Hundreds of rundll32.exe running

**maxim123** · 07-12-2024, 04:55 AM

Originally posted by Malnutrition

sorry for the delay, work took longer than expected.

Download AV block remover .
Unzip to your C:\Windows\System32 folder.
To do that hit the windows key and R at the same time, copy and paste C:\Windows\System32 into the run box hit ok.
Drag and drop–Unzip the program inside this folder.
Right click run as admin and follow the instructions. If it does not start, rename the AVbr.exe file to, for example, AV_br.exe
Click yes to reset hosts file.
After the machine reboots then there will be a logfile in the new folder created, post that please.

Hi, here are the log files. there was no option to reset hosts file.
I will be going with the windows repair now.

**maxim123** · 07-12-2024, 06:13 AM

Hi, I installed the repair version win11 23h2.
all the desktop shortcuts and files are also saved? thought it would reset the desktop to a clean slate.

Do I now wait to see if another BSOD appears?

**maxim123** · 07-12-2024, 11:33 AM

an update. so I left after a while of installing the repair version. I turned off the laptop. I returned just now and turned it on, and got the same error code BSOD again.

**Malnutrition** · 07-13-2024, 02:12 AM

Ok did the computer give a dump file this time?

**Malnutrition** · 07-14-2024, 09:11 PM

Ok can you run speccy and attach the report. This is no longer a malware issue but I’ll be happy to take a look.

**maxim123** · 07-15-2024, 03:52 AM

Hi, here is the speccy link:

http://speccy.piriform.com/results/Te8dsJElKW6gvnaEpvrXZCc

**maxim123** · 07-16-2024, 01:45 PM

also, windows explorer keeps hanging

**Malnutrition** · 07-17-2024, 12:05 AM

In my first FRST fix I removed these.

IFEO\osppsvc.exe: [VerifierDlls]
IFEO\SppExtComObj.exe: [VerifierDlls]

This is an entry point hijack used by KMSpico Activator.

Is windows activated with this tool?

**Malnutrition** · 07-17-2024, 12:30 AM

There are a lot of errors with this.

Uninstall [COLOR=rgb(184, 49, 47)]Control Center Service (HKLM...{6ea3ce12-b991-4b65-9f8d-b148eaaecd87}_is1) (Version: 4.1.47.11 - OEM)
With GeekUninstaller.

[ICODE]Computer Name: DESKTOP-NLBF3N2 Event Code: 1000 Message: Faulting application name: GCUService.exe, version: 1.0.2.70, time stamp: 0x640579b1 Faulting module name: KERNELBASE.dll, version: 10.0.22621.3733, time stamp: 0x44653e19 Exception code: 0xe0434352 Fault offset: 0x000000000005f39c Faulting process id: 0x0xACB0 Faulting application start time: 0x0x1DACE030B3DF8FC Faulting application path: C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.e xe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 8fa80bcb-3f65-4cdf-8e58-a370ae0c604b Faulting package full name: Faulting package-relative application ID: Record Number: 156203 Source Name: Application Error Time Written: 20240704111224.079963-000 Event Type: Error User: NT AUTHORITY\SYSTEM[/ICODE]

Click Here

Code:

Computer Name: DESKTOP-NLBF3N2
Event Code: 10010
Message: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Record Number: 95090
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20240704101521.892312-000
Event Type: Error
User: DESKTOP-NLBF3N2\Max

[/COLOR]

**Malnutrition** · 07-17-2024, 12:45 AM

Disable your antivirus
Download Dr Web from the link below.

Code:

   [            https://free.drweb.com/download+cureit/gr/?lng=en        ]('https://free.drweb.com/download+cureit/gr/?lng=en')

Save the file to your desktop.
Right Click on the randomly named file.
Run as administrator.
Agree to terms and continue.
Select objects for scanning, make sure all boxes are ticked.
Then check mark the click to select files and folders.
Make sure C: drive is checked.
Click OK.
Then click start scanning.
Once the scan is completed.
click on open report.
Then select file.
Save then save cureit.log to desktop.
Upload the log to https://catbox.moe/ or https://ufile.io/ and send me a link to the file.
If you are sure about the files detected being malicious.
Then make sure all items are ticked and under action move to delete.
Then hit the Neutralize button.
Reboot your computer after the scan.

**maxim123** · 07-17-2024, 05:51 AM

Originally posted by Malnutrition

In my first FRST fix I removed these.

IFEO\osppsvc.exe: [VerifierDlls]
IFEO\SppExtComObj.exe: [VerifierDlls]

This is an entry point hijack used by KMSpico Activator.

Is windows activated with this tool?

no. it is activated with genuine license key.

the KMSpico was for microsoft office.

**maxim123** · 07-17-2024, 07:02 AM

Originally posted by Malnutrition

Disable your antivirus
Download Dr Web from the link below.

Code:

   [            https://free.drweb.com/download+cureit/gr/?lng=en        ]('https://free.drweb.com/download+cureit/gr/?lng=en')

Save the file to your desktop.
Right Click on the randomly named file.
Run as administrator.
Agree to terms and continue.
Select objects for scanning, make sure all boxes are ticked.
Then check mark the click to select files and folders.
Make sure C: drive is checked.
Click OK.
Then click start scanning.
Once the scan is completed.
click on open report.
Then select file.
Save then save cureit.log to desktop.
Upload the log to https://catbox.moe/ or https://ufile.io/ and send me a link to the file.
If you are sure about the files detected being malicious.
Then make sure all items are ticked and under action move to delete.
Then hit the Neutralize button.
Reboot your computer after the scan.

Hi, here is the log file: https://files.catbox.moe/wrug4v.log

**Malnutrition** · 07-17-2024, 08:03 AM

Ok. I’ll ask that you remove any and all pirated software. Using cracks and hacks for software is what is likely to have gotten you in this situation.

Remove control center and disable the software I suggested, post new frst logs.

I do apologize in the gaps in my replies, summer is busy for me I work 60-70 hours a week, when I get home it’s usually eat and sleep repeat work.

So remove software and upload fresh frst logs, let me know if removal of software and disable has helped.

**maxim123** · 07-17-2024, 08:17 AM

Originally posted by Malnutrition

Ok. I’ll ask that you remove any and all pirated software. Using cracks and hacks for software is what is likely to have gotten you in this situation.

Remove control center and disable the software I suggested, post new frst logs.

I do apologize in the gaps in my replies, summer is busy for me I work 60-70 hours a week, when I get home it’s usually eat and sleep repeat work.

So remove software and upload fresh frst logs, let me know if removal of software and disable has helped.

No worries. Thank you for taking the time to help even in your busy time. Really appreciate it.
I have removed control center (it came installed as default to control fan settings). I have disabled sandboxie and uninstalled it through geek, but it somehow was still in the tray.

Here are the FRST and Addition logs.

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.07.2024
Ran by Max (administrator) on DESKTOP-NLBF3N2 (Standard Standard) (17-07-2024 13:56:11)
Running from C:\Users\Ripple\Desktop\FRST64.exe
Loaded Profiles: Max
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3880 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation → Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe ->) (SteelSeries ApS → SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS → SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
(D:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] D:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(Discord Inc. → Discord Inc.) C:\Users\Ripple\AppData\Local\Discord\app-1.0.9154\Discord.exe <6>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_helper.exe
(Eclipse.org Foundation, Inc. → Eclipse Adoptium) D:\Program Files\OmegaT\jre\bin\javaw.exe
(explorer.exe ->) (GitHub, Inc.) [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\PreMiD.exe <3>
(explorer.exe ->) (Google LLC → Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(explorer.exe ->) (Matthew Malensek) [File not signed] D:\Program Files (x86)\3RVX\3RVX.exe
(explorer.exe ->) (OBS Project, LLC → OBS) D:\Program Files\obs-studio\bin\64bit\obs64.exe
(explorer.exe ->) (Riot Games, Inc. → Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. → Riot Games, Inc.) D:\Riot Games\Riot Client\RiotClientServices.exe
(explorer.exe ->) (SteelSeries ApS → SteelSeries ApS) C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
(Mozilla Corporation → Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <22>
(NVIDIA Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Creative Technology Ltd → Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_faf3bcecf744f99a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_4cd94d3ab4900da6\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe <2>
(services.exe ->) (Tonalio GmbH → Sandboxie-Plus.com) D:\Program Files\Sandboxie\SbieSvc.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe <2>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe [3496528 2021-12-29] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [15941968 2024-07-09] (SteelSeries ApS → SteelSeries ApS)
HKLM...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3023152 2024-06-28] (Riot Games, Inc. → Riot Games, Inc.)
HKLM...\Policies\Explorer: [NoInstrumentation] 1
HKLM\Software\Policies...\system: [EnableActivityFeed] 0
HKLM\Software\Policies...\system: [PublishUserActivities] 0
HKLM\Software\Policies...\system: [UploadUserActivities] 0
HKLM\Software\Policies...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-19...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Run: [3RVX] => D:\Program Files (x86)\3RVX\3RVX.exe [649216 2016-06-04] (Matthew Malensek) [File not signed]
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Run: [electron.app.BlueStacks Services] => C:\Users\Ripple\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-01-25] (Now.gg, INC → now.gg, Inc.)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Run: [Discord] => C:\Users\Ripple\AppData\Local\Discord\Update.exe [1526552 2024-05-13] (Discord Inc. → GitHub)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Run: [PreMiD] => C:\Users\Ripple\AppData\Roaming\PreMiD\PreMiD.exe [126285312 2021-02-21] (GitHub, Inc.) [File not signed]
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\chrmstp.exe [2024-07-17] (Google LLC → Google LLC)
Startup: C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANTECH X4S MACRO Gaming Mouse.lnk [2023-12-06]
ShortcutTarget: FANTECH X4S MACRO Gaming Mouse.lnk → D:\Program Files (x86)\FANTECH X4S MACRO Gaming Mouse\GM_Management.exe () [File not signed]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {EA42CB3B-5A39-4AC0-8A5A-68CE8D0FB14A} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-01-18] (Now.gg, INC → BlueStack Systems, Inc.)
Task: {37657D15-4F3E-4E41-926D-71EDD111C55C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5513520 2024-07-12] (Microsoft Windows → Microsoft Corporation)
Task: {D3499911-9F5B-4754-92D3-B6E135AE3417} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{C0EACB23-DDAF-459F-A287-CF96749DBEA5} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-14] (Google LLC → Google LLC)
Task: {87086893-B424-4430-86D3-EE498B4BE3D6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-08] (Microsoft Corporation → Microsoft Corporation)
Task: {67C10FB8-60E4-41A7-9758-CAD507917BC6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-08] (Microsoft Corporation → Microsoft Corporation)
Task: {CD4CC5AA-A4A1-4A44-ACB3-6C7B38A52BEE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-07-12] (Microsoft Corporation → Microsoft Corporation)
Task: {A89F3999-EEC5-427E-A763-8BA09B4403D1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-07-12] (Microsoft Corporation → Microsoft Corporation)
Task: {9656D819-62AF-4D69-B699-8C68A4310E22} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169408 2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Task: {79A20CC3-B704-460F-A061-E00C0679642C} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\WINDOWS\system32\rundll32.exe [90112 2024-07-12] (Microsoft Windows → Microsoft Corporation) → %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {3F888CBC-7594-4699-B4B5-1D9B2D37404D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {10518597-5D30-4221-8753-6F0E711E0D2B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {A422DBD1-3901-4C9A-865A-A668DFD2D395} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {A098E4CD-4193-4C33-8398-EF1F827C4E87} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {F67F9D95-F233-4101-915E-4DC4980112E0} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676936 2024-06-28] (Mozilla Corporation → Mozilla Corporation) → C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {098670C3-842F-4331-9869-89EE208595EE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34888 2024-06-28] (Mozilla Corporation → Mozilla Foundation)
Task: {176762D5-9B28-46D7-91E9-1F49E28C8B2D} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-23] () [File not signed]
Task: {3B68BE5D-1D28-4A37-9060-3479C160F4C6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation) → C:\Program Files\NVIDIA Corporation\NvContainer-d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {FFA705B0-F0F3-4335-AC88-F752BDDBD4D2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {665F3518-8591-4EB9-A1D1-C1A0D3523F3A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation) → C:\Program Files (x86)\NVIDIA Corporation\NvNode--launcher=TaskScheduler
Task: {94532462-E8CA-4A59-BB70-F974E4F927CA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {BE6011F2-46D2-46B4-ACFB-D7C02DF44EA2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {792583C0-E4F1-48F8-AC01-3428F7492A6A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C22467B7-99F2-406A-801A-0519DDE2288A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {69A8279C-3C72-440E-B9EA-89391F80871A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)
Task: {6603C4FF-A81E-46DB-A480-B0561102DFE4} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation → NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.101.1 8.8.8.8 4.4.4.4
Tcpip..\Interfaces{78d68de6-b91f-4ad0-b2d5-9d46d5172317}: [DhcpNameServer] 192.168.101.1 8.8.8.8 4.4.4.4
[HEADING=1]Edge:[/HEADING]
Edge Profile: C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-16]
Edge Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-15]
Edge Extension: (Edge relevant text changes) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-22]
Edge Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2024-07-04]
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: g5q70h39.default
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\g5q70h39.default [2024-07-15]
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release [2024-07-17]
FF DownloadDir: C:\Users\Ripple\Desktop
FF Homepage: Mozilla\Firefox\Profiles\10706u2g.default-release → about:blank
FF Session Restore: Mozilla\Firefox\Profiles\10706u2g.default-release → is enabled.
FF Notifications: Mozilla\Firefox\Profiles\10706u2g.default-release → hxxps://pomofocus.io
FF Extension: (Tampermonkey) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\firefox@tampermonkey.net.xpi [2024-05-11]
FF Extension: (FoxyProxy) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\foxyproxy@eric.h.jung.xpi [2024-01-31]
FF Extension: (Web Paint) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\jid1-0dhOSYKGj326og@jetpack.xpi [2024-04-26]
FF Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2024-07-10]
FF Extension: (PreMiD) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\support@premid.app.xpi [2024-07-16] [UpdateUrl:hxxps://api.premid.app/firefox/updates]
FF Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-05-25]
FF Extension: (Inkah: Chinese & Korean Pop-up Dictionary) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions{de5bbbad-7c53-468e-9d8d-9d737cf5ba81}.xpi [2023-12-06]
FF Extension: (Zhongwen: The Popular Chinese Learning Tool) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions{dedb3663-6f13-4c6c-bf0f-5bd111cb2c79}.xpi [2023-12-31]
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default [2024-07-17]
CHR Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-06-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-01]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2024-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15044872 2024-01-27] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-26] (Microsoft Corporation → Microsoft Corporation)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2024-05-25] (EasyAntiCheat Oy → Epic Games, Inc.)
S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation → Intel(R) Corporation)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe [2751664 2022-03-27] (Intel Corporation → Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8901528 2024-07-02] (Malwarebytes Inc. → Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-07-02] (Malwarebytes Inc. → Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe [1377416 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvtfi.inf_amd64_4cd94d3ab4900da6\Display.NvContainer\NVDisplay.Container.exe [1274888 2024-06-25] (NVIDIA Corporation → NVIDIA Corporation)
R2 SbieSvc; d:\Program Files\Sandboxie\SbieSvc.exe [410576 2024-02-06] (Tonalio GmbH → Sandboxie-Plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-07-12] (Microsoft Windows Publisher → Microsoft Corporation)
S3 SteelSeriesGGUpdateServiceProxy; C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe [1500608 2023-09-19] (SteelSeries ApS → )
R2 UWPService; C:\WINDOWS\SysWOW64\Creative.UWPRPCService.exe [364616 2022-08-03] (Creative Technology Ltd → Creative Technology Ltd)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9705560 2024-06-28] (Riot Games, Inc. → Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe [3236728 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe [133688 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher → Bluestack System Inc.)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_0e92b4646ab70162\iaLPSS2_GPIO2_ADL.sys [150624 2022-06-02] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_35ed2fd5a51c2bc2\iaLPSS2_I2C_ADL.sys [220256 2022-06-02] (Intel Corporation → Intel Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88760 2023-07-02] (Intel Corporation → Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_cpu.sys [80560 2022-03-27] (Intel Corporation → Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_lf.sys [432800 2022-03-27] (Intel Corporation → Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-07-02] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-07-02] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBfilt; C:\WINDOWS\system32\drivers\MBfilt64.sys [37528 2022-08-03] (WDKTestCert ctl_avpbuild,132732627431976536 → Creative Technology Ltd.)
R3 MpKslbe342405; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{392EE668-D311-433D-B3A8-784B517ACD93}\MpKslDrv.sys [271640 2024-07-17] (Microsoft Windows → Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [77792 2023-10-20] (Nmap Software LLC → Insecure.Com LLC.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03] (NVIDIA Corporation → NVIDIA Corporation)
R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [236576 2024-06-25] (NVIDIA Corporation → NVIDIA Corporation)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows → Realtek)
R3 SbieDrv; d:\Program Files\Sandboxie\SbieDrv.sys [242328 2024-02-06] (Microsoft Windows Hardware Compatibility Publisher → Sandboxie-Plus.com)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [43568 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher → SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [54408 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher → SteelSeries ApS)
R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys [95440 2023-03-18] (SteelSeries ApS → Windows (R) Win 7 DDK provider)
R3 UWACPIDriver; C:\WINDOWS\System32\drivers\UWACPIDriver.sys [43776 2022-09-14] (Uniwill Technology Inc. → )
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [40415320 2024-06-28] (Riot Games, Inc. → Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21968 2024-07-16] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-07-16] (Microsoft Windows → Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-07-16] (Microsoft Windows → Microsoft Corporation)
S2 IDMWFP; \SystemRoot\System32\drivers\idmwfp.sys 
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-17 13:56 - 2024-07-17 13:56 - 000026965 _____ C:\Users\Ripple\Desktop\FRST.txt
2024-07-17 13:56 - 2024-07-17 13:56 - 000000000 ____D C:\Users\Ripple\Desktop\FRST-OlderVersion
2024-07-17 12:58 - 2024-07-17 12:58 - 000412062 _____ C:\WINDOWS\system32\prfh0804.dat
2024-07-17 12:58 - 2024-07-17 12:58 - 000131110 _____ C:\WINDOWS\system32\prfc0804.dat
2024-07-17 12:27 - 2024-07-17 12:27 - 000055142 _____ C:\Users\Ripple\Desktop\1503.pdf
2024-07-17 11:39 - 2024-07-17 12:46 - 000000000 ____D C:\Users\Ripple\Doctor Web
2024-07-17 11:38 - 2024-07-17 11:38 - 288453352 _____ C:\Users\Ripple\Desktop\qs76k3x5.exe
2024-07-15 18:42 - 2024-07-17 12:51 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\PreMiD
2024-07-15 18:42 - 2024-07-15 18:42 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PreMiD
2024-07-15 17:39 - 2024-07-15 17:39 - 000001148 _____ C:\Users\Ripple\Desktop\PreMiD.lnk
2024-07-15 12:43 - 2024-07-15 12:43 - 000000028 _____ C:\Users\Ripple\Desktop\Netflix pass.txt
2024-07-14 19:30 - 2024-07-14 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\obs-backgroundremoval
2024-07-14 19:02 - 2024-07-17 13:13 - 000000016 _____ C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt
2024-07-14 19:00 - 2024-07-17 13:09 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\obs-studio
2024-07-14 19:00 - 2024-07-14 19:00 - 000000913 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2024-07-14 19:00 - 2024-07-14 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2024-07-13 17:38 - 2024-07-13 17:38 - 000000000 ___D C:\WINDOWS\system32\SteelSeries
2024-07-13 14:14 - 2024-07-13 14:14 - 004880964 _____ C:\Users\Ripple\Desktop\抖音2024713-486756 (1).mp4
2024-07-13 14:13 - 2024-07-13 14:15 - 027895393 _____ C:\Users\Ripple\Desktop\抖音2024713-486756.mp4
2024-07-12 12:06 - 2024-07-12 12:06 - 000025684 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-12 12:05 - 2024-07-12 12:05 - 000025684 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-07-12 11:55 - 2024-07-17 12:58 - 001381038 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-07-12 11:53 - 2023-06-16 07:33 - 000161920 _____ (Razer Inc) C:\WINDOWS\system32\RazerS3CoinstallerEx.dll
2024-07-12 11:52 - 2024-07-12 11:52 - 000000000 D C:\ProgramData\Microsoft OneDrive
2024-07-12 11:51 - 2024-07-17 12:51 - 000000006 H C:\WINDOWS\Tasks\SA.DAT
2024-07-12 11:51 - 2024-07-12 11:51 - 000003462 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 11:51 - 2024-07-12 11:51 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000003238 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-12 11:51 - 2024-07-12 11:51 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000002956 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2024-07-12 11:51 - 2024-07-12 11:51 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-12 11:51 - 2024-07-12 11:51 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000002160 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2024-07-12 11:51 - 2024-07-12 11:51 - 000000258 __RSH C:\ProgramData\ntuser.pol
2024-07-12 11:51 - 2024-07-12 11:51 - 000000020 ___SH C:\Users\Ripple\ntuser.ini
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-07-12 11:50 - 2024-07-12 11:51 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2024-07-12 11:50 - 2024-07-12 11:51 - 000011433 _____ C:\WINDOWS\diagerr.xml
2024-07-12 11:50 - 2024-07-12 11:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-07-12 11:49 - 2024-07-17 12:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-07-12 11:49 - 2024-07-17 11:31 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2024-07-12 11:49 - 2024-07-12 12:10 - 000500856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-07-12 11:49 - 2024-07-12 11:51 - 000000000 ____D C:\Windows.old
2024-07-12 11:39 - 2024-07-12 11:49 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Crypto
2024-07-12 11:39 - 2024-07-12 11:39 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\SystemCertificates
2024-07-12 11:39 - 2024-07-12 11:39 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Network
2024-07-12 11:36 - 2024-07-12 11:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-07-12 11:35 - 2024-07-17 12:51 - 000000000 ____D C:\Users\Ripple
2024-07-12 11:35 - 2024-07-12 11:52 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows
2024-07-12 11:35 - 2024-07-12 11:49 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Spelling
2024-07-12 11:34 - 2024-07-12 11:34 - 000000000 ____D C:\WINDOWS\system32\DTS
2024-07-12 11:33 - 2024-07-12 11:35 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-07-12 11:31 - 2024-07-12 12:09 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-07-12 11:31 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs
2024-07-12 11:31 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2024-07-12 11:27 - 2024-07-12 11:27 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2024-07-12 11:26 - 2024-07-12 11:26 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files\MSBuild
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-07-12 11:22 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\SysWOW64\zh-HANS
2024-07-12 11:22 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\system32\zh-HANS
2024-07-12 11:10 - 2024-07-12 11:10 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-07-12 10:50 - 2024-07-12 11:51 - 000000000 ___DC C:\WINDOWS\Panther
2024-07-12 10:28 - 2024-07-12 10:38 - 000000000 ____D C:\Users\Ripple\Desktop\AV_block_remover
2024-07-12 10:27 - 2024-07-12 10:27 - 000000535 _____ C:\Users\Ripple\Desktop\rules.txt
2024-07-11 16:12 - 2024-07-11 16:12 - 010485760 _____ C:\Users\Ripple\Desktop\抖音2024711-341350.mp4
2024-07-11 12:14 - 2024-07-11 12:14 - 009763745 _____ C:\Users\Ripple\Desktop\AVbr.zip
2024-07-10 12:09 - 2024-07-17 12:57 - 000000000 ____D C:\Users\Ripple\OutsideOfTime2
2024-07-08 17:20 - 2024-07-08 17:20 - 000000000 ____D C:\Users\Ripple\AppData\Local\AeternoBlade2
2024-07-06 23:28 - 2024-07-06 23:28 - 032304119 _____ C:\Users\Ripple\Desktop\抖音202476-821595.mp4
2024-07-06 22:42 - 2024-07-06 22:42 - 002998270 _____ C:\Users\Ripple\Desktop\抖音202476-343052.mp4
2024-07-06 14:49 - 2024-07-06 14:49 - 003854180 _____ C:\Users\Ripple\Desktop\抖音202476-054518.mp4
2024-07-04 22:51 - 2024-07-04 22:51 - 000000917 _____ C:\Users\Ripple\Desktop\cslol-manager - Shortcut.lnk
2024-07-04 20:57 - 2024-07-12 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2024-07-04 20:54 - 2024-07-04 20:54 - 000000000 ____D C:\Users\Ripple\AppData\Local\moonshadow565
2024-07-04 16:47 - 2024-07-04 16:47 - 000000757 _____ C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoLogger.lnk
2024-07-03 10:17 - 2024-07-03 10:18 - 111089008 _____ (AO Kaspersky Lab) C:\Users\Ripple\Desktop\KVRT.exe
2024-07-03 10:07 - 2024-07-03 10:07 - 000087973 _____ C:\Users\Ripple\Desktop\b9995525a52dc58aecf5.svg
2024-07-02 16:32 - 2024-07-02 16:32 - 000570020 _____ C:\Users\Ripple\Desktop\ZHPDiag.html
2024-07-02 16:32 - 2024-07-02 16:32 - 000456648 _____ C:\Users\Ripple\Desktop\ZHPDiag.txt
2024-07-02 16:28 - 2024-07-02 16:28 - 000000911 _____ C:\Users\Ripple\Desktop\ZHPSuite.lnk
2024-07-02 16:27 - 2024-07-02 16:32 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\ZHP
2024-07-02 16:27 - 2024-07-02 16:27 - 003539144 _____ (Nicolas Coolman) C:\Users\Ripple\Desktop\ZHPSuite.exe
2024-07-02 16:27 - 2024-07-02 16:27 - 000000000 ____D C:\Users\Ripple\AppData\Local\ZHP
2024-07-02 13:23 - 2024-07-17 13:24 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-07-02 13:23 - 2024-07-02 13:31 - 000000000 ____D C:\Users\Ripple\AppData\Local\Malwarebytes
2024-07-02 13:23 - 2024-07-02 13:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-07-02 13:22 - 2024-07-02 13:23 - 000000000 ____D C:\Program Files\Malwarebytes
2024-07-02 10:18 - 2024-07-02 10:18 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\NVIDIA
2024-07-01 22:38 - 2024-06-25 14:39 - 000236576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpcf.sys
2024-07-01 22:38 - 2024-06-25 14:39 - 000121872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2024-07-01 22:36 - 2024-06-25 22:11 - 002031464 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-07-01 22:36 - 2024-06-25 22:11 - 002031464 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-07-01 22:36 - 2024-06-25 22:11 - 001578752 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-07-01 22:36 - 2024-06-25 22:11 - 001578752 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-07-01 22:36 - 2024-06-25 22:11 - 001445120 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 001445120 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 001295104 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 001295104 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 000477816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 000374392 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-07-01 22:36 - 2024-06-25 22:08 - 001068664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-07-01 22:36 - 2024-06-25 22:08 - 000670344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-07-01 22:36 - 2024-06-25 22:08 - 000505992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-07-01 22:36 - 2024-06-25 22:07 - 001549320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-07-01 22:36 - 2024-06-25 22:07 - 001204744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-07-01 22:36 - 2024-06-25 22:07 - 000847880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-07-01 22:36 - 2024-06-25 22:06 - 002180728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-07-01 22:36 - 2024-06-25 22:06 - 001631368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-07-01 22:36 - 2024-06-25 22:06 - 001033352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-07-01 22:36 - 2024-06-25 22:06 - 000795656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-07-01 22:36 - 2024-06-25 22:06 - 000460936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-07-01 22:36 - 2024-06-25 22:05 - 016119432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 013009032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 006914696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 005914144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 005867656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 003788936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-07-01 22:36 - 2024-06-25 22:04 - 000853536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-07-01 22:36 - 2024-06-25 22:03 - 007061880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-07-01 22:36 - 2024-06-25 22:03 - 006142632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-07-01 22:36 - 2024-06-25 14:39 - 000123973 _____ C:\WINDOWS\system32\nvinfo.pb
2024-07-01 22:31 - 2024-07-12 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2024-07-01 22:31 - 2024-07-02 10:18 - 000000000 ____D C:\Users\Ripple\AppData\Local\NVIDIA
2024-07-01 22:31 - 2024-07-01 22:31 - 131655600 _____ (NVIDIA Corporation) C:\Users\Ripple\Desktop\GeForce_Experience_v3.28.0.417.exe
2024-07-01 22:31 - 2024-07-01 22:31 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2024-07-01 22:31 - 2024-06-12 01:30 - 002900520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2024-07-01 22:31 - 2024-06-12 01:30 - 002231336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2024-07-01 22:31 - 2024-06-12 01:29 - 001296936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2024-07-01 22:31 - 2024-03-27 00:56 - 000180760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2024-07-01 22:31 - 2024-03-27 00:56 - 000159768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2024-07-01 22:31 - 2024-03-26 23:06 - 000060240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2024-07-01 16:53 - 2024-07-01 16:55 - 000000000 ____D C:\Users\Ripple\Documents\The Riftbreaker
2024-07-01 16:53 - 2024-07-01 16:53 - 000000000 ____D C:\Users\Ripple\AppData\Local\mod.io
2024-07-01 16:53 - 2024-07-01 16:53 - 000000000 ____D C:\Users\Public\mod.io
2024-07-01 10:38 - 2024-07-17 13:56 - 000000000 ____D C:\FRST
2024-07-01 10:37 - 2024-07-17 13:56 - 002395648 _____ (Farbar) C:\Users\Ripple\Desktop\FRST64.exe
2024-06-29 11:25 - 2024-06-29 11:25 - 000000639 _____ C:\Users\Public\Desktop\The Riftbreaker.lnk
2024-06-25 21:42 - 2024-06-25 21:42 - 000000000 ____D C:\Users\Ripple\AppData\Local\MSAR
2024-06-24 15:34 - 2024-07-14 19:00 - 000000000 ____D C:\ProgramData\obs-studio
2024-06-22 17:36 - 2024-06-22 17:41 - 946240506 _____ C:\Users\Ripple\Downloads\Chhorii (2021) 720p 10bit AMZN WEBRip x265 HEVC Hindi AAC 5.1 ESub ~ Immortal.mkv
2024-06-20 20:35 - 2024-06-28 15:01 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-17 13:24 - 2024-05-01 15:56 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2024-07-17 13:24 - 2024-02-11 22:16 - 000000124 _____ C:\ProgramData\autoclickconfig.ini
2024-07-17 13:24 - 2024-01-21 19:25 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
2024-07-17 13:24 - 2024-01-21 19:25 - 000001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2024-07-17 13:24 - 2023-12-25 11:23 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-07-17 13:24 - 2023-12-06 13:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-07-17 13:24 - 2023-12-06 06:52 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-17 13:23 - 2024-02-22 09:44 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\riot-client-ux
2024-07-17 13:23 - 2023-12-25 11:25 - 000000000 ____D C:\ProgramData\Riot Games
2024-07-17 13:06 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\discord
2024-07-17 13:05 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Local\Discord
2024-07-17 13:01 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-07-17 12:58 - 2022-05-07 11:07 - 000000000 ____D C:\WINDOWS\INF
2024-07-17 12:52 - 2023-12-06 13:33 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-17 12:51 - 2023-12-06 06:52 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-17 12:51 - 2023-12-06 06:52 - 000000000 ____D C:\ProgramData\NVIDIA
2024-07-17 12:51 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ServiceState
2024-07-17 12:51 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-17 12:50 - 2022-05-07 11:02 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2024-07-17 12:43 - 2023-12-26 23:17 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Excel
2024-07-17 11:40 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-17 11:35 - 2023-12-07 10:43 - 000000000 ____D C:\Users\Ripple\AppData\Local\CrashDumps
2024-07-17 11:35 - 2023-12-06 07:02 - 000000000 ____D C:\Temp
2024-07-17 11:35 - 2023-12-06 06:56 - 000000000 ____D C:\Users\Ripple\AppData\Local\Packages
2024-07-17 11:35 - 2023-12-06 06:55 - 000000000 ____D C:\ProgramData\Packages
2024-07-17 11:33 - 2023-12-07 17:45 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-17 11:33 - 2023-12-07 17:45 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-07-17 01:45 - 2024-06-03 10:05 - 000002297 _____ C:\Users\Ripple\Desktop\Discord.lnk
2024-07-17 00:18 - 2023-12-07 23:24 - 000000000 ____D C:\Users\Ripple\Downloads\Telegram Desktop
2024-07-16 22:46 - 2023-12-16 08:59 - 000000000 ____D C:\Users\Ripple\AppData\Local\Spotify
2024-07-16 21:06 - 2023-12-25 11:23 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-07-16 21:06 - 2023-12-25 11:23 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-07-16 20:10 - 2023-12-15 11:19 - 000000000 ____D C:\Users\Ripple\AppData\Local\ElevatedDiagnostics
2024-07-16 17:09 - 2023-12-25 11:23 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-07-16 17:09 - 2023-12-25 11:23 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-07-16 17:09 - 2023-12-06 13:33 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-07-16 16:30 - 2023-12-06 21:13 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\vlc
2024-07-16 12:45 - 2023-12-16 08:59 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Spotify
2024-07-16 10:14 - 2023-12-06 06:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-07-15 20:47 - 2022-05-07 11:09 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-15 12:22 - 2023-12-06 21:35 - 000000000 ____D C:\Users\Ripple\AppData\Local\PlaceholderTileLogoFolder
2024-07-15 09:34 - 2023-12-06 13:52 - 000000718 _____ C:\Users\Public\Desktop\Speccy.lnk
2024-07-14 19:39 - 2024-02-23 11:33 - 000000000 ___RD C:\Sandbox
2024-07-14 19:03 - 2023-12-10 12:51 - 000000000 ____D C:\Users\Ripple\AppData\Local\D3DSCache
2024-07-13 14:15 - 1986-05-23 21:32 - 000000000 _____ C:\Users\Ripple\Desktop\抖音2024713-486756 (2).mp4
2024-07-12 22:17 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\appcompat
2024-07-12 12:26 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-12 12:11 - 2024-06-11 12:09 - 000000000 ____D C:\Program Files (x86)\Razer
2024-07-12 12:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\InboxApps
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\UUS
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemResources
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Provisioning
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-07-12 12:07 - 2022-05-07 11:09 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-07-12 12:07 - 2022-05-07 11:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-07-12 12:05 - 2023-12-25 11:20 - 000000000 ____D C:\Program Files\Microsoft Office
2024-07-12 11:51 - 2023-12-06 06:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-07-12 11:51 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Windows Defender
2024-07-12 11:50 - 2023-12-06 06:52 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-07-12 11:50 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Media
2024-07-12 11:49 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-07-12 11:49 - 2024-05-24 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2024-07-12 11:49 - 2024-05-24 18:37 - 000000000 ____D C:\WINDOWS\system32\Npcap
2024-07-12 11:49 - 2024-03-22 22:14 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2024-07-12 11:49 - 2024-01-28 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2024-07-12 11:49 - 2024-01-21 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks X
2024-07-12 11:49 - 2023-12-25 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-07-12 11:49 - 2023-12-13 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2024-07-12 11:49 - 2023-12-12 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 EXNESS
2024-07-12 11:49 - 2023-12-07 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3RVX
2024-07-12 11:49 - 2023-12-06 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-07-12 11:49 - 2023-12-06 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\FANTECH X4S MACRO Gaming Mouse
2024-07-12 11:49 - 2023-12-06 07:02 - 000000000 ____D C:\Program Files\Intel
2024-07-12 11:49 - 2023-12-06 06:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-07-12 11:49 - 2023-12-05 15:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-07-12 11:49 - 2022-05-07 11:09 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\spool
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-07-12 11:44 - 2022-05-07 11:13 - 000000000 ____D C:\WINDOWS\Setup
2024-07-12 11:36 - 2024-02-20 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2024-07-12 11:36 - 2023-12-12 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2024-07-12 11:36 - 2023-12-05 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\WUModels
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemApps
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\setup
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\id-ID
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Globalization
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Common Files\System
2024-07-12 11:31 - 2022-05-07 11:02 - 000000000 ____D C:\WINDOWS\servicing
2024-07-12 11:30 - 2022-05-07 13:24 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-07-12 11:30 - 2022-05-07 13:24 - 000024383 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-07-12 11:30 - 2022-05-07 11:10 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-07-12 11:30 - 2022-05-07 11:09 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-07-12 11:24 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\OCR
2024-07-12 11:23 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2024-07-12 11:23 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\MUI
2024-07-12 11:22 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-07-12 11:22 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\winrm
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\slmgr
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\dsc
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Com
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\IME
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-07-12 10:45 - 2023-12-05 15:25 - 194135240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-07-11 12:11 - 2023-12-06 16:56 - 000000000 ____D C:\Users\Ripple\Downloads\Compressed
2024-07-11 11:58 - 2024-06-11 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-07-11 11:58 - 2024-06-11 12:08 - 000000000 ____D C:\ProgramData\Razer
2024-07-11 00:52 - 2023-12-08 22:42 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\qBittorrent
2024-07-10 17:55 - 2024-03-22 10:23 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Anki2
2024-07-09 18:25 - 2024-06-15 11:00 - 000000000 ____D C:\Users\Ripple\OutsideOfTime
2024-07-08 17:20 - 2024-06-05 18:49 - 000000000 ____D C:\Users\Ripple\Documents\Player
2024-07-08 01:52 - 2024-02-20 18:33 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\steelseries-gg-client
2024-07-06 12:28 - 2024-01-15 18:10 - 000000000 ____D C:\Users\Ripple\AppData\Local\UnrealEngine
2024-07-05 12:49 - 2024-03-08 15:32 - 000001290 _____ C:\Users\Ripple\Desktop\loan.txt
2024-07-03 10:29 - 2023-12-25 11:43 - 000000000 ____D C:\KVRT2020_Data
2024-07-03 10:14 - 2023-12-06 16:38 - 000002182 _____ C:\Users\Ripple\Desktop\mod-2-.txt
2024-07-02 10:41 - 2024-03-02 11:10 - 000000000 ____D C:\Users\Ripple\AppData\LocalLow\Temp
2024-07-01 22:44 - 2023-12-25 11:23 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2024-07-01 22:38 - 2023-12-06 06:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-07-01 22:33 - 2023-12-06 07:01 - 000000000 ____D C:\Users\Ripple\AppData\Local\NVIDIA Corporation
2024-07-01 22:31 - 2023-12-06 07:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-07-01 22:31 - 2023-12-06 06:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-06-30 09:56 - 2024-05-01 15:55 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-06-28 15:01 - 2023-12-06 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-06-26 15:21 - 2023-12-06 13:45 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\AnyDesk
2024-06-22 14:16 - 2024-02-23 11:31 - 000002136 _____ C:\WINDOWS\Sandboxie.ini
2024-06-19 22:38 - 2024-01-28 17:13 - 000000000 ____D C:\Users\Ripple\AppData\Local\Steam

==================== Files in the root of some directories ========

2024-07-14 19:02 - 2024-07-17 13:13 - 000000016 _____ () C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition:
[HEADING=1]

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by Max (17-07-2024 13:57:35)
Running from C:\Users\Ripple\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3880 (X64) (2024-07-12 06:06:13)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2515384590-1499498081-2273501178-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2515384590-1499498081-2273501178-503 - Limited - Disabled)
Guest (S-1-5-21-2515384590-1499498081-2273501178-501 - Limited - Disabled)
Max (S-1-5-21-2515384590-1499498081-2273501178-1001 - Administrator - Enabled) => C:\Users\Ripple
WDAGUtilityAccount (S-1-5-21-2515384590-1499498081-2273501178-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3RVX (HKLM-x32...{400A8514-5440-410A-B318-44061BD7EE8E}) (Version: 2.9.2.0 - Matthew Malensek)
7-Zip 22.01 (x64) (HKLM...\7-Zip) (Version: 22.01 - Igor Pavlov)
AeternoBlade II: Infinity (HKLM-x32...\AeternoBlade II: Infinity_is1) (Version: - )
Anki (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Anki) (Version: 23.12.1 - )
AutoHotkey (user) (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\AutoHotkey) (Version: 2.0.10 - AutoHotkey Foundation LLC)
BlueStacks App Player (HKLM...\BlueStacks_nxt) (Version: 5.20.10.1003 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\BlueStacksServices) (Version: 3.0.8 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\BlueStacks X) (Version: 10.10.1.1001 - now.gg, Inc.)
Discord (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Discord) (Version: 1.0.9147 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM...{3FD9F3E6-059D-4E4D-8B5B-EBAE90CA882E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
FANTECH X4S MACRO Gaming Mouse (HKLM-x32...{7587581E-9DAD-412D-9AA4-8541FCBCCAF6}) (Version: 1.00.0000 - FANTECH)
FIFA 16 (HKLM-x32...\FIFA 16_is1) (Version: - )
Geeks3D FurMark 1.36.0.0 (HKLM-x32...{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.36.0.0 - Geeks3D)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 126.0.6478.128 - Google LLC)
Intel(R) Chipset Device Software (HKLM...{BB1E910B-7D2D-4FC8-A87C-5A53CAC2D5A8}) (Version: 10.1.19159.8331 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32...{a8ed3a4b-8ec2-4b7d-b0f6-0f4db00ea2ce}) (Version: 10.1.19159.8331 - Intel(R) Corporation)
Intel(R) LMS (HKLM...{B76FE067-1B6B-416E-9A99-C1BF5E9A2FC1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2149.16.0.2602 - Intel Corporation)
Intel(R) Management Engine Components (HKLM...{3EE91568-6FE3-43AA-9BFC-7496A56D272C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM...{E4924222-0A39-4EEE-8F7E-8C95BDFDCFCE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
League of Legends (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malwarebytes version 5.1.6.117 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.6.117 - Malwarebytes)
MetaTrader 4 EXNESS (HKLM-x32...\MetaTrader 4 EXNESS) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft .NET Host - 6.0.25 (x64) (HKLM...{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.7 (x64) (HKLM...{E914E975-A0B1-49F7-AB71-28DACD495C44}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM...{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.7 (x64) (HKLM...{62A9DE14-DB7A-41D9-9D7E-ED494E6FCBAF}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM...{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.7 (x64) (HKLM...{ECCA3DB0-6DEF-42CD-A21A-F2F7B918FB59}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.7 - Shared Framework (x64) (HKLM-x32...{4a749a1a-b799-41b4-a328-33a7b2355e76}) (Version: 7.0.7.23274 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.7 Shared Framework (x64) (HKLM...{5ECA54B7-62F2-39EE-9514-31F7DFFFC968}) (Version: 7.0.7.23274 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - en-us (HKLM...\ProPlus2021Retail - en-us) (Version: 16.0.17726.20160 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32...{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32...{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM...{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM...{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32...{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32...{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM...{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32...{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM...{593F16DC-C2D3-4740-ABD4-A171B4E32B06}) (Version: 56.31.61651 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM-x32...{e875fc20-9a37-4344-b046-0bb037cb2d57}) (Version: 7.0.7.32525 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM...\Mozilla Firefox 127.0.2 (x64 en-US)) (Version: 127.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
Npcap (HKLM-x32...\NpcapInst) (Version: 1.78 - Nmap Project)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.28.0.417 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.417 - NVIDIA Corporation)
NVIDIA Graphics Driver 556.12 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.0.1 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.0.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
OBS Studio (HKLM-x32...\OBS Studio) (Version: 30.2.0 - OBS Project)
obs-backgroundremoval version 1.1.13 (HKLM-x32...{1527c9ec-2638-4e3b-94d7-cc25d27cd725}_is1) (Version: 1.1.13 - Roy Shilkrot)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
OmegaT version 6.0.0 (HKLM...\org.omegat_is1) (Version: 6.0.0 - OmegaT)
PreMiD (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\PreMiD latest) (Version: latest - Timeraa)
Prince of Persia: The Lost Crown (HKLM-x32...\Prince of Persia: The Lost Crown_is1) (Version: - )
qBittorrent (HKLM-x32...\qBittorrent) (Version: 4.6.5 - The qBittorrent project)
Realtek Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9289.1 - Realtek Semiconductor Corp.)
Riot Client (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM...\Riot Vanguard) (Version: - Riot Games, Inc.)
Speccy (HKLM...\Speccy) (Version: 1.33 - Piriform)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 66.0.0 (HKLM...\SteelSeries GG) (Version: 66.0.0 - SteelSeries ApS)
Stremio (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Stremio) (Version: 4.4.165 - Smart Code Ltd)
Svarog’s Dream (HKLM-x32...\Svarog’s Dream_is1) (Version: - )
Telegram Desktop (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.2.3 - Telegram FZ-LLC)
The Riftbreaker (HKLM-x32...\The Riftbreaker_is1) (Version: - )
VALORANT (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM-x32...\VLC media player) (Version: 3.0.20 - VideoLAN)
Warm Snow (HKLM-x32...\Warm Snow_is1) (Version: - )
Wireshark 4.2.5 x64 (HKLM-x32...\Wireshark) (Version: 4.2.5 - The Wireshark developer community, hxxps://www.wireshark.org)
[HEADING=1]Packages:[/HEADING]
AppUp.IntelGraphicsExperience → C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-16] (INTEL CORP) [Startup Task]
MicrosoftWindows.CrossDevice → C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24061.40.0_x64__cw5n1h2txyewy [2024-07-14] (Microsoft Windows) [Startup Task]
Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-15] (Netflix, Inc.)
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-07-01] (NVIDIA Corp.)
Photos → C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.3017.0_x64__8wekyb3d8bbwe [2024-07-12] (Microsoft Corporation) [Startup Task]
Realtek Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_x64__dt26b99r8h8gj [2023-12-07] (Realtek Semiconductor Corp)
Sound Blaster Cinema 6+ → C:\Program Files\WindowsApps\CreativeTechnologyLtd.52058C5BB174B_1.0.9.0_x86__13fcda18mhdz2 [2023-12-07] (Creative Technology Ltd.)
WinAppRuntime.Main.1.5 → C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-11] (Microsoft Corp.)
WinAppRuntime.Singleton → C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-11] (Microsoft Corp.)
Windows Feature Experience Pack → C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-12] (Microsoft Windows)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001_1\amd64\FileSyncShell64.dll → No File
ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-07-02] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvtfi.inf_amd64_4cd94d3ab4900da6\nvshext.dll [2024-06-25] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-07-02] (Malwarebytes Inc. → Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\Prince of Persia - The Lost Crown.lnk → D:\games\Prince of Persia - The Lost Crown\Ryujinx.bat ()

==================== Loaded Modules (Whitelisted) =============

2024-07-15 18:42 - 2021-02-21 06:18 - 002823680 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\ffmpeg.dll
2024-07-15 18:42 - 2021-02-21 06:18 - 000449024 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\libegl.dll
2024-07-15 18:42 - 2021-02-21 06:18 - 007620096 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\libglesv2.dll
2024-07-17 12:57 - 2024-07-17 12:57 - 000457216 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Users\Ripple\AppData\Local\Temp\jna7830394222954009196.hunspell-win-x86-64.dll
2023-12-13 11:23 - 2022-07-15 19:45 - 000094720 _____ (Igor Pavlov) [File not signed] d:\Program Files\7-Zip\7-zip.dll
2024-07-17 12:57 - 2024-07-17 12:57 - 000246784 ____N (Java™ Native Access (JNA)) [File not signed] C:\Users\Ripple\AppData\Local\Temp\jna-77124\jna16503602735776529953.dll
2023-12-25 11:23 - 2023-12-25 11:23 - 000000000 ____L (Microsoft Corporation) [symlink → C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-12-25 11:23 - 2023-12-25 11:23 - 000000000 ____L (Microsoft Corporation) [symlink → C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2024-07-14 19:30 - 2024-03-21 16:13 - 020066304 _____ (Roy Shilkrot) [File not signed] D:\Program Files\obs-studio\obs-plugins\64bit\obs-backgroundremoval.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\autoclickconfig.ini:07021500A6 [5162]
AlternateDataStreams: C:\ProgramData\empty.ico:8C1C1B484F [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk:088221F38A [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk:FE00AE19CB [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5162]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 11:09 - 2024-07-02 10:40 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Control Panel\Desktop\Wallpaper → C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.101.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
[HEADING=1]Network Binding:[/HEADING]
Ethernet: Npcap Packet Driver (NPCAP) → INSECURE_NPCAP (enabled)
Bluetooth Network Connection: Npcap Packet Driver (NPCAP) → INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) → INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\Run: => “SecurityHealth”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\StartupFolder: => “Rainmeter.lnk”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\StartupFolder: => “FANTECH X4S MACRO Gaming Mouse.lnk”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\Run: => “Discord”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\Run: => “electron.app.BlueStacks Services”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\Run: => “Synapse3”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{40B857EF-FDFA-46C0-8ECB-B7155F5BFFB9}C:\users\ripple\appdata\local\discord\app-1.0.9153\discord.exe] => (Block) C:\users\ripple\appdata\local\discord\app-1.0.9153\discord.exe => No File
FirewallRules: [TCP Query User{5F082408-619B-4016-9E24-368A236AC45F}C:\users\ripple\appdata\local\discord\app-1.0.9153\discord.exe] => (Block) C:\users\ripple\appdata\local\discord\app-1.0.9153\discord.exe => No File
FirewallRules: [{B1388D79-300F-4315-844B-292919CD30DF}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{B5DCB7E9-21B7-4C4C-8B0A-B2EF766F3C6B}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{6CA7F345-FF05-43B2-BF10-5831B4520D0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{4022EE6D-0B77-4513-9DD9-25C9D056050C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{56ADD3A6-37EC-4D2A-A243-BABD2D169818}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{51AC4C50-176A-41D8-BCAB-B15040C509C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{B347B7AB-BEB9-43E4-9941-792DF19EADB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{325DD4ED-6F9D-493C-AE17-A055E11A4FEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{169EEA74-BED1-474A-BB2F-E063CDDFC2D5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{F61ACD2C-ED51-4C09-908D-87EF7B26E99A}D:\games\lysfanga - the time shift warrior\lysfanga the time shift warrior.exe] => (Allow) D:\games\lysfanga - the time shift warrior\lysfanga the time shift warrior.exe => No File
FirewallRules: [TCP Query User{97C07BDA-EA0D-4E94-B850-C891A7F18930}D:\games\lysfanga - the time shift warrior\lysfanga the time shift warrior.exe] => (Allow) D:\games\lysfanga - the time shift warrior\lysfanga the time shift warrior.exe => No File
FirewallRules: [{BA1231DA-1D80-4035-AD45-0EB6E6A55494}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Goose Goose Duck\GGDLauncher.exe (EasyAntiCheat Oy → Epic Games, Inc.)
FirewallRules: [{97C3EA04-81DD-49F7-8A13-D2A519798908}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Goose Goose Duck\GGDLauncher.exe (EasyAntiCheat Oy → Epic Games, Inc.)
FirewallRules: [UDP Query User{CC23B56B-2A83-4768-BBD9-D55BD4419C29}C:\users\ripple\downloads\programs\anydesk.exe] => (Allow) C:\users\ripple\downloads\programs\anydesk.exe (AnyDesk Software GmbH → AnyDesk Software GmbH)
FirewallRules: [TCP Query User{C91DBFE7-9784-4424-ABCA-4D8EB36FD3D2}C:\users\ripple\downloads\programs\anydesk.exe] => (Allow) C:\users\ripple\downloads\programs\anydesk.exe (AnyDesk Software GmbH → AnyDesk Software GmbH)
FirewallRules: [{B5F1EAB2-E29C-4A5B-9360-446DC2EF1197}] => (Allow) C:\Users\Ripple\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [UDP Query User{28AE1875-1272-41B1-8FCD-1F12EAB8F7D6}E:\program files (x86)\spotify portable\app\spotify\spotify.exe] => (Allow) E:\program files (x86)\spotify portable\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [TCP Query User{5BC17E74-AD75-401E-A0CB-17114F9A0451}E:\program files (x86)\spotify portable\app\spotify\spotify.exe] => (Allow) E:\program files (x86)\spotify portable\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{704AB798-101F-4BB7-9AC6-BDDB84C6E0F5}C:\users\ripple\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\ripple\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD → Node.js)
FirewallRules: [TCP Query User{2E9572A8-2A0C-4021-8B40-9485725D49BD}C:\users\ripple\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\ripple\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD → Node.js)
FirewallRules: [UDP Query User{604854D9-3687-459C-833F-8739A8FFAC66}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. → Riot Games, Inc.)
FirewallRules: [TCP Query User{777C2B56-FB3A-44FB-BEFC-D6867A6998D1}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. → Riot Games, Inc.)
FirewallRules: [{3C2F7EB2-1A4A-4908-A9BA-2D3344892EB5}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{8B97F87C-A5F5-4FAE-88F4-473E46FB5C55}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{87615D40-2B9D-42A4-B248-805C0F323734}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{4B31C6B9-8EEC-4DCB-900B-EC1CB842431B}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{8E0FB278-2C49-41C2-A298-22FC33EDAF2A}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC → The Qt Company Ltd.)
FirewallRules: [{20B9EC59-31AF-4CDF-B390-DE54030493B1}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC → BlueStack Systems)
FirewallRules: [{6B2E1BAF-0CF0-433D-B5E9-9B17F30E338E}] => (Allow) D:\bluestacks\BlueStacks X\Cloud Game.exe (Now.gg, INC → COMPANY NAME)
FirewallRules: [{B50707B5-D9BD-4AB6-950A-C793EF7372D0}] => (Allow) D:\bluestacks\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC → Bluestack Systems, Inc.)
FirewallRules: [UDP Query User{7C19BB32-A3DD-4A37-8437-9882847C9D6B}D:\games\baldur’s gate 3\bin\bg3_dx11.exe] => (Allow) D:\games\baldur’s gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [TCP Query User{3BAA4325-7379-43B5-AE1E-83C16CC8F3BF}D:\games\baldur’s gate 3\bin\bg3_dx11.exe] => (Allow) D:\games\baldur’s gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [UDP Query User{1E2F09D9-E731-46F2-A39B-354DDD55DDAA}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [TCP Query User{278B6E8B-AF7F-401E-B30D-F09BBC36F812}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [UDP Query User{232F6D0B-CFC4-4ACC-8C86-EA6A1B930100}D:\riot games\riot client\riotclientservices.exe] => (Allow) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. → Riot Games, Inc.)
FirewallRules: [TCP Query User{78993BF2-4E28-48BA-AC5E-D73EDF569880}D:\riot games\riot client\riotclientservices.exe] => (Allow) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. → Riot Games, Inc.)
FirewallRules: [UDP Query User{02530C5B-5B1B-4446-9DC0-F3A969751CCD}D:\games\warm snow\warmsnow.exe] => (Allow) D:\games\warm snow\warmsnow.exe () [File not signed]
FirewallRules: [TCP Query User{C1E7C675-4134-4C24-99DB-9FAC4106CB41}D:\games\warm snow\warmsnow.exe] => (Allow) D:\games\warm snow\warmsnow.exe () [File not signed]
FirewallRules: [UDP Query User{1C85AB8F-22E8-44AF-95F9-47D53B4C3BF0}D:\software\anydesk.exe] => (Allow) D:\software\anydesk.exe (philandro Software GmbH → AnyDesk Software GmbH)
FirewallRules: [TCP Query User{5FF45AEE-EA35-4940-BA99-745F9C4EA5BB}D:\software\anydesk.exe] => (Allow) D:\software\anydesk.exe (philandro Software GmbH → AnyDesk Software GmbH)
FirewallRules: [UDP Query User{08BE5B52-AEA9-4C4C-ADF3-433CF487F3FC}C:\users\ripple\downloads\anydesk.exe] => (Allow) C:\users\ripple\downloads\anydesk.exe (philandro Software GmbH → AnyDesk Software GmbH)
FirewallRules: [TCP Query User{81CB5DC2-4EBF-416E-84AB-EFC2F29DC677}C:\users\ripple\downloads\anydesk.exe] => (Allow) C:\users\ripple\downloads\anydesk.exe (philandro Software GmbH → AnyDesk Software GmbH)
FirewallRules: [{EF12C5DC-DD87-4E89-ABC5-329ED525DC23}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{B79EE3E6-201C-4024-BFD4-B731AAF98003}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{E844D0A2-98DE-4486-973D-41A6E6F744AE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.102\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [TCP Query User{A4B2A573-0A52-4E1F-AB08-F28B434A0EC9}C:\users\ripple\appdata\roaming\premid\premid.exe] => (Allow) C:\users\ripple\appdata\roaming\premid\premid.exe (GitHub, Inc.) [File not signed]
FirewallRules: [UDP Query User{732A3963-A223-4269-8378-307E396E62A2}C:\users\ripple\appdata\roaming\premid\premid.exe] => (Allow) C:\users\ripple\appdata\roaming\premid\premid.exe (GitHub, Inc.) [File not signed]
FirewallRules: [{8956EEBE-7CAE-483C-9727-DCE3E380914E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{9F4DD023-8D55-432D-B836-373C55A682C2}] => (Allow) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe => No File
FirewallRules: [{9208502E-6687-40E3-8CC5-9884A5F94918}] => (Allow) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe => No File

==================== Restore Points =========================

15-07-2024 12:22:46 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (07/17/2024 12:51:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SteelSeriesSonar.exe
CoreCLR Version: 6.0.1222.56807
.NET Version: 6.0.12
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException (0x80040154): Retrieving the COM class factory for component with CLSID {DEA05346-7BE3-4DB0-AE9F-14423648EA7B} failed due to the following error: 80040154 Class not registered (0x80040154 (REGDB_E_CLASSNOTREG)).
at SoundStage.Interop.Services.Services.BasicControl.ControlInteropService..ctor(ILogger logger)
at System.RuntimeMethodHandle.InvokeMethod(Object target, Span[ICODE]1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier) at System.Collections.Concurrent.ConcurrentDictionary[/ICODE]2.GetOrAdd(TKey key, Func[ICODE]2 valueFactory) at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope) at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorInfoEx.GetService(IServiceProvider serviceProvider, Int32 parameterIndex) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorMatcher.CreateInstance(IServiceProvider provider) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance[T](IServiceProvider provider, Object[] parameters) at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass2_0[/ICODE]2.b__0(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitIEnumerable(IEnumerableCallSite enumerableCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass1_1.b__13(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
at Program.<>c__DisplayClass0_0.<$>g__RegisterVolumeService|47(IShutdownStackService shutdownService)
at Program.<>c__DisplayClass0_0.<$>b__11()
at Program.$(String args)

Error: (07/17/2024 12:51:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SteelSeriesSonar.exe
CoreCLR Version: 6.0.1222.56807
.NET Version: 6.0.12
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException (0x80040154): Retrieving the COM class factory for component with CLSID {DEA05346-7BE3-4DB0-AE9F-14423648EA7B} failed due to the following error: 80040154 Class not registered (0x80040154 (REGDB_E_CLASSNOTREG)).
at SoundStage.Interop.Services.Services.BasicControl.ControlInteropService..ctor(ILogger logger)
at System.RuntimeMethodHandle.InvokeMethod(Object target, Span[ICODE]1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier) at System.Collections.Concurrent.ConcurrentDictionary[/ICODE]2.GetOrAdd(TKey key, Func[ICODE]2 valueFactory) at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope) at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorInfoEx.GetService(IServiceProvider serviceProvider, Int32 parameterIndex) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorMatcher.CreateInstance(IServiceProvider provider) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance[T](IServiceProvider provider, Object[] parameters) at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass2_0[/ICODE]2.b__0(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitIEnumerable(IEnumerableCallSite enumerableCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass1_1.b__13(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
at Program.<>c__DisplayClass0_0.<$>g__RegisterVolumeService|47(IShutdownStackService shutdownService)
at Program.<>c__DisplayClass0_0.<$>b__11()
at Program.$(String args)

Error: (07/17/2024 12:51:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SteelSeriesSonar.exe
CoreCLR Version: 6.0.1222.56807
.NET Version: 6.0.12
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException (0x80040154): Retrieving the COM class factory for component with CLSID {DEA05346-7BE3-4DB0-AE9F-14423648EA7B} failed due to the following error: 80040154 Class not registered (0x80040154 (REGDB_E_CLASSNOTREG)).
at SoundStage.Interop.Services.Services.BasicControl.ControlInteropService..ctor(ILogger logger)
at System.RuntimeMethodHandle.InvokeMethod(Object target, Span[ICODE]1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier) at System.Collections.Concurrent.ConcurrentDictionary[/ICODE]2.GetOrAdd(TKey key, Func[ICODE]2 valueFactory) at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope) at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorInfoEx.GetService(IServiceProvider serviceProvider, Int32 parameterIndex) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorMatcher.CreateInstance(IServiceProvider provider) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance[T](IServiceProvider provider, Object[] parameters) at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass2_0[/ICODE]2.b__0(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitIEnumerable(IEnumerableCallSite enumerableCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass1_1.b__13(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
at Program.<>c__DisplayClass0_0.<$>g__RegisterVolumeService|47(IShutdownStackService shutdownService)
at Program.<>c__DisplayClass0_0.<$>b__11()
at Program.$(String args)

Error: (07/17/2024 11:36:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SteelSeriesSonar.exe
CoreCLR Version: 6.0.1222.56807
.NET Version: 6.0.12
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException (0x80040154): Retrieving the COM class factory for component with CLSID {DEA05346-7BE3-4DB0-AE9F-14423648EA7B} failed due to the following error: 80040154 Class not registered (0x80040154 (REGDB_E_CLASSNOTREG)).
at SoundStage.Interop.Services.Services.BasicControl.ControlInteropService..ctor(ILogger logger)
at System.RuntimeMethodHandle.InvokeMethod(Object target, Span[ICODE]1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier) at System.Collections.Concurrent.ConcurrentDictionary[/ICODE]2.GetOrAdd(TKey key, Func[ICODE]2 valueFactory) at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope) at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorInfoEx.GetService(IServiceProvider serviceProvider, Int32 parameterIndex) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorMatcher.CreateInstance(IServiceProvider provider) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance[T](IServiceProvider provider, Object[] parameters) at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass2_0[/ICODE]2.b__0(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitIEnumerable(IEnumerableCallSite enumerableCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass1_1.b__13(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
at Program.<>c__DisplayClass0_0.<$>g__RegisterVolumeService|47(IShutdownStackService shutdownService)
at Program.<>c__DisplayClass0_0.<$>b__11()
at Program.$(String args)

Error: (07/17/2024 11:36:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SteelSeriesSonar.exe
CoreCLR Version: 6.0.1222.56807
.NET Version: 6.0.12
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException (0x80040154): Retrieving the COM class factory for component with CLSID {DEA05346-7BE3-4DB0-AE9F-14423648EA7B} failed due to the following error: 80040154 Class not registered (0x80040154 (REGDB_E_CLASSNOTREG)).
at SoundStage.Interop.Services.Services.BasicControl.ControlInteropService..ctor(ILogger logger)
at System.RuntimeMethodHandle.InvokeMethod(Object target, Span[ICODE]1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier) at System.Collections.Concurrent.ConcurrentDictionary[/ICODE]2.GetOrAdd(TKey key, Func[ICODE]2 valueFactory) at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope) at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorInfoEx.GetService(IServiceProvider serviceProvider, Int32 parameterIndex) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorMatcher.CreateInstance(IServiceProvider provider) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance[T](IServiceProvider provider, Object[] parameters) at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass2_0[/ICODE]2.b__0(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitIEnumerable(IEnumerableCallSite enumerableCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass1_1.b__13(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
at Program.<>c__DisplayClass0_0.<$>g__RegisterVolumeService|47(IShutdownStackService shutdownService)
at Program.<>c__DisplayClass0_0.<$>b__11()
at Program.$(String args)

Error: (07/17/2024 11:36:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: SteelSeriesSonar.exe
CoreCLR Version: 6.0.1222.56807
.NET Version: 6.0.12
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException (0x80040154): Retrieving the COM class factory for component with CLSID {DEA05346-7BE3-4DB0-AE9F-14423648EA7B} failed due to the following error: 80040154 Class not registered (0x80040154 (REGDB_E_CLASSNOTREG)).
at SoundStage.Interop.Services.Services.BasicControl.ControlInteropService..ctor(ILogger logger)
at System.RuntimeMethodHandle.InvokeMethod(Object target, Span[ICODE]1& arguments, Signature sig, Boolean constructor, Boolean wrapExceptions) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope) at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier) at System.Collections.Concurrent.ConcurrentDictionary[/ICODE]2.GetOrAdd(TKey key, Func[ICODE]2 valueFactory) at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope) at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorInfoEx.GetService(IServiceProvider serviceProvider, Int32 parameterIndex) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.ConstructorMatcher.CreateInstance(IServiceProvider provider) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance(IServiceProvider provider, Type instanceType, Object[] parameters) at Microsoft.Extensions.DependencyInjection.ActivatorUtilities.CreateInstance[T](IServiceProvider provider, Object[] parameters) at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass2_0[/ICODE]2.b__0(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitIEnumerable(IEnumerableCallSite enumerableCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at SoundStage.IoC.Extensions.IServiceCollectionExtensions.<>c__DisplayClass1_1.b__13(IServiceProvider provider)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[ICODE]2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor[/ICODE]2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier)
at System.Collections.Concurrent.ConcurrentDictionary[ICODE]2.GetOrAdd(TKey key, Func[/ICODE]2 valueFactory)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope)
at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
at Program.<>c__DisplayClass0_0.<$>g__RegisterVolumeService|47(IShutdownStackService shutdownService)
at Program.<>c__DisplayClass0_0.<$>b__11()
at Program.$(String args)

Error: (07/17/2024 11:35:16 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-NLBF3N2)
Description: Faulting application name: GCUService.exe, version: 1.0.2.70, time stamp: 0x640579b1
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3880, time stamp: 0xdb9989e8
Exception code: 0xe0434352
Fault offset: 0x000000000005fabc
Faulting process id: 0x0x3d40
Faulting application start time: 0x0x1dad80d325bb4d0
Faulting application path: C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: b0cb98ab-a009-4a6b-b024-a18bee387ab3
Faulting package full name:
Faulting package-relative application ID:

Error: (07/17/2024 11:35:16 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GCUService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Newtonsoft.Json.JsonReaderException
at Newtonsoft.Json.Linq.JObject.Load(Newtonsoft.Json.JsonReader, Newtonsoft.Json.Linq.JsonLoadSettings)
at Newtonsoft.Json.Linq.JObject.Parse(System.String, Newtonsoft.Json.Linq.JsonLoadSettings)
at Utility.SettingsManager.LoadSettings()
at GCService5.GPUDeviceItem.Init()
at GCService5.GPUDeviceItem..ctor()
at GCService5.GPUDeviceItem..cctor()

Exception Info: System.TypeInitializationException
at MyControlCenter.MyFan.MyFanManager_RamFan1p5..ctor()
at MyControlCenter.MyFanCtrl..ctor()
at MyControlCenter.MyFanCtrl..cctor()

Exception Info: System.TypeInitializationException
at MyControlCenter.PowerModeEvent..ctor()
at MyControlCenter.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at MyControlCenter.App.Main()
[HEADING=1]System errors:[/HEADING]
Error: (07/17/2024 01:24:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/16/2024 10:11:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/16/2024 09:44:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/16/2024 09:23:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/16/2024 09:06:12 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/16/2024 07:07:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/16/2024 06:47:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/16/2024 06:38:52 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
[HEADING=1]Windows Defender:[/HEADING]
Date: 2024-07-17 11:50:59
Description:
Microsoft Defender Antivirus has detected potentially unwanted application(PUA).
For more information please see the following:

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3AWin32%2FPackunwan&threatid=298189&enterprise=0

Name: PUA:Win32/Packunwan
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\FRST\Quarantine\C\Users\Ripple\AppData\Local\WinRAR\Rar64.exe.xBAD
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Ripple\AppData\Local\Temp\62AAE2-5AC3A3D8-A8B2470-1BCF3FDC\N2NIMhe1.exe
Security intelligence Version: AV: 1.415.134.0, AS: 1.415.134.0, NIS: 1.415.134.0
Engine Version: AM: 1.1.24060.5, NIS: 1.1.24060.5

Date: 2024-07-17 11:50:59
Description:
Microsoft Defender Antivirus has detected potentially unwanted application(PUA).
For more information please see the following:

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3AWin32%2FPackunwan&threatid=298189&enterprise=0

Name: PUA:Win32/Packunwan
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\FRST\Quarantine\C\Users\Ripple\AppData\Local\WinRAR\Rar64.exe.xBAD
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Ripple\AppData\Local\Temp\62AAE2-5AC3A3D8-A8B2470-1BCF3FDC\N2NIMhe1.exe
Security intelligence Version: AV: 1.415.134.0, AS: 1.415.134.0, NIS: 1.415.134.0
Engine Version: AM: 1.1.24060.5, NIS: 1.1.24060.5

Date: 2024-07-16 11:42:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-07-16 10:24:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-07-16 10:24:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2024-07-17 13:05:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Ripple\AppData\Local\Discord\app-1.0.9154\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements.

Date: 2024-07-17 01:45:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Ripple\AppData\Local\Discord\app-1.0.9153\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends International, LLC. N.1.14STD00 09/15/2022
Motherboard: Standard Standard
Processor: 12th Gen Intel(R) Core™ i7-12700H
Percentage of memory in use: 45%
Total physical RAM: 32508.54 MB
Available physical RAM: 17790.21 MB
Total Virtual: 34556.54 MB
Available Virtual: 17402.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.07 GB) (Free:89.29 GB) (Model: CT1000P3PSSD8) NTFS
Drive d: (Max) (Fixed) (Total:683.59 GB) (Free:439.27 GB) (Model: CT1000P3PSSD8) NTFS
Drive e: (PortableSSD) (Fixed) (Total:931.51 GB) (Free:203.19 GB) (Model: SanDisk Portable SSD SCSI Disk Device) NTFS
Drive f: (portable movies & games) (Fixed) (Total:953.85 GB) (Free:780.37 GB) (Model: JMicron Tech SCSI Disk Device) NTFS

\?\Volume{32397118-47cf-4961-8f00-d29de02ab434}\ () (Fixed) (Total:0.74 GB) (Free:0.13 GB) NTFS
\?\Volume{4cd4fb91-1125-4d65-a761-2c4f675a5ae6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

[/HEADING]

**Malnutrition** · 07-17-2024, 08:25 AM

C:\Windows\Installer\SandboxieInstall64.exe\Sandbo xieWUAU.exe - infected with Trojan.Siggen29.2294

Then install Everything search.
Right Click on the VoidTools application and Run As Administrator.
Type [COLOR=rgb(184, 49, 47)]Sandboxie into the Everything Search Window.
Now Click on Edit Then Select all.
Right click highlighted items.
Copy, then paste here.

[/COLOR]

Hundreds of rundll32.exe running

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment