteamLibrary\steamapps\common\Portal\hl2.exe => No File
FirewallRules: [{1E43C240-1D58-478C-A4CD-3FDCEDB003C2}] => (Allow) F:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe => No File
FirewallRules: [{B2F71196-6EB5-4E1F-BE7B-9169329B85C3}] => (Allow) F:\SteamLibrary\steamapps\common\INSIDE\INSIDE.exe => No File
FirewallRules: [{D1F3244A-A9BF-4936-8593-13B96E60B227}] => (Allow) F:\SteamLibrary\steamapps\common\Limbo\limbo.exe => No File
FirewallRules: [{E4415E3A-526F-4DEF-A744-D9914532BFCB}] => (Allow) F:\SteamLibrary\steamapps\common\Limbo\limbo.exe => No File
FirewallRules: [{3297B603-6404-4903-B9AF-4E5B33B617FE}] => (Allow) F:\SteamLibrary\steamapps\common\The Uncertain - Light At The End\splash.exe => No File
FirewallRules: [{A9F865F3-3B38-4676-BAFF-EB0E81B792F2}] => (Allow) F:\SteamLibrary\steamapps\common\The Uncertain - Light At The End\splash.exe => No File
FirewallRules: [{369BE1AA-D5BD-4D1F-994B-E01857DE198C}] => (Allow) F:\SteamLibrary\steamapps\common\Tipping Point Climate Rangers\TippingPoint.exe => No File
FirewallRules: [{E8F870AC-8C20-427E-A127-4C7E16FF3D02}] => (Allow) F:\SteamLibrary\steamapps\common\Tipping Point Climate Rangers\TippingPoint.exe => No File
FirewallRules: [{504E0E02-DE0C-4238-A1E0-6291709ABDD2}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Rulebreaker\SCPrulebreaker.exe => No File
FirewallRules: [{F2DF50B1-FAB7-4907-89AB-0C85C14F63A0}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Rulebreaker\SCPrulebreaker.exe => No File
FirewallRules: [{28A17B6A-3EF8-4A12-8F4C-77DC85C05A9F}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Secret Laboratory\SCPSL.exe => No File
FirewallRules: [{C8C04696-B10D-4097-AA12-3AEB5706E16F}] => (Allow) F:\SteamLibrary\steamapps\common\SCP Secret Laboratory\SCPSL.exe => No File
FirewallRules: [{900F90DE-47E8-472C-B4B6-8D9CAAFA7C62}] => (Allow) F:\SteamLibrary\steamapps\common\REDACTED\REDACTED\REDACTED.exe => No File
FirewallRules: [{AA5AB2F0-ED76-4D5E-82C7-9ADD322AF3E5}] => (Allow) F:\SteamLibrary\steamapps\common\REDACTED\REDACTED\REDACTED.exe => No File
FirewallRules: [{5F150FD1-FF6C-4834-8752-824FFA67DEDC}] => (Allow) F:\SteamLibrary\steamapps\common\Deceit 2\start_protected_game.exe => No File
FirewallRules: [{57013558-5BCA-424C-896A-D591643ECA01}] => (Allow) F:\SteamLibrary\steamapps\common\Deceit 2\start_protected_game.exe => No File
FirewallRules: [{58724829-ADE1-4BDC-9931-4F297E42DDEC}] => (Allow) F:\SteamLibrary\steamapps\common\Superliminal\SuperliminalSteam.exe => No File
FirewallRules: [{D5321AA6-A172-4E85-B26F-F214CABAEEC2}] => (Allow) F:\SteamLibrary\steamapps\common\Superliminal\SuperliminalSteam.exe => No File
FirewallRules: [{80AFA248-7724-41F0-90AD-57F935E4185A}] => (Allow) F:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File
FirewallRules: [{AEF716B9-B76F-407A-89E1-1DCEF6ECA1C0}] => (Allow) F:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File
FirewallRules: [{C8C9BF63-F8A9-4284-87F1-9CB01C085D25}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{D8EC05A1-56B5-447B-A80B-83C5027969B1}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{1256563F-0956-4993-8105-8B7541F0F8E1}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{D1F9C59E-C8E1-460F-8CC4-899092E46F62}] => (Allow) F:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{9E31B4E1-B957-49FA-A0F3-23038AE04A07}] => (Allow) D:\SteamLibrary\steamapps\common\URBO Dream One\URBO Dream One.exe => No File
FirewallRules: [{1BAE6CEF-47C7-4FCB-BECD-DE8CE3967E9E}] => (Allow) D:\SteamLibrary\steamapps\common\URBO Dream One\URBO Dream One.exe => No File
FirewallRules: [{BE66FB58-D69C-4871-803B-8CF66BA22C23}] => (Allow) F:\SteamLibrary\steamapps\common\Noise Hunters\NoiseHunters.exe => No File
FirewallRules: [{2928244D-DF65-4DD2-A45C-431DF9896B11}] => (Allow) F:\SteamLibrary\steamapps\common\Noise Hunters\NoiseHunters.exe => No File
FirewallRules: [{6B3A6EBC-8B6D-494F-8896-44FA22A33468}] => (Allow) F:\SteamLibrary\steamapps\common\Orwell\Orwell.exe => No File
FirewallRules: [{53122188-2033-4E44-A0E2-DDD160968195}] => (Allow) F:\SteamLibrary\steamapps\common\Orwell\Orwell.exe => No File
FirewallRules: [{C6EDD8AF-FE18-4AE9-913F-7482A09D524A}] => (Allow) F:\SteamLibrary\steamapps\common\Pure Sniper\Pure Sniper.exe => No File
FirewallRules: [{9D907AF7-0A7A-4FE0-BC9E-EBF0912062CE}] => (Allow) F:\SteamLibrary\steamapps\common\Pure Sniper\Pure Sniper.exe => No File
FirewallRules: [{CC67DAD6-F5CA-45DF-83DB-ED01D7B3C1EC}] => (Allow) F:\SteamLibrary\steamapps\common\TaxiCopter\TaxiCopter.exe => No File
FirewallRules: [{6A1E65A3-F420-4EBF-8EE7-90D81B252228}] => (Allow) F:\SteamLibrary\steamapps\common\TaxiCopter\TaxiCopter.exe => No File
FirewallRules: [{6E58DF51-E67F-4226-8B03-C893A3AA300B}] => (Allow) F:\SteamLibrary\steamapps\common\Effugium\Effugium.exe => No File
FirewallRules: [{14D01C17-21A9-4AD4-9232-6BF943DFD2BE}] => (Allow) F:\SteamLibrary\steamapps\common\Effugium\Effugium.exe => No File
FirewallRules: [{82417B27-4E03-47CC-8A25-0826D1568263}] => (Allow) E:\SteamLibrary\steamapps\common\Call of Duty HQ\cod.exe => No File
FirewallRules: [{4F6B5387-F0EA-468F-8131-C479F4B1CDB9}] => (Allow) E:\SteamLibrary\steamapps\common\Call of Duty HQ\cod.exe => No File
FirewallRules: [{775D1CFB-F2D9-4875-8B88-EE74B76725B0}] => (Allow) E:\SteamLibrary\steamapps\common\Deceit\start_protected_game.exe => No File
FirewallRules: [{8ABF7744-F677-4688-9A50-DCCB85D423EA}] => (Allow) E:\SteamLibrary\steamapps\common\Deceit\start_protected_game.exe => No File
FirewallRules: [UDP Query User{F42CE306-E2FB-4056-88B3-273CF078155F}C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{56D6C350-D6CE-4E30-8A44-9EFCECEE7C50}C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{550C8144-F3D5-4316-A405-8F09B726C007}] => (Allow) D:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File
FirewallRules: [{FAA8EF80-07CD-40CF-AE15-8B4AD49DC713}] => (Allow) D:\SteamLibrary\steamapps\common\RustStaging\Rust.exe => No File
FirewallRules: [{18F3AE84-6B84-4E5B-B6DB-47FFEBA2EFD8}] => (Allow) D:\SteamLibrary\steamapps\common\Only Up!\OnlyUP.exe => No File
FirewallRules: [{F5F4157F-9D3A-434D-BB37-DAE1F92A0283}] => (Allow) D:\SteamLibrary\steamapps\common\Only Up!\OnlyUP.exe => No File
FirewallRules: [{E959F046-4439-4F48-80A3-C714E1D8AA9B}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{4F21C539-782D-4D42-A08E-1F5383560289}] => (Allow) D:\SteamLibrary\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{0CCEC69C-3574-4598-BC15-E05E59F5871E}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{FD913B95-8EC5-4395-A277-4B6EEF205A99}] => (Allow) D:\SteamLibrary\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{0749E501-F082-4C6C-96C1-1F061F46CAD7}] => (Allow) C:\Users\that1\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe => No File
FirewallRules: [{FE2CAFA6-F4B5-4ABB-8D35-347C1A275AAF}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{170D547E-CC61-431E-8F16-13B7DAA3D232}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe => No File
Task: {FE6BA63E-C9EC-48D2-BCBF-AB75F2A857D0} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_7a3a8aa248377da4\ASUSOptimization\AsusHotkey.exe" -CancelShutdown (No File)
2024-11-11 01:35 - 2024-11-11 01:35 - 002338304 _____ () [File not signed] \\?\C:\Users\that1\AppData\Local\Temp\a1113b10-b4f9-4d21-925c-31749786db76.tmp.node
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************

Restore point was successfully created.
Processes closed successfully.

========================= Folder: C:\Program Files (x86)\ONN ========================

2024-09-26 21:48 - 2023-12-25 23:53 - 000640808 ____A [D6D648244EA50D3B53D48B525F5FE315] (Shenzhen Evision Semiconductor Technology Co., Ltd -> ) C:\Program Files (x86)\ONN\uninst.exe
2024-11-02 22:15 - 2024-11-02 22:15 - 000000000 ____D [00000000000000000000000000000000] C:\Program Files (x86)\ONN\Driver
2024-11-02 22:15 - 2024-11-02 22:15 - 000000000 ____D [00000000000000000000000000000000] C:\Program Files (x86)\ONN\Driver\x64

====== End of Folder: ======

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE6BA63E-C9EC-48D2-BCBF-AB75F2A857D0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE6BA63E-C9EC-48D2-BCBF-AB75F2A857D0}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS Optimization 36D18D69AFC3 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Optimization 36D18D69AFC3" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FAE0D05B-5FE9-44D5-ADB1-C524398C9184}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAE0D05B-5FE9-44D5-ADB1-C524398C9184}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\AcPowerNotification => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\AcPowerNotification" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08040C0E-7341-4089-BE15-FC23E2FA42EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08040C0E-7341-4089-BE15-FC23E2FA42EF}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\Armoury Crate Service Task_CountDown => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\Armoury Crate Service Task_CountDown" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B693205-15B3-464C-B2F1-DD0CE8DBA949}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B693205-15B3-464C-B2F1-DD0CE8DBA949}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\ArmourySocketServer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ArmourySocketServer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CF3674E-960C-4FBE-8A65-D34E72B7E340}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CF3674E-960C-4FBE-8A65-D34E72B7E340}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\Framework Service => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\Framework Service" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01BC6C2E-1276-47CF-9F1A-A88B28CD082E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01BC6C2E-1276-47CF-9F1A-A88B28CD082E}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\NoiseCancelingEngine => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\NoiseCancelingEngine" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8F8EC69-F4F5-4951-82BD-DBC13AA61292}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F8EC69-F4F5-4951-82BD-DBC13AA61292}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B220717F-6B72-4534-8DA5-C566C0690166}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B220717F-6B72-4534-8DA5-C566C0690166}" => removed successfully
C:\WINDOWS\System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06D9001-2882-4D6B-AD1C-F90D7340B3B1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06D9001-2882-4D6B-AD1C-F90D7340B3B1}" => removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21A309B6-7351-4D23-91FF-3C8C5B7F512C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B403614B-C273-44F5-AE68-16C66D31ED34}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15DC7E89-01B7-4773-98A9-3512332B7694}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2577C4EE-75D0-4143-BDE6-A9D7070466D9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6989506C-E1FF-40CF-9CB2-6474C218DBDA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38EB3B8B-3485-4E19-A388-616A1CDE49BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E0724DE-848A-4C1E-A941-E1BE7E72FF6C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A1FB5CF-8F8D-4799-8792-FA492BE34E70}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{371C665A-B63A-4081-92D6-9C1E08E2C04C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4232605C-9DB5-47B7-8459-C7E573764AAB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{110AADAE-FDE3-4272-9924-CFF706E7D60A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84670B5D-6E17-48D1-B802-47EBF6FD9001}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B61003A-A70D-4FB1-90D7-C94275913C8D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B033EBD-F193-4FEA-8CF6-2C7FA8657196}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5FC77FF2-6C98-434C-A884-771C2601D735}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AAE97546-A8DF-4000-BAA0-5ED89E37BE1E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69965837-DF30-4F88-BE32-FC5AE5A32C99}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81D33CCE-4EDC-4483-AC3C-AD6005C9EB46}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{287D2C7C-5C6E-41BA-B300-D7E493650A03}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBBC6AD2-1E5F-46CB-A619-61CD4EE14B80}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D2C5566-94E1-43B6-BD7D-FD1B05831053}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DB76E4F-C343-42BF-A0EA-F5112960BD96}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{663E8930-EB40-4F94-A4FC-31072630225F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B4933AA-55D5-4658-878B-A2D5E9E62731}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6486A58E-8857-44A6-8155-2264D7C7E56F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E76876B8-3657-46F6-9283-2646FAFA1ADC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B3BA651-82E2-48F5-A3A6-514A6694E304}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB0B233E-DF67-402C-B8E1-4179D605F682}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECBCCE8D-0FFA-4706-9ACC-B959C9B3122E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0A56418-C319-4353-915F-7CE1F541D816}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{026C62B6-2C99-42F0-9DA4-5BA20A8057B4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93B449A7-C315-4DD3-8C2D-9536180C455C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AC15978-9C93-4DB4-B86B-81ED2D9706E4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E8D81C2-FF10-47B4-9C27-223112C7409A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D847EED-7714-4DE7-B867-BCD1C6C6D54B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{835E12A6-8B3F-4799-A9D0-3B7481DB6D8B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{994E340A-2351-41C0-A086-468D15BF3A67}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7FFEDC8-3B8A-482E-BB0B-1408CED44341}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F7B3D31-EA5F-4D6F-9898-D1A73E70215A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{839411CF-EF0D-469B-8452-05C1FDF2FC49}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C419FB6B-F327-4704-8F8C-B6263F273B23}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E995220C-E9BA-4BF5-959C-A531F57ABC5A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99DF4F4F-0B99-4A87-9B68-AA57D908AE4D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{251BF216-DC05-4F22-987F-F49753786939}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D95A9A5C-DD13-4CFB-948B-0E55A41F1F3F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB2CA51A-7A3F-488B-A9CF-9FB59FBB11AA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF8E35C8-2BAB-422D-8051-A9F85BE4C263}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{814602C9-4A44-4F35-8F9F-D768A8744D83}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E18EE8C-A1B7-4E96-97E2-1BBBE19EF70E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87350E69-05DA-4684-B603-4E687298C384}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97E808D1-31B7-4AD0-AF20-FD30AC6836F5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20ADFFFB-8929-4A3A-8EFF-553FDE71BB3B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{993A2CA3-79C4-4A75-8CE9-821236D5FA5D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB286469-0713-4109-9D28-AAC319AF324F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF32E616-8B2F-4E8A-9DD5-5630D99BDADD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6073CC88-9709-43DC-BA05-32FA6F4D548F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F89972C7-F853-4DF6-94B1-F71A1CF796FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC68FA89-6F88-4183-BB2B-E60D0609B2A7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20950920-C61A-40D6-9F9D-58EE3E238A43}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD960DF5-32AF-4C89-BDA6-A18020C4A9B7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F21327BF-7142-4037-9594-6B3A7B7003C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E43C240-1D58-478C-A4CD-3FDCEDB003C2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2F71196-6EB5-4E1F-BE7B-9169329B85C3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1F3244A-A9BF-4936-8593-13B96E60B227}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4415E3A-526F-4DEF-A744-D9914532BFCB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3297B603-6404-4903-B9AF-4E5B33B617FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9F865F3-3B38-4676-BAFF-EB0E81B792F2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{369BE1AA-D5BD-4D1F-994B-E01857DE198C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8F870AC-8C20-427E-A127-4C7E16FF3D02}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{504E0E02-DE0C-4238-A1E0-6291709ABDD2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2DF50B1-FAB7-4907-89AB-0C85C14F63A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28A17B6A-3EF8-4A12-8F4C-77DC85C05A9F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8C04696-B10D-4097-AA12-3AEB5706E16F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{900F90DE-47E8-472C-B4B6-8D9CAAFA7C62}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA5AB2F0-ED76-4D5E-82C7-9ADD322AF3E5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F150FD1-FF6C-4834-8752-824FFA67DEDC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57013558-5BCA-424C-896A-D591643ECA01}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58724829-ADE1-4BDC-9931-4F297E42DDEC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5321AA6-A172-4E85-B26F-F214CABAEEC2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80AFA248-7724-41F0-90AD-57F935E4185A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEF716B9-B76F-407A-89E1-1DCEF6ECA1C0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8C9BF63-F8A9-4284-87F1-9CB01C085D25}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8EC05A1-56B5-447B-A80B-83C5027969B1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1256563F-0956-4993-8105-8B7541F0F8E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1F9C59E-C8E1-460F-8CC4-899092E46F62}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E31B4E1-B957-49FA-A0F3-23038AE04A07}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BAE6CEF-47C7-4FCB-BECD-DE8CE3967E9E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE66FB58-D69C-4871-803B-8CF66BA22C23}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2928244D-DF65-4DD2-A45C-431DF9896B11}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B3A6EBC-8B6D-494F-8896-44FA22A33468}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53122188-2033-4E44-A0E2-DDD160968195}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6EDD8AF-FE18-4AE9-913F-7482A09D524A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D907AF7-0A7A-4FE0-BC9E-EBF0912062CE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC67DAD6-F5CA-45DF-83DB-ED01D7B3C1EC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A1E65A3-F420-4EBF-8EE7-90D81B252228}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E58DF51-E67F-4226-8B03-C893A3AA300B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14D01C17-21A9-4AD4-9232-6BF943DFD2BE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82417B27-4E03-47CC-8A25-0826D1568263}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F6B5387-F0EA-468F-8131-C479F4B1CDB9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{775D1CFB-F2D9-4875-8B88-EE74B76725B0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8ABF7744-F677-4688-9A50-DCCB85D423EA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F42CE306-E2FB-4056-88B3-273CF078155F}C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{56D6C350-D6CE-4E30-8A44-9EFCECEE7C50}C:\users\that1\appdata\local\discord\app-1.0.9013\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{550C8144-F3D5-4316-A405-8F09B726C007}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FAA8EF80-07CD-40CF-AE15-8B4AD49DC713}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18F3AE84-6B84-4E5B-B6DB-47FFEBA2EFD8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5F4157F-9D3A-434D-BB37-DAE1F92A0283}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E959F046-4439-4F48-80A3-C714E1D8AA9B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F21C539-782D-4D42-A08E-1F5383560289}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CCEC69C-3574-4598-BC15-E05E59F5871E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD913B95-8EC5-4395-A277-4B6EEF205A99}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0749E501-F082-4C6C-96C1-1F061F46CAD7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE2CAFA6-F4B5-4ABB-8D35-347C1A275AAF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{170D547E-CC61-431E-8F16-13B7DAA3D232}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE6BA63E-C9EC-48D2-BCBF-AB75F2A857D0}" => not found
"C:\WINDOWS\System32\Tasks\ASUS Optimization 36D18D69AFC3" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Optimization 36D18D69AFC3" => not found
C:\Users\that1\AppData\Local\Temp\a1113b10-b4f9-4d21-925c-31749786db76.tmp.node => moved successfully

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.26100.1150

Image Version: 10.0.26100.2033

No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 22:58:20 ====

Thanks again, I'll try replying later today!

#5 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
59,072 posts
OFFLINE

Gender:Male
Location:California
Local time:01:02 AM

Posted 13 November 2024 - 10:02 AM

Yes, the No file is likely related to that. The Firewall Rules should be recreated or you may be asked to allow a rule.

Some system files were repaired which is common.

Things look good and the MSERT findings can be ignored.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 thatoneguyyep101

Topic Starter

Members
364 posts
OFFLINE

Gender:Male
Local time:03:02 AM

Posted Today, 12:43 AM

ok so you don't think it's infected? Also thank you again for looking into all of that! I wasn't aware that msert could say it found stuff, then look into more detail after the scan then say it found nothing at the end.

Back to Virus, Trojan, Spyware, and Malware Removal Help