Hundreds of rundll32.exe running

**Malnutrition** · 07-20-2024, 12:05 AM

Originally posted by maxim123

Hi, also, lot of files in desktop, do I remove them?

Download KpRM
Save to Desktop
Check Delete Tools’
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.

Originally posted by maxim123

I ran this as admin but it still shows this error. I tried to disable them one by one too, but the same thing.

Follow this guide. How to Disable BitLocker Encryption on Windows 10 and 11

Use this tool. PowerRun v1.7 (Run with highest privileges)

Originally posted by maxim123

win defender was off, when I clicked the notification and opened it, it said something like your IT something has disabled some access to this app or something.

That was due to malwarebytes turning it off. I also reset defender in the last FRST fix.

Originally posted by maxim123

Still says failed to disable adobe type manager. I tried running with trusted source and system user, but both gave the same thing when trying to uncheck adobe type manager.

Not really important.

Originally posted by maxim123

I think I faced no explorer hanging issue today, there was no BSOD in morning too. will still have to check tmrw to be sure after i turn it off and open it again.

That is good news, we will wait to see how things. go for a couple days. Can you run FRST and post one last set of logs so I can see please.

**maxim123** · 07-20-2024, 03:56 AM

Originally posted by Malnutrition

Use this tool. PowerRun v1.7 (Run with highest privileges)

thank you. this worked.

**maxim123** · 07-20-2024, 03:59 AM

Originally posted by Malnutrition

That is good news, we will wait to see how things. go for a couple days. Can you run FRST and post one last set of logs so I can see please.

Frst

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.07.2024
Ran by Max (administrator) on DESKTOP-NLBF3N2 (Standard Standard) (20-07-2024 09:38:54)
Running from C:\Users\Ripple\Desktop\FRST64.exe
Loaded Profiles: Max
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3880 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(D:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] D:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(D:\Riot Games\Riot Client\RiotClientServices.exe ->) (Riot Games, Inc. → Riot Games, Inc.) D:\Riot Games\Riot Client\RiotClientElectron\Riot Client.exe <5>
(Discord Inc. → Discord Inc.) C:\Users\Ripple\AppData\Local\Discord\app-1.0.9154\Discord.exe <6>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_helper.exe
(Eclipse.org Foundation, Inc. → Eclipse Adoptium) D:\Program Files\OmegaT\jre\bin\javaw.exe
(explorer.exe ->) (GitHub, Inc.) [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\PreMiD.exe <3>
(explorer.exe ->) (Matthew Malensek) [File not signed] D:\Program Files (x86)\3RVX\3RVX.exe
(explorer.exe ->) (Riot Games, Inc. → Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. → Riot Games, Inc.) D:\Riot Games\Riot Client\RiotClientServices.exe
(Microsoft Corporation → ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2405.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(Mozilla Corporation → Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <24>
(services.exe ->) (Creative Technology Ltd → Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_faf3bcecf744f99a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_c52d1313b56663df\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe <2>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe [3496528 2021-12-29] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3023152 2024-06-28] (Riot Games, Inc. → Riot Games, Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft\Edge* <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM...\Policies\Explorer: [NoInstrumentation] 1
HKLM...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies...\system: [EnableActivityFeed] 0
HKLM\Software\Policies...\system: [PublishUserActivities] 0
HKLM\Software\Policies...\system: [UploadUserActivities] 0
HKLM\Software\Policies...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Run: [3RVX] => D:\Program Files (x86)\3RVX\3RVX.exe [649216 2016-06-04] (Matthew Malensek) [File not signed]
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Run: [electron.app.BlueStacks Services] => C:\Users\Ripple\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-01-25] (Now.gg, INC → now.gg, Inc.)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Run: [PreMiD] => C:\Users\Ripple\AppData\Roaming\PreMiD\PreMiD.exe [126285312 2021-02-21] (GitHub, Inc.) [File not signed]
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\chrmstp.exe [2024-07-17] (Google LLC → Google LLC)
IFEO\EOSnotify.exe: [Debugger] /
IFEO\InstallAgent.exe: [Debugger] /
IFEO\MicrosoftEdge.exe: [Debugger] C:\Windows\System32\systray.exe
IFEO\MicrosoftEdgeUpdate.exe: [Debugger] C:\Windows\System32\systray.exe
IFEO\MoNotificationUx.exe: [Debugger] /
IFEO\msedge.exe: [Debugger] C:\Windows\System32\systray.exe
IFEO\msedgewebview2.exe: [Debugger] C:\Windows\System32\systray.exe
IFEO\MusNotification.exe: [Debugger] /
IFEO\MusNotificationUx.exe: [Debugger] /
IFEO\remsh.exe: [Debugger] /
IFEO\SihClient.exe: [Debugger] /
IFEO\UpdateAssistant.exe: [Debugger] /
IFEO\UsoClient.exe: [Debugger] /
IFEO\WaaSMedic.exe: [Debugger] /
IFEO\WaasMedicAgent.exe: [Debugger] /
IFEO\Windows10Upgrade.exe: [Debugger] /
IFEO\Windows10UpgraderApp.exe: [Debugger] /
Startup: C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANTECH X4S MACRO Gaming Mouse.lnk [2023-12-06]
ShortcutTarget: FANTECH X4S MACRO Gaming Mouse.lnk → D:\Program Files (x86)\FANTECH X4S MACRO Gaming Mouse\GM_Management.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {EA42CB3B-5A39-4AC0-8A5A-68CE8D0FB14A} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-01-18] (Now.gg, INC → BlueStack Systems, Inc.)
Task: {37657D15-4F3E-4E41-926D-71EDD111C55C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5513520 2024-07-12] (Microsoft Windows → Microsoft Corporation)
Task: {D4AC5041-77E2-4B65-8A56-183FE771585D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.3{1EF25398-1393-46D7-9025-1FC7773C3FA4} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.3\updater.exe [4623976 2024-06-15] (Google LLC → Google LLC)
Task: {87086893-B424-4430-86D3-EE498B4BE3D6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-08] (Microsoft Corporation → Microsoft Corporation)
Task: {67C10FB8-60E4-41A7-9758-CAD507917BC6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-08] (Microsoft Corporation → Microsoft Corporation)
Task: {CD4CC5AA-A4A1-4A44-ACB3-6C7B38A52BEE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-07-12] (Microsoft Corporation → Microsoft Corporation)
Task: {A89F3999-EEC5-427E-A763-8BA09B4403D1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-07-12] (Microsoft Corporation → Microsoft Corporation)
Task: {9656D819-62AF-4D69-B699-8C68A4310E22} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169408 2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Task: {79A20CC3-B704-460F-A061-E00C0679642C} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\WINDOWS\system32\rundll32.exe [90112 2024-07-12] (Microsoft Windows → Microsoft Corporation) → %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {4BF5F99D-8958-419C-B89F-885AF217506E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {2C7E6ACF-E4F8-4229-B37D-D7D443C303C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {6A8CEEB6-9441-42C1-A486-0C3F46A9DE80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {C849E698-B738-4660-8BFC-2BF54D6E60E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Update => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {6AD209BD-3745-40A2-A435-DF9D73E88AC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {F67F9D95-F233-4101-915E-4DC4980112E0} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [677448 2024-07-19] (Mozilla Corporation → Mozilla Corporation) → C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {A9E567FC-02C5-45F9-9B7A-B4001FDB210C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-07-19] (Mozilla Corporation → Mozilla Foundation)
Task: {176762D5-9B28-46D7-91E9-1F49E28C8B2D} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-23] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.101.1 8.8.8.8 4.4.4.4
Tcpip..\Interfaces{78d68de6-b91f-4ad0-b2d5-9d46d5172317}: [DhcpNameServer] 192.168.101.1 8.8.8.8 4.4.4.4
[HEADING=1]Edge:[/HEADING]
Edge Profile: C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-19]
Edge Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-15]
Edge Extension: (Edge relevant text changes) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-22]
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: g5q70h39.default
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\g5q70h39.default [2024-07-19]
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release [2024-07-20]
FF DownloadDir: C:\Users\Ripple\Desktop
FF Homepage: Mozilla\Firefox\Profiles\10706u2g.default-release → about:blank
FF Session Restore: Mozilla\Firefox\Profiles\10706u2g.default-release → is enabled.
FF Notifications: Mozilla\Firefox\Profiles\10706u2g.default-release → hxxps://pomofocus.io
FF Extension: (Tampermonkey) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\firefox@tampermonkey.net.xpi [2024-05-11]
FF Extension: (FoxyProxy) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\foxyproxy@eric.h.jung.xpi [2024-01-31]
FF Extension: (Web Paint) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\jid1-0dhOSYKGj326og@jetpack.xpi [2024-04-26]
FF Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2024-07-10]
FF Extension: (PreMiD) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\support@premid.app.xpi [2024-07-16] [UpdateUrl:hxxps://api.premid.app/firefox/updates]
FF Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-05-25]
FF Extension: (Inkah: Chinese & Korean Pop-up Dictionary) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions{de5bbbad-7c53-468e-9d8d-9d737cf5ba81}.xpi [2023-12-06]
FF Extension: (Zhongwen: The Popular Chinese Learning Tool) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions{dedb3663-6f13-4c6c-bf0f-5bd111cb2c79}.xpi [2023-12-31]
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default [2024-07-19]
CHR Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-06-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-01]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2024-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15044872 2024-01-27] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-26] (Microsoft Corporation → Microsoft Corporation)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2024-05-25] (EasyAntiCheat Oy → Epic Games, Inc.)
S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation → Intel(R) Corporation)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe [2751664 2022-03-27] (Intel Corporation → Intel Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe [1377416 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvtfi.inf_amd64_c52d1313b56663df\Display.NvContainer\NVDisplay.Container.exe [1275424 2024-07-16] (NVIDIA Corporation → NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-07-12] (Microsoft Windows Publisher → Microsoft Corporation)
R2 UWPService; C:\WINDOWS\SysWOW64\Creative.UWPRPCService.exe [364616 2022-08-03] (Creative Technology Ltd → Creative Technology Ltd)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9705560 2024-06-28] (Riot Games, Inc. → Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe [3236728 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe [133688 2024-07-16] (Microsoft Windows Publisher → Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher → Bluestack System Inc.)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_0e92b4646ab70162\iaLPSS2_GPIO2_ADL.sys [150624 2022-06-02] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_35ed2fd5a51c2bc2\iaLPSS2_I2C_ADL.sys [220256 2022-06-02] (Intel Corporation → Intel Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88760 2023-07-02] (Intel Corporation → Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_cpu.sys [80560 2022-03-27] (Intel Corporation → Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_lf.sys [432800 2022-03-27] (Intel Corporation → Intel Corporation)
R3 MBfilt; C:\WINDOWS\system32\drivers\MBfilt64.sys [37528 2022-08-03] (WDKTestCert ctl_avpbuild,132732627431976536 → Creative Technology Ltd.)
R3 MpKsl274f0a19; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{6252D370-8D40-449F-B959-329010492E37}\MpKslDrv.sys [271640 2024-07-20] (Microsoft Windows → Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [77792 2023-10-20] (Nmap Software LLC → Insecure.Com LLC.)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows → Realtek)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48800 2022-02-23] (SteelSeries ApS → SteelSeries ApS)
R3 UWACPIDriver; C:\WINDOWS\System32\drivers\UWACPIDriver.sys [43776 2022-09-14] (Uniwill Technology Inc. → )
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [40415320 2024-06-28] (Riot Games, Inc. → Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21968 2024-07-16] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-07-16] (Microsoft Windows → Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-07-16] (Microsoft Windows → Microsoft Corporation)
S2 mbamchameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-20 09:38 - 2024-07-20 09:38 - 000034552 _____ C:\Users\Ripple\Desktop\Addition.txt
2024-07-20 09:36 - 2024-07-20 09:39 - 000022999 _____ C:\Users\Ripple\Desktop\FRST.txt
2024-07-20 09:36 - 2024-07-20 09:39 - 000000000 ____D C:\FRST
2024-07-20 09:36 - 2024-07-20 09:36 - 002395648 _____ (Farbar) C:\Users\Ripple\Desktop\FRST64.exe
2024-07-20 09:23 - 2024-07-20 09:24 - 000002513 _____ C:\Users\Ripple\Desktop\kprm-20240720092348.txt
2024-07-20 09:23 - 2024-07-20 09:23 - 000410232 _____ C:\WINDOWS\system32\prfh0804.dat
2024-07-20 09:23 - 2024-07-20 09:23 - 000130308 _____ C:\WINDOWS\system32\prfc0804.dat
2024-07-20 09:23 - 2024-07-20 09:23 - 000000000 ____D C:\KPRM
2024-07-19 23:55 - 2024-07-19 23:55 - 000000016 _____ C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt
2024-07-19 21:02 - 2024-07-19 21:02 - 000500856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-07-19 20:46 - 2024-07-19 20:46 - 000000396 _____ C:\ProgramData\ntuser.pol
2024-07-19 20:39 - 2021-05-19 08:41 - 000954152 _____ (d7xTech, Inc.) C:\Users\Ripple\Desktop\RunXcmd.exe
2024-07-19 20:39 - 2021-05-19 08:40 - 001036072 _____ (d7xTech, Inc.) C:\Users\Ripple\Desktop\RunX.exe
2024-07-19 20:39 - 2020-12-28 10:39 - 000001369 _____ C:\Users\Ripple\Desktop\Info.txt
2024-07-19 20:35 - 2024-07-19 20:35 - 000604234 _____ C:\Users\Ripple\Desktop\RunX.zip
2024-07-19 20:34 - 2024-07-19 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2024-07-19 20:33 - 2024-07-19 20:33 - 001620576 _____ (Igor Pavlov) C:\Users\Ripple\Desktop\7z2407-x64.exe
2024-07-19 11:24 - 2024-07-19 20:55 - 000000000 ____D C:\Users\Ripple\Desktop\avz4
2024-07-19 11:24 - 2024-07-19 11:24 - 010112832 _____ C:\Users\Ripple\Desktop\avz4.zip
2024-07-19 11:17 - 2024-07-19 11:17 - 000000000 ____D C:\Users\Ripple\Desktop\PrivaZer registry backups
2024-07-19 11:15 - 2024-07-19 11:23 - 000032668 _____ C:\Users\Ripple\Desktop\PrivaZer.ini
2024-07-18 10:35 - 2024-07-18 10:35 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\NVIDIA
2024-07-18 10:35 - 2024-07-18 10:35 - 000000000 ____D C:\Users\Ripple\AppData\Local\NVIDIA
2024-07-18 10:30 - 2024-07-18 10:30 - 007817668 _____ C:\Users\Ripple\Desktop\DESKTOP-NLBF3N2.arn
2024-07-18 10:29 - 2024-02-06 19:49 - 000024592 ____N C:\Users\Ripple\Desktop\autoruns.chm
2024-07-18 10:29 - 2019-04-01 14:41 - 000003015 _____ C:\Users\Ripple\Desktop\EULA.txt
2024-07-18 10:28 - 2024-07-18 10:29 - 002932380 _____ C:\Users\Ripple\Desktop\Autoruns.zip
2024-07-18 10:21 - 2024-07-18 10:21 - 000000000 ____D C:\Users\Ripple\AppData\LocalLow\NVIDIA
2024-07-18 10:19 - 2024-07-20 09:15 - 000000000 ____D C:\ProgramData\NVIDIA
2024-07-18 10:19 - 2024-07-18 10:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-07-18 10:16 - 2024-07-16 19:53 - 002040576 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-07-18 10:16 - 2024-07-16 19:53 - 002040576 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-07-18 10:16 - 2024-07-16 19:53 - 001583872 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-07-18 10:16 - 2024-07-16 19:53 - 001583872 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-07-18 10:16 - 2024-07-16 19:53 - 001446656 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 001446656 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 001296640 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 001296640 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 000477704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 000374288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 016199688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 014270072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 007133048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 006914056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 006211816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 005910664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 005349408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 003788400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 002178160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001629832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001546760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001202704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001079432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001034360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 000856584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-07-18 10:15 - 2024-07-16 19:53 - 000853112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-07-18 10:15 - 2024-07-16 19:53 - 000797320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 000669816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 000505992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 000461432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-07-18 10:15 - 2024-07-16 19:53 - 000128301 _____ C:\WINDOWS\system32\nvinfo.pb
2024-07-18 10:14 - 2024-07-19 19:47 - 000000000 ____D C:\Users\Ripple\AppData\Local\D3DSCache
2024-07-18 10:09 - 2024-07-18 10:10 - 000000000 ____D C:\Users\Ripple\Desktop\DDU v18.0.7.8
2024-07-18 10:08 - 2024-07-18 10:12 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-07-18 10:06 - 2024-07-11 08:58 - 001235376 _____ (Igor Pavlov) C:\Users\Ripple\Desktop\DDU v18.0.7.8.exe
2024-07-18 10:06 - 2015-09-05 02:03 - 000000000 ____D C:\Users\Ripple\Desktop\Guru3D.com
2024-07-18 10:05 - 2024-07-18 10:05 - 001134976 _____ C:\Users\Ripple\Desktop[Guru3D.com]-DDU.zip
2024-07-17 14:44 - 2024-07-20 09:23 - 000000000 ____D C:\Users\Ripple\Desktop\LOG
2024-07-17 14:43 - 2024-07-17 14:43 - 000481552 _____ C:\Users\Ripple\Desktop\ClearLNK.zip
2024-07-17 14:39 - 2024-07-17 14:42 - 000000000 ____D C:\Users\Ripple\Desktop\AutoLogger
2024-07-17 14:36 - 2024-07-17 14:36 - 018503564 _____ (Company © regist & Drongo) C:\Users\Ripple\Desktop\AutoLogger.exe
2024-07-17 14:31 - 2024-07-17 14:37 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Everything
2024-07-17 14:31 - 2024-07-17 14:37 - 000000000 ____D C:\Users\Ripple\AppData\Local\Everything
2024-07-17 14:31 - 2024-07-17 14:31 - 000001062 _____ C:\Users\Public\Desktop\Everything.lnk
2024-07-17 14:31 - 2024-07-17 14:31 - 000000000 ____D C:\Program Files\Everything
2024-07-17 12:27 - 2024-07-17 12:27 - 000055142 _____ C:\Users\Ripple\Desktop\1503.pdf
2024-07-17 11:38 - 2024-07-17 11:38 - 288453352 _____ C:\Users\Ripple\Desktop\qs76k3x5.exe
2024-07-15 18:42 - 2024-07-20 09:11 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\PreMiD
2024-07-15 18:42 - 2024-07-15 18:42 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PreMiD
2024-07-15 17:39 - 2024-07-15 17:39 - 000001148 _____ C:\Users\Ripple\Desktop\PreMiD.lnk
2024-07-15 12:43 - 2024-07-15 12:43 - 000000028 _____ C:\Users\Ripple\Desktop\Netflix pass.txt
2024-07-14 19:30 - 2024-07-14 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\obs-backgroundremoval
2024-07-14 19:00 - 2024-07-20 01:56 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\obs-studio
2024-07-14 19:00 - 2024-07-14 19:00 - 000000913 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2024-07-14 19:00 - 2024-07-14 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2024-07-13 17:38 - 2024-07-13 17:38 - 000000000 ____D C:\WINDOWS\system32\SteelSeries
2024-07-12 12:06 - 2024-07-12 12:06 - 000025684 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-12 12:05 - 2024-07-12 12:05 - 000025684 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-07-12 11:55 - 2024-07-20 09:23 - 001376594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-07-12 11:53 - 2023-06-16 07:33 - 000161920 _____ (Razer Inc) C:\WINDOWS\system32\RazerS3CoinstallerEx.dll
2024-07-12 11:52 - 2024-07-12 11:52 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-07-12 11:51 - 2024-07-20 09:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-07-12 11:51 - 2024-07-19 21:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-07-12 11:51 - 2024-07-19 10:57 - 000003522 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 11:51 - 2024-07-19 10:57 - 000003298 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-12 11:51 - 2024-07-19 10:57 - 000002220 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2024-07-12 11:51 - 2024-07-19 10:56 - 000003016 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2024-07-12 11:51 - 2024-07-12 11:51 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000020 ___SH C:\Users\Ripple\ntuser.ini
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-07-12 11:50 - 2024-07-12 11:51 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2024-07-12 11:50 - 2024-07-12 11:51 - 000011433 _____ C:\WINDOWS\diagerr.xml
2024-07-12 11:50 - 2024-07-12 11:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-07-12 11:49 - 2024-07-20 09:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-07-12 11:49 - 2024-07-20 09:10 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2024-07-12 11:49 - 2024-07-12 11:51 - 000000000 ____D C:\Windows.old
2024-07-12 11:39 - 2024-07-12 11:49 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Crypto
2024-07-12 11:39 - 2024-07-12 11:39 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\SystemCertificates
2024-07-12 11:39 - 2024-07-12 11:39 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Network
2024-07-12 11:36 - 2024-07-12 11:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-07-12 11:35 - 2024-07-20 09:23 - 000000000 ____D C:\Users\Ripple
2024-07-12 11:35 - 2024-07-12 11:52 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows
2024-07-12 11:35 - 2024-07-12 11:49 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Spelling
2024-07-12 11:34 - 2024-07-12 11:34 - 000000000 ____D C:\WINDOWS\system32\DTS
2024-07-12 11:33 - 2024-07-12 11:35 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-07-12 11:31 - 2024-07-12 12:09 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-07-12 11:31 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs
2024-07-12 11:31 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2024-07-12 11:27 - 2024-07-12 11:27 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2024-07-12 11:26 - 2024-07-12 11:26 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files\MSBuild
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-07-12 11:22 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\SysWOW64\zh-HANS
2024-07-12 11:22 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\system32\zh-HANS
2024-07-12 11:10 - 2024-07-12 11:10 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-07-12 10:50 - 2024-07-19 11:20 - 000000000 ___DC C:\WINDOWS\Panther
2024-07-12 10:28 - 2024-07-12 10:38 - 000000000 ____D C:\Users\Ripple\Desktop\AV_block_remover
2024-07-12 10:27 - 2024-07-12 10:27 - 000000535 _____ C:\Users\Ripple\Desktop\rules.txt
2024-07-11 12:14 - 2024-07-11 12:14 - 009763745 _____ C:\Users\Ripple\Desktop\AVbr.zip
2024-07-10 12:09 - 2024-07-20 09:38 - 000000000 ____D C:\Users\Ripple\OutsideOfTime2
2024-07-08 17:20 - 2024-07-08 17:20 - 000000000 ____D C:\Users\Ripple\AppData\Local\AeternoBlade2
2024-07-06 23:28 - 2024-07-06 23:28 - 032304119 _____ C:\Users\Ripple\Desktop\抖音202476-821595.mp4
2024-07-06 22:42 - 2024-07-06 22:42 - 002998270 _____ C:\Users\Ripple\Desktop\抖音202476-343052.mp4
2024-07-06 14:49 - 2024-07-06 14:49 - 003854180 _____ C:\Users\Ripple\Desktop\抖音202476-054518.mp4
2024-07-04 22:51 - 2024-07-04 22:51 - 000000917 _____ C:\Users\Ripple\Desktop\cslol-manager - Shortcut.lnk
2024-07-04 20:57 - 2024-07-12 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2024-07-04 20:54 - 2024-07-04 20:54 - 000000000 ____D C:\Users\Ripple\AppData\Local\moonshadow565
2024-07-04 16:47 - 2024-07-04 16:47 - 000000757 _____ C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoLogger.lnk
2024-07-03 10:07 - 2024-07-03 10:07 - 000087973 _____ C:\Users\Ripple\Desktop\b9995525a52dc58aecf5.svg
2024-07-02 16:27 - 2024-07-17 14:59 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\ZHP
2024-07-01 22:31 - 2024-07-01 22:31 - 131655600 _____ (NVIDIA Corporation) C:\Users\Ripple\Desktop\GeForce_Experience_v3.28.0.417.exe
2024-07-01 16:53 - 2024-07-01 16:55 - 000000000 ____D C:\Users\Ripple\Documents\The Riftbreaker
2024-07-01 16:53 - 2024-07-01 16:53 - 000000000 ____D C:\Users\Ripple\AppData\Local\mod.io
2024-07-01 16:53 - 2024-07-01 16:53 - 000000000 ____D C:\Users\Public\mod.io
2024-06-29 11:25 - 2024-06-29 11:25 - 000000639 _____ C:\Users\Public\Desktop\The Riftbreaker.lnk
2024-06-25 21:42 - 2024-06-25 21:42 - 000000000 ____D C:\Users\Ripple\AppData\Local\MSAR
2024-06-24 15:34 - 2024-07-14 19:00 - 000000000 ____D C:\ProgramData\obs-studio
2024-06-22 17:36 - 2024-06-22 17:41 - 946240506 _____ C:\Users\Ripple\Downloads\Chhorii (2021) 720p 10bit AMZN WEBRip x265 HEVC Hindi AAC 5.1 ESub ~ Immortal.mkv
2024-06-20 20:35 - 2024-07-20 09:10 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-20 09:32 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-07-20 09:30 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-20 09:23 - 2022-05-07 11:07 - 000000000 ____D C:\WINDOWS\INF
2024-07-20 09:19 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\discord
2024-07-20 09:19 - 2024-02-22 09:44 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\riot-client-ux
2024-07-20 09:19 - 2023-12-06 13:33 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-20 09:18 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Local\Discord
2024-07-20 09:18 - 2024-05-01 15:56 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2024-07-20 09:15 - 2023-12-06 06:52 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-20 09:15 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ServiceState
2024-07-20 09:10 - 2023-12-06 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-07-20 01:56 - 2022-05-07 11:02 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2024-07-20 01:00 - 2023-12-16 08:59 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Spotify
2024-07-19 23:03 - 2023-12-16 08:59 - 000000000 ____D C:\Users\Ripple\AppData\Local\Spotify
2024-07-19 21:07 - 2024-02-11 22:16 - 000000124 _____ C:\ProgramData\autoclickconfig.ini
2024-07-19 21:07 - 2024-01-21 19:25 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
2024-07-19 21:07 - 2024-01-21 19:25 - 000001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2024-07-19 21:07 - 2023-12-25 11:25 - 000000000 ____D C:\ProgramData\Riot Games
2024-07-19 21:07 - 2023-12-25 11:23 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-07-19 21:07 - 2023-12-25 11:23 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-07-19 21:07 - 2023-12-25 11:23 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-07-19 21:07 - 2023-12-25 11:23 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-07-19 21:07 - 2023-12-06 13:33 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-07-19 21:07 - 2023-12-06 06:52 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-19 21:05 - 2023-12-06 13:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-07-19 21:01 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-19 20:56 - 2023-12-06 06:56 - 000000000 ____D C:\Users\Ripple\AppData\Local\Packages
2024-07-19 20:50 - 2023-12-06 21:13 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\vlc
2024-07-19 20:35 - 2023-12-26 23:17 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Excel
2024-07-19 20:22 - 2023-12-25 11:23 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-07-19 20:22 - 2023-12-07 17:45 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-19 11:20 - 2023-12-07 10:43 - 000000000 ____D C:\Users\Ripple\AppData\Local\CrashDumps
2024-07-19 11:20 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-07-19 11:17 - 2023-12-15 11:19 - 000000000 ____D C:\Users\Ripple\AppData\Local\ElevatedDiagnostics
2024-07-19 10:37 - 2022-05-07 11:09 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-18 12:20 - 2023-12-06 06:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-07-18 10:28 - 2022-05-07 11:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-07-18 10:26 - 2023-12-06 06:55 - 000000000 ____D C:\ProgramData\Packages
2024-07-18 10:12 - 2023-12-10 12:45 - 001066852 _____ C:\WINDOWS\ntbtlog.txt
2024-07-18 10:12 - 2023-12-06 07:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-07-18 10:12 - 2023-12-06 06:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-07-17 21:12 - 2023-12-07 23:24 - 000000000 ____D C:\Users\Ripple\Downloads\Telegram Desktop
2024-07-17 15:00 - 2023-12-08 22:42 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\qBittorrent
2024-07-17 14:30 - 2023-12-06 16:56 - 000000000 ____D C:\Users\Ripple\Downloads\Compressed
2024-07-17 11:35 - 2023-12-06 07:02 - 000000000 ____D C:\Temp
2024-07-17 11:33 - 2023-12-07 17:45 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-07-17 01:45 - 2024-06-03 10:05 - 000002297 _____ C:\Users\Ripple\Desktop\Discord.lnk
2024-07-16 10:14 - 2023-12-06 06:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-07-15 12:22 - 2023-12-06 21:35 - 000000000 ____D C:\Users\Ripple\AppData\Local\PlaceholderTileLogoFolder
2024-07-15 09:34 - 2023-12-06 13:52 - 000000718 _____ C:\Users\Public\Desktop\Speccy.lnk
2024-07-14 19:39 - 2024-02-23 11:33 - 000000000 ___RD C:\Sandbox
2024-07-12 22:17 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\appcompat
2024-07-12 12:26 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-12 12:11 - 2024-06-11 12:09 - 000000000 ____D C:\Program Files (x86)\Razer
2024-07-12 12:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\InboxApps
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\UUS
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemResources
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Provisioning
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-07-12 12:07 - 2022-05-07 11:09 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-07-12 12:05 - 2023-12-25 11:20 - 000000000 ____D C:\Program Files\Microsoft Office
2024-07-12 11:51 - 2023-12-06 06:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-07-12 11:51 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Windows Defender
2024-07-12 11:50 - 2023-12-06 06:52 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-07-12 11:50 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Media
2024-07-12 11:49 - 2024-05-24 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2024-07-12 11:49 - 2024-05-24 18:37 - 000000000 ____D C:\WINDOWS\system32\Npcap
2024-07-12 11:49 - 2024-03-22 22:14 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2024-07-12 11:49 - 2024-01-28 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2024-07-12 11:49 - 2024-01-21 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks X
2024-07-12 11:49 - 2023-12-25 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-07-12 11:49 - 2023-12-12 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 EXNESS
2024-07-12 11:49 - 2023-12-07 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3RVX
2024-07-12 11:49 - 2023-12-06 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-07-12 11:49 - 2023-12-06 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\FANTECH X4S MACRO Gaming Mouse
2024-07-12 11:49 - 2023-12-06 07:02 - 000000000 ____D C:\Program Files\Intel
2024-07-12 11:49 - 2023-12-05 15:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-07-12 11:49 - 2022-05-07 11:09 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\spool
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-07-12 11:44 - 2022-05-07 11:13 - 000000000 ____D C:\WINDOWS\Setup
2024-07-12 11:36 - 2024-02-20 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2024-07-12 11:36 - 2023-12-12 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2024-07-12 11:36 - 2023-12-05 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\WUModels
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemApps
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\setup
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\id-ID
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Globalization
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Common Files\System
2024-07-12 11:31 - 2022-05-07 11:02 - 000000000 ____D C:\WINDOWS\servicing
2024-07-12 11:30 - 2022-05-07 13:24 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-07-12 11:30 - 2022-05-07 13:24 - 000024383 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-07-12 11:30 - 2022-05-07 11:10 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-07-12 11:30 - 2022-05-07 11:09 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-07-12 11:24 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\OCR
2024-07-12 11:23 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2024-07-12 11:23 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\MUI
2024-07-12 11:22 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-07-12 11:22 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\winrm
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\slmgr
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\dsc
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Com
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\IME
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-07-12 10:45 - 2023-12-05 15:25 - 194135240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-07-11 11:58 - 2024-06-11 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-07-11 11:58 - 2024-06-11 12:08 - 000000000 ____D C:\ProgramData\Razer
2024-07-10 17:55 - 2024-03-22 10:23 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Anki2
2024-07-09 18:25 - 2024-06-15 11:00 - 000000000 ____D C:\Users\Ripple\OutsideOfTime
2024-07-08 17:20 - 2024-06-05 18:49 - 000000000 ____D C:\Users\Ripple\Documents\Player
2024-07-06 12:28 - 2024-01-15 18:10 - 000000000 ____D C:\Users\Ripple\AppData\Local\UnrealEngine
2024-07-05 12:49 - 2024-03-08 15:32 - 000001290 _____ C:\Users\Ripple\Desktop\loan.txt
2024-07-03 10:14 - 2023-12-06 16:38 - 000002182 _____ C:\Users\Ripple\Desktop\mod-2-.txt
2024-07-02 10:41 - 2024-03-02 11:10 - 000000000 ____D C:\Users\Ripple\AppData\LocalLow\Temp
2024-07-01 22:44 - 2023-12-25 11:23 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2024-06-30 09:56 - 2024-05-01 15:55 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-06-26 15:21 - 2023-12-06 13:45 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\AnyDesk

==================== Files in the root of some directories ========

2024-07-19 23:55 - 2024-07-19 23:55 - 000000016 _____ () C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition
[HEADING=1]

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by Max (20-07-2024 09:39:35)
Running from C:\Users\Ripple\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3880 (X64) (2024-07-12 06:06:13)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2515384590-1499498081-2273501178-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2515384590-1499498081-2273501178-503 - Limited - Disabled)
Guest (S-1-5-21-2515384590-1499498081-2273501178-501 - Limited - Disabled)
Max (S-1-5-21-2515384590-1499498081-2273501178-1001 - Administrator - Enabled) => C:\Users\Ripple
WDAGUtilityAccount (S-1-5-21-2515384590-1499498081-2273501178-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3RVX (HKLM-x32...{400A8514-5440-410A-B318-44061BD7EE8E}) (Version: 2.9.2.0 - Matthew Malensek)
7-Zip 24.07 (x64) (HKLM...\7-Zip) (Version: 24.07 - Igor Pavlov)
AeternoBlade II: Infinity (HKLM-x32...\AeternoBlade II: Infinity_is1) (Version: - )
Anki (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Anki) (Version: 23.12.1 - )
AutoHotkey (user) (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\AutoHotkey) (Version: 2.0.10 - AutoHotkey Foundation LLC)
BlueStacks App Player (HKLM...\BlueStacks_nxt) (Version: 5.20.10.1003 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\BlueStacksServices) (Version: 3.0.8 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\BlueStacks X) (Version: 10.10.1.1001 - now.gg, Inc.)
Dynamic Application Loader Host Interface Service (HKLM...{3FD9F3E6-059D-4E4D-8B5B-EBAE90CA882E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Everything 1.4.1.1024 (x64) (HKLM...\Everything) (Version: 1.4.1.1024 - voidtools)
FANTECH X4S MACRO Gaming Mouse (HKLM-x32...{7587581E-9DAD-412D-9AA4-8541FCBCCAF6}) (Version: 1.00.0000 - FANTECH)
FIFA 16 (HKLM-x32...\FIFA 16_is1) (Version: - )
Geeks3D FurMark 1.36.0.0 (HKLM-x32...{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.36.0.0 - Geeks3D)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 126.0.6478.128 - Google LLC)
Intel(R) Chipset Device Software (HKLM...{BB1E910B-7D2D-4FC8-A87C-5A53CAC2D5A8}) (Version: 10.1.19159.8331 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32...{a8ed3a4b-8ec2-4b7d-b0f6-0f4db00ea2ce}) (Version: 10.1.19159.8331 - Intel(R) Corporation)
Intel(R) LMS (HKLM...{B76FE067-1B6B-416E-9A99-C1BF5E9A2FC1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2149.16.0.2602 - Intel Corporation)
Intel(R) Management Engine Components (HKLM...{3EE91568-6FE3-43AA-9BFC-7496A56D272C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM...{E4924222-0A39-4EEE-8F7E-8C95BDFDCFCE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
League of Legends (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
MetaTrader 4 EXNESS (HKLM-x32...\MetaTrader 4 EXNESS) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft .NET Host - 6.0.25 (x64) (HKLM...{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.7 (x64) (HKLM...{E914E975-A0B1-49F7-AB71-28DACD495C44}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM...{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.7 (x64) (HKLM...{62A9DE14-DB7A-41D9-9D7E-ED494E6FCBAF}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM...{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.7 (x64) (HKLM...{ECCA3DB0-6DEF-42CD-A21A-F2F7B918FB59}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.7 - Shared Framework (x64) (HKLM-x32...{4a749a1a-b799-41b4-a328-33a7b2355e76}) (Version: 7.0.7.23274 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.7 Shared Framework (x64) (HKLM...{5ECA54B7-62F2-39EE-9514-31F7DFFFC968}) (Version: 7.0.7.23274 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - en-us (HKLM...\ProPlus2021Retail - en-us) (Version: 16.0.17726.20160 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32...{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32...{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM...{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM...{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32...{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32...{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM...{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32...{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM...{593F16DC-C2D3-4740-ABD4-A171B4E32B06}) (Version: 56.31.61651 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM-x32...{e875fc20-9a37-4344-b046-0bb037cb2d57}) (Version: 7.0.7.32525 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM...\Mozilla Firefox 128.0 (x64 en-US)) (Version: 128.0 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
Npcap (HKLM-x32...\NpcapInst) (Version: 1.78 - Nmap Project)
NVIDIA Graphics Driver 560.70 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
OBS Studio (HKLM-x32...\OBS Studio) (Version: 30.2.0 - OBS Project)
obs-backgroundremoval version 1.1.13 (HKLM-x32...{1527c9ec-2638-4e3b-94d7-cc25d27cd725}_is1) (Version: 1.1.13 - Roy Shilkrot)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
OmegaT version 6.0.0 (HKLM...\org.omegat_is1) (Version: 6.0.0 - OmegaT)
PreMiD (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\PreMiD latest) (Version: latest - Timeraa)
Prince of Persia: The Lost Crown (HKLM-x32...\Prince of Persia: The Lost Crown_is1) (Version: - )
qBittorrent (HKLM-x32...\qBittorrent) (Version: 4.6.5 - The qBittorrent project)
Realtek Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9289.1 - Realtek Semiconductor Corp.)
Riot Client (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM...\Riot Vanguard) (Version: - Riot Games, Inc.)
Speccy (HKLM...\Speccy) (Version: 1.33 - Piriform)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stremio (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Stremio) (Version: 4.4.165 - Smart Code Ltd)
Svarog’s Dream (HKLM-x32...\Svarog’s Dream_is1) (Version: - )
Telegram Desktop (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.2.3 - Telegram FZ-LLC)
The Riftbreaker (HKLM-x32...\The Riftbreaker_is1) (Version: - )
VALORANT (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VLC media player (HKLM-x32...\VLC media player) (Version: 3.0.20 - VideoLAN)
Warm Snow (HKLM-x32...\Warm Snow_is1) (Version: - )
[HEADING=1]Packages:[/HEADING]
AppUp.IntelGraphicsExperience → C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-16] (INTEL CORP) [Startup Task]
MicrosoftWindows.CrossDevice → C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24061.40.0_x64__cw5n1h2txyewy [2024-07-14] (Microsoft Windows) [Startup Task]
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-07-18] (NVIDIA Corp.)
Photos → C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.3017.0_x64__8wekyb3d8bbwe [2024-07-12] (Microsoft Corporation) [Startup Task]
Realtek Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_x64__dt26b99r8h8gj [2023-12-07] (Realtek Semiconductor Corp)
Sound Blaster Cinema 6+ → C:\Program Files\WindowsApps\CreativeTechnologyLtd.52058C5BB174B_1.0.9.0_x86__13fcda18mhdz2 [2023-12-07] (Creative Technology Ltd.)
WinAppRuntime.Main.1.5 → C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-11] (Microsoft Corp.)
WinAppRuntime.Singleton → C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-11] (Microsoft Corp.)
Windows Feature Experience Pack → C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-12] (Microsoft Windows)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvtfi.inf_amd64_c52d1313b56663df\nvshext.dll [2024-07-16] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\Prince of Persia - The Lost Crown.lnk → D:\games\Prince of Persia - The Lost Crown\Ryujinx.bat ()

==================== Loaded Modules (Whitelisted) =============

2024-07-15 18:42 - 2021-02-21 06:18 - 002823680 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\ffmpeg.dll
2024-07-15 18:42 - 2021-02-21 06:18 - 000449024 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\libegl.dll
2024-07-15 18:42 - 2021-02-21 06:18 - 007620096 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\libglesv2.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 002525184 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\ffmpeg.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 000384000 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\libegl.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 006728704 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\libglesv2.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 004486656 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\vk_swiftshader.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 000793088 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\vulkan-1.dll
2024-07-20 09:38 - 2024-07-20 09:38 - 000457216 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Users\Ripple\AppData\Local\Temp\jna13045848097226651744.hunspell-win-x86-64.dll
2024-07-19 20:34 - 2024-06-19 12:45 - 000101376 _____ (Igor Pavlov) [File not signed] d:\Program Files\7-Zip\7-zip.dll
2024-07-20 09:38 - 2024-07-20 09:38 - 000246784 ____N (Java™ Native Access (JNA)) [File not signed] C:\Users\Ripple\AppData\Local\Temp\jna-77124\jna16749526344863920940.dll
2023-12-25 11:23 - 2023-12-25 11:23 - 000000000 ____L (Microsoft Corporation) [symlink → C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-12-25 11:23 - 2023-12-25 11:23 - 000000000 ____L (Microsoft Corporation) [symlink → C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\autoclickconfig.ini:07021500A6 [5162]
AlternateDataStreams: C:\ProgramData\empty.ico:8C1C1B484F [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk:088221F38A [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk:FE00AE19CB [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5162]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation → Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 11:09 - 2024-07-17 15:17 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Control Panel\Desktop\Wallpaper → C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.101.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
[HEADING=1]Network Binding:[/HEADING]
Ethernet: Npcap Packet Driver (NPCAP) → INSECURE_NPCAP (enabled)
Bluetooth Network Connection: Npcap Packet Driver (NPCAP) → INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) → INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\Run: => “SecurityHealth”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\StartupFolder: => “Rainmeter.lnk”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\StartupFolder: => “FANTECH X4S MACRO Gaming Mouse.lnk”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\Run: => “Discord”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\Run: => “electron.app.BlueStacks Services”
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001...\StartupApproved\Run: => “Synapse3”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8CCB1C45-E271-4B01-ABA7-132FF296432A}C:\users\ripple\appdata\roaming\premid\premid.exe] => (Block) C:\users\ripple\appdata\roaming\premid\premid.exe (GitHub, Inc.) [File not signed]
FirewallRules: [UDP Query User{F1741449-ED48-43D2-9DA1-7409F4BCCA55}C:\users\ripple\appdata\roaming\premid\premid.exe] => (Block) C:\users\ripple\appdata\roaming\premid\premid.exe (GitHub, Inc.) [File not signed]
FirewallRules: [TCP Query User{6EB121B7-C8C9-40DE-B773-6B591003B742}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. → Riot Games, Inc.)
FirewallRules: [UDP Query User{70DF2B4C-BE61-4BAE-ABCC-B28316DB8DDE}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. → Riot Games, Inc.)
FirewallRules: [TCP Query User{DD0E8B3A-D2B1-4225-A5AD-F34961EA8063}E:\program files (x86)\spotify portable\app\spotify\spotify.exe] => (Allow) E:\program files (x86)\spotify portable\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{995B1AB4-B894-435C-A73E-1AA7CA30DB47}E:\program files (x86)\spotify portable\app\spotify\spotify.exe] => (Allow) E:\program files (x86)\spotify portable\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [TCP Query User{5F55B6F2-90EF-4BCB-9DE2-38D90809A195}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [UDP Query User{6678D7C1-4FE1-4C4E-968F-EA237EF1A6B2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{58326B2A-4DEA-4D37-B810-B4685453554D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{D1A6E0B2-386B-499E-99DB-8E1504E46C39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)

==================== Restore Points =========================

20-07-2024 09:23:53 KpRm

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (07/20/2024 09:19:33 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-NLBF3N2)
Description: Faulting application name: RiotClientServices.exe, version: 90.0.2.1805, time stamp: 0xd3edcafb
Faulting module name: RiotClientFoundation.dll_unloaded, version: 90.0.2.1805, time stamp: 0xf706d122
Exception code: 0xc0000005
Fault offset: 0x0062e3f0
Faulting process id: 0x0x288c
Faulting application start time: 0x0x1dada55b91ac1b7
Faulting application path: D:\Riot Games\Riot Client\RiotClientServices.exe
Faulting module path: RiotClientFoundation.dll
Report Id: c575c141-2624-4acf-9be8-bfc7163e4902
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2024 12:52:57 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: MBAMService.exe, version: 3.2.0.1306, time stamp: 0x666a202a
Faulting module name: mbae-api-na.dll_unloaded, version: 1.13.4.585, time stamp: 0x65a15425
Exception code: 0xc0000005
Fault offset: 0x0000000000038d72
Faulting process id: 0x0x1f60
Faulting application start time: 0x0x1dada0eea690a1f
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: mbae-api-na.dll
Report Id: 9eb6f5df-4a72-48d1-931d-aba409dc3d40
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2024 09:02:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Users\Ripple\Desktop\Autoruns.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.

Error: (07/19/2024 08:55:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {28ae482a-dba5-4de4-ae0c-b622c6752498}

Error: (07/19/2024 08:22:27 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-NLBF3N2)
Description: Faulting application name: RiotClientServices.exe, version: 90.0.2.1805, time stamp: 0xd3edcafb
Faulting module name: RiotClientFoundation.dll_unloaded, version: 90.0.2.1805, time stamp: 0xf706d122
Exception code: 0xc0000005
Fault offset: 0x0062e3f0
Faulting process id: 0x0x22e8
Faulting application start time: 0x0x1dad9e92cd6800a
Faulting application path: D:\Riot Games\Riot Client\RiotClientServices.exe
Faulting module path: RiotClientFoundation.dll
Report Id: 77c27e35-b879-415d-8a8b-013a90be8490
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2024 07:46:47 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-NLBF3N2)
Description: Faulting application name: RiotClientServices.exe, version: 90.0.2.1805, time stamp: 0xd3edcafb
Faulting module name: RiotClientFoundation.dll_unloaded, version: 90.0.2.1805, time stamp: 0xf706d122
Exception code: 0xc0000005
Fault offset: 0x0062e3f0
Faulting process id: 0x0x39fc
Faulting application start time: 0x0x1dad9e430ac8755
Faulting application path: D:\Riot Games\Riot Client\RiotClientServices.exe
Faulting module path: RiotClientFoundation.dll
Report Id: 550aa612-83f5-4038-b9f4-d7363c555bb2
Faulting package full name:
Faulting package-relative application ID:
[HEADING=1]System errors:[/HEADING]
Error: (07/20/2024 09:15:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mbamchameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/20/2024 09:15:34 AM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (07/20/2024 09:15:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:11:01 AM on ‎7/‎20/‎2024 was unexpected.

Error: (07/20/2024 09:11:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mbamchameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/20/2024 12:52:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/19/2024 11:28:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/19/2024 11:03:52 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/19/2024 10:53:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Windows Defender:
================Event[0]

Date: 2024-07-19 21:12:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2024-07-19 21:12:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2024-07-19 21:12:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2024-07-19 21:12:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2024-07-19 21:12:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2024-07-20 09:19:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Ripple\AppData\Local\Discord\app-1.0.9154\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements.

Date: 2024-07-20 00:52:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends International, LLC. N.1.14STD00 09/15/2022
Motherboard: Standard Standard
Processor: 12th Gen Intel(R) Core™ i7-12700H
Percentage of memory in use: 36%
Total physical RAM: 32508.54 MB
Available physical RAM: 20550.45 MB
Total Virtual: 34556.54 MB
Available Virtual: 19918.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.07 GB) (Free:121.13 GB) (Model: CT1000P3PSSD8) NTFS
Drive d: (Max) (Fixed) (Total:683.59 GB) (Free:439.23 GB) (Model: CT1000P3PSSD8) NTFS
Drive e: (PortableSSD) (Fixed) (Total:931.51 GB) (Free:202.99 GB) (Model: SanDisk Portable SSD SCSI Disk Device) NTFS
Drive f: (portable movies & games) (Fixed) (Total:953.85 GB) (Free:780.4 GB) (Model: JMicron Tech SCSI Disk Device) NTFS

\?\Volume{32397118-47cf-4961-8f00-d29de02ab434}\ () (Fixed) (Total:0.74 GB) (Free:0.13 GB) NTFS
\?\Volume{4cd4fb91-1125-4d65-a761-2c4f675a5ae6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Unfortunately, I got BSOD again when I started the laptop earlier (after waking up).[/HEADING]

**Malnutrition** · 07-20-2024, 05:10 AM

Originally posted by maxim123

Unfortunately, I got BSOD again when I started the laptop earlier (after waking up).

Originally posted by maxim123

Unfortunately no. the bsod still stops at 0% error collection.
there is no dump file created, so it shows
[IMG alt=“1720847500579.png”]https://pchelpforum.net/attachments/...579-png.13939/

Open elevated command prompt. Enter the commands (copy and paste) below hit enter after each.

[COLOR=rgb(184, 49, 47)]mkdir %SystemRoot%\Minidump

[COLOR=rgb(147, 101, 184)]wmic computersystem where name=“%computername%” set automaticmanagedpagefile=true

[COLOR=rgb(97, 189, 109)]attrib %SystemRoot%\Minidump

[COLOR=rgb(243, 121, 52)]icacls %SystemRoot%\Minidump

Hopefully the machine will write a dump file to this directory now.

Is explorer hanging anymore?[/IMG][/QUOTE]

**maxim123** · 07-20-2024, 05:21 AM

Originally posted by Malnutrition

Is explorer hanging anymore?

Hasn’t hanged until now. will probably be more sure till evening.

**Malnutrition** · 07-20-2024, 05:32 AM

Originally posted by maxim123

Hasn’t hanged until now.

Meaning no hangs as of now. So hopefully the commands will allow the creation of minidumps and we can move forward onto that issue,.

Disable Gamebar. Follow this guide
[HEADING=1][/HEADING]
. How to Disable GameBar Presence Writer?

**maxim123** · 07-20-2024, 06:06 AM

Originally posted by Malnutrition

Disable Gamebar. Follow this guide

Hi, it seems it was already disabled.

**Malnutrition** · 07-20-2024, 12:08 PM

Ok. Update when you have run the computer for a while, and if it does BSOD again hopefully it creates a dump we can check.

**maxim123** · 07-21-2024, 05:11 AM

Hi, I got BSOD again. this time in windows loading screen. KERNEL DATA INPAGE ERROR
it also stopped at 0% error gathering. I checked minidump and there was no file there.

**Malnutrition** · 07-21-2024, 05:29 AM

There is a driver not installed on your system. What is it, any yellow ? in device manager?

Code:

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Has there been any explorer hanging, and did you get the BSOD when waking from sleep?

**Malnutrition** · 07-21-2024, 05:33 AM

Please download MiniToolBox and save it to your desktop.
Run the program by right clicking on it and selecting Run as administrator.
When the program opens check mark:
[ATTACH type=“full”]13999[/ATTACH]

hen hit GO
Please post the log in your next reply. Attach the log.

**maxim123** · 07-21-2024, 05:33 AM

Originally posted by Malnutrition

There is a driver not installed on your system. What is it, any yellow ? in device manager?

[ATTACH type=“full” alt=“1721539805115.png”]13998[/ATTACH]

shows this. I have no idea what this device is. when trying to update, it says windows couldn’t find the drivers.

Originally posted by Malnutrition

Has there been any explorer hanging, and did you get the BSOD when waking from sleep?

Yes. I just woke up earlier and turned it on to see if there would be BSOD. There haven’t been explorer hanging so far thankfully. Currently, these BSODS only happen during the start, i.e after a long period of laptop being off, and don’t appear throughout the day(even when I restart laptop in between).

**maxim123** · 07-21-2024, 05:36 AM

Originally posted by Malnutrition

Please post the log in your next reply. Attach the log.

MTB

**Malnutrition** · 07-21-2024, 05:41 AM

Download Unknown Device Identifier v9.00

[ul]
[li]Run it.[/li][li]Allow it to complete.[/li][li]Hit File >>Save[/li][li]The default name will be DeviceList[/li][li]Save it to your desktop.[/li][li]Open DeviceList.txt copy contents.[/li][li]Attach it here.[/li][/ul]

**Malnutrition** · 07-21-2024, 05:47 AM

Actually let’s run account profile fixer, and see if this will solve the issue of not creating dump files, hopefully it may solve the BSOD issue as well.

Account Profile Fixer

https://www.carifred.com/apf/

Account Profile Fixer - Easily repair severe issues without reinstalling/resetting Windows

Hundreds of rundll32.exe running

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment