In Progress Hundreds of rundll32.exe running

maxim123 · Wednesday at 5:41 AM

Hi, currently doing the kaspersky scan. I faced a new issue today. when I opened my firefox, the passwords had changed to outdated version(I am not sure about this cause I didn't check if the pass was old or not, but it wasn't working in discord so thought it was outdated). My discord was logged out, so when I reset it and changed to a new pass, I got a BSOD again.
after the computer restarted, all the stored passwords were gone from firefox. But the saved logins in various sites and bookmarks are still there,
is this a issue of being hacked? or was it the abrupt restart causing this?

maxim123 · Wednesday at 6:53 AM

Malnutrition said:
Save the files and attach them with your next reply.

maxim123 · Wednesday at 6:55 AM

virus total link: https://www.virustotal.com/gui/file...c3e107f4ec48d01af58baa4c6eeeeca20c5?nocache=1

Malnutrition · Wednesday at 11:07 PM

Ok, Can you upload fresh FRST and addition.txt logs.

Also can you tell me if the same issue with the multiple Hundreds of rundll32.exe running is still occuring.

We will get to the BSOD and the firefox issues when I see that you are all clear.

maxim123 · 2024-07-04T06:37:17+0100

Malnutrition said:
Ok, Can you upload fresh FRST and addition.txt logs.

Also can you tell me if the same issue with the multiple Hundreds of rundll32.exe running is still occuring.

We will get to the BSOD and the firefox issues when I see that you are all clear.

Frst log

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.07.2024
Ran by Max (administrator) on DESKTOP-NLBF3N2 (Standard Standard) (04-07-2024 11:14:42)
Running from C:\Users\Ripple\Desktop\FRST64.exe
Loaded Profiles: Max
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3737 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\sonar\SteelSeriesSonar.exe
(Discord Inc. -> Discord Inc.) C:\Users\Ripple\AppData\Local\Discord\app-1.0.9152\Discord.exe <6>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_helper.exe
(explorer.exe ->) (Matthew Malensek) [File not signed] D:\Program Files (x86)\3RVX\3RVX.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2405.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
(explorer.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) D:\Program Files\Sandboxie\SbieCtrl.exe
(explorer.exe ->) (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <17>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Creative Technology Ltd -> Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_faf3bcecf744f99a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_4cd94d3ab4900da6\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe <2>
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) D:\Program Files\Sandboxie\SbieSvc.exe
(services.exe ->) (Uniwill Technology Inc. -> ) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe
(sihost.exe ->) (Uniwill Technology Inc. -> ) C:\Program Files\WindowsApps\ControlCenter3_4.1.47.11_x64__h329z55cwnj8g\Win32\SystrayComponent.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.3662_none_e93555b642ec4d03\TiWorker.exe
(Uniwill Technology Inc. -> ) C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
Failed to access process -> GCUService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe [3496528 2021-12-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [15920976 2024-06-25] (SteelSeries ApS -> SteelSeries ApS)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3023152 2024-06-28] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [3RVX] => D:\Program Files (x86)\3RVX\3RVX.exe [649216 2016-06-04] (Matthew Malensek) [File not signed]
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\Ripple\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-01-25] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [SandboxieControl] => d:\Program Files\Sandboxie\SbieCtrl.exe [3405264 2024-02-06] (Tonalio GmbH -> Sandboxie-Plus.com)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [6021384 2024-03-23] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [Discord] => C:\Users\Ripple\AppData\Local\Discord\Update.exe [1526552 2024-05-13] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3593992 2024-05-15] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Policies\Explorer: [NoViewContextMenu] 0
Startup: C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANTECH X4S MACRO Gaming Mouse.lnk [2023-12-06]
ShortcutTarget: FANTECH X4S MACRO Gaming Mouse.lnk -> D:\Program Files (x86)\FANTECH X4S MACRO Gaming Mouse\GM_Management.exe () [File not signed]
Startup: C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2023-12-13]
ShortcutTarget: Rainmeter.lnk -> D:\Program Files\rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {EA42CB3B-5A39-4AC0-8A5A-68CE8D0FB14A} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-01-18] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {37657D15-4F3E-4E41-926D-71EDD111C55C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5472312 2024-06-14] (Microsoft Windows -> Microsoft Corporation)
Task: {D3499911-9F5B-4754-92D3-B6E135AE3417} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{C0EACB23-DDAF-459F-A287-CF96749DBEA5} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-14] (Google LLC -> Google LLC)
Task: {326CABF4-1B23-4D40-BE18-E159CB8BFBD3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512448 2024-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {562163B0-7567-4722-8282-7E2B5517AB33} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512448 2024-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC86626E-5DE0-40F1-8866-A636151E1A6B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {C92CF128-1358-4991-BD6B-4CB07FFAB97E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {322B3BBA-D9C9-45E1-B610-9C800628B3CC} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169408 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {79A20CC3-B704-460F-A061-E00C0679642C} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\Windows\system32\rundll32.exe [73728 2024-05-16] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {A7A72D59-0F6E-4808-B080-1FB5781EC6C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B3FE484A-D852-4B8A-806B-1FDEC67EA174} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6B5FA487-EA22-4C21-A965-EED2F1690A08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23E0C047-39AD-4CF9-9A4F-173C92672F23} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F67F9D95-F233-4101-915E-4DC4980112E0} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676936 2024-06-28] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {098670C3-842F-4331-9869-89EE208595EE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34888 2024-06-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {176762D5-9B28-46D7-91E9-1F49E28C8B2D} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-23] () [File not signed]
Task: {3B68BE5D-1D28-4A37-9060-3479C160F4C6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {FFA705B0-F0F3-4335-AC88-F752BDDBD4D2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {665F3518-8591-4EB9-A1D1-C1A0D3523F3A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {94532462-E8CA-4A59-BB70-F974E4F927CA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BE6011F2-46D2-46B4-ACFB-D7C02DF44EA2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {792583C0-E4F1-48F8-AC01-3428F7492A6A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C22467B7-99F2-406A-801A-0519DDE2288A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {69A8279C-3C72-440E-B9EA-89391F80871A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6603C4FF-A81E-46DB-A480-B0561102DFE4} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FB2B3033-44BB-488A-8342-607F2E74759C} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2369544 2024-06-02] (Overwolf Ltd -> Overwolf LTD) -> E:\overwolf\/RunningFrom Schedule

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.101.1 8.8.8.8 4.4.4.4
Tcpip\..\Interfaces\{78d68de6-b91f-4ad0-b2d5-9d46d5172317}: [DhcpNameServer] 192.168.101.1 8.8.8.8 4.4.4.4

Edge:
=======
Edge Profile: C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-04]
Edge Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-22]
Edge Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2024-06-03]
Edge HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2024-04-25]

FireFox:
========
FF DefaultProfile: g5q70h39.default
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\g5q70h39.default [2024-07-03]
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release [2024-07-04]
FF Homepage: Mozilla\Firefox\Profiles\10706u2g.default-release -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\10706u2g.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\10706u2g.default-release -> hxxps://pomofocus.io
FF Extension: (Tampermonkey) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\firefox@tampermonkey.net.xpi [2024-05-11]
FF Extension: (FoxyProxy) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\foxyproxy@eric.h.jung.xpi [2024-01-31]
FF Extension: (Web Paint) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\jid1-0dhOSYKGj326og@jetpack.xpi [2024-04-26]
FF Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2024-07-01]
FF Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-05-25]
FF Extension: (Inkah: Chinese & Korean Pop-up Dictionary) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\{de5bbbad-7c53-468e-9d8d-9d737cf5ba81}.xpi [2023-12-06]
FF Extension: (Zhongwen: The Popular Chinese Learning Tool) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\{dedb3663-6f13-4c6c-bf0f-5bd111cb2c79}.xpi [2023-12-31]
FF HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ripple\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ripple\AppData\Roaming\IDM\idmmzcc5 [2024-05-02] [Legacy] [not signed]
FF HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default [2024-07-04]
CHR Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-06-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-01]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2024-03-09]
CHR Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2024-06-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-04-25]
CHR HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-04-25]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-04-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15044872 2024-01-27] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-21] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2024-05-25] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 GCUBridge; C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe [76008 2021-09-28] (Uniwill Technology Inc. -> )
S2 Intel(R) Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe [2751664 2022-03-27] (Intel Corporation -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8901528 2024-07-02] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-07-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_4cd94d3ab4900da6\Display.NvContainer\NVDisplay.Container.exe [1274888 2024-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2369544 2024-06-02] (Overwolf Ltd -> Overwolf LTD)
S3 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [4075520 2023-12-05] (Microsoft Corporation) [File not signed]
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [298248 2024-05-14] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
R2 SbieSvc; d:\Program Files\Sandboxie\SbieSvc.exe [410576 2024-02-06] (Tonalio GmbH -> Sandboxie-Plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesGGUpdateServiceProxy; C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe [1500608 2023-09-19] (SteelSeries ApS -> )
R2 UWPService; C:\Windows\SysWOW64\Creative.UWPRPCService.exe [364616 2022-08-03] (Creative Technology Ltd -> Creative Technology Ltd)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9705560 2024-06-28] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_0e92b4646ab70162\iaLPSS2_GPIO2_ADL.sys [150624 2022-06-02] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_35ed2fd5a51c2bc2\iaLPSS2_I2C_ADL.sys [220256 2022-06-02] (Intel Corporation -> Intel Corporation)
R2 IDMWFP; C:\Windows\System32\drivers\idmwfp.sys [173736 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88760 2023-07-02] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_cpu.sys [80560 2022-03-27] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_lf.sys [432800 2022-03-27] (Intel Corporation -> Intel Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-07-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-07-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [37528 2022-08-03] (WDKTestCert ctl_avpbuild,132732627431976536 -> Creative Technology Ltd.)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77792 2023-10-20] (Nmap Software LLC -> Insecure.Com LLC.)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [236576 2024-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [65808 2024-01-11] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0257; C:\Windows\System32\drivers\RzDev_0257.sys [64680 2022-08-18] (Razer USA Ltd. -> Razer Inc)
R3 SbieDrv; d:\Program Files\Sandboxie\SbieDrv.sys [242328 2024-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [43568 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [54408 2024-06-11] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys [95440 2023-03-18] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R3 UWACPIDriver; C:\Windows\System32\drivers\UWACPIDriver.sys [43776 2022-09-14] (Uniwill Technology Inc. -> )
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [40415320 2024-06-28] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22080 2024-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602520 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-05] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
S3 UcmCxUcsiNvppc; \SystemRoot\System32\DriverStore\FileRepository\nvppc.inf_amd64_b9ce8a54d5a31e95\UcmCxUcsiNvppc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-03 16:01 - 2024-07-03 16:01 - 000412062 _____ C:\Windows\system32\prfh0804.dat
2024-07-03 16:01 - 2024-07-03 16:01 - 000131110 _____ C:\Windows\system32\prfc0804.dat
2024-07-03 11:36 - 2024-07-03 11:36 - 000001272 _____ C:\Users\Ripple\Desktop\report_2024.07.03_10.29.15.klr.txt
2024-07-03 10:17 - 2024-07-03 10:18 - 111089008 _____ (AO Kaspersky Lab) C:\Users\Ripple\Desktop\KVRT.exe
2024-07-03 10:07 - 2024-07-03 10:07 - 000087973 _____ C:\Users\Ripple\Desktop\b9995525a52dc58aecf5.svg
2024-07-02 16:32 - 2024-07-02 16:32 - 000570020 _____ C:\Users\Ripple\Desktop\ZHPDiag.html
2024-07-02 16:32 - 2024-07-02 16:32 - 000456648 _____ C:\Users\Ripple\Desktop\ZHPDiag.txt
2024-07-02 16:28 - 2024-07-02 16:28 - 000000911 _____ C:\Users\Ripple\Desktop\ZHPSuite.lnk
2024-07-02 16:27 - 2024-07-02 16:32 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\ZHP
2024-07-02 16:27 - 2024-07-02 16:27 - 003539144 _____ (Nicolas Coolman) C:\Users\Ripple\Desktop\ZHPSuite.exe
2024-07-02 16:27 - 2024-07-02 16:27 - 000000000 ____D C:\Users\Ripple\AppData\Local\ZHP
2024-07-02 13:29 - 2024-07-02 13:29 - 000001232 _____ C:\Users\Ripple\Desktop\Malwarebytes Scan Report 2024-07-02 073959.txt
2024-07-02 13:23 - 2024-07-03 18:19 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-07-02 13:23 - 2024-07-02 13:31 - 000000000 ____D C:\Users\Ripple\AppData\Local\Malwarebytes
2024-07-02 13:23 - 2024-07-02 13:23 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-07-02 13:23 - 2024-07-02 13:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-07-02 13:22 - 2024-07-02 13:23 - 000000000 ____D C:\Program Files\Malwarebytes
2024-07-02 13:22 - 2024-07-02 13:22 - 002591728 _____ (Malwarebytes) C:\Users\Ripple\Desktop\MBSetup.exe
2024-07-02 10:23 - 2024-07-02 10:43 - 000167537 _____ C:\Users\Ripple\Desktop\Fixlog.txt
2024-07-02 10:21 - 2024-07-02 10:21 - 000000000 ____D C:\Users\Ripple\Desktop\FRST-OlderVersion
2024-07-02 10:18 - 2024-07-02 10:18 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\NVIDIA
2024-07-01 22:40 - 2024-07-01 22:40 - 000000000 ____D C:\Windows\LastGood.Tmp
2024-07-01 22:38 - 2024-06-25 14:39 - 000236576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpcf.sys
2024-07-01 22:38 - 2024-06-25 14:39 - 000121872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2024-07-01 22:36 - 2024-06-25 22:11 - 002031464 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-07-01 22:36 - 2024-06-25 22:11 - 002031464 _____ C:\Windows\system32\vulkaninfo.exe
2024-07-01 22:36 - 2024-06-25 22:11 - 001578752 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-07-01 22:36 - 2024-06-25 22:11 - 001578752 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-07-01 22:36 - 2024-06-25 22:11 - 001445120 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 001445120 _____ C:\Windows\system32\vulkan-1.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 001295104 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 001295104 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 000477816 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-07-01 22:36 - 2024-06-25 22:11 - 000374392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-07-01 22:36 - 2024-06-25 22:08 - 001068664 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2024-07-01 22:36 - 2024-06-25 22:08 - 000670344 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2024-07-01 22:36 - 2024-06-25 22:08 - 000505992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2024-07-01 22:36 - 2024-06-25 22:07 - 001549320 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2024-07-01 22:36 - 2024-06-25 22:07 - 001204744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2024-07-01 22:36 - 2024-06-25 22:07 - 000847880 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2024-07-01 22:36 - 2024-06-25 22:06 - 002180728 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2024-07-01 22:36 - 2024-06-25 22:06 - 001631368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2024-07-01 22:36 - 2024-06-25 22:06 - 001033352 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2024-07-01 22:36 - 2024-06-25 22:06 - 000795656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2024-07-01 22:36 - 2024-06-25 22:06 - 000460936 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2024-07-01 22:36 - 2024-06-25 22:05 - 016119432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 013009032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 006914696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 005914144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 005867656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2024-07-01 22:36 - 2024-06-25 22:05 - 003788936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2024-07-01 22:36 - 2024-06-25 22:04 - 000853536 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2024-07-01 22:36 - 2024-06-25 22:03 - 007061880 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2024-07-01 22:36 - 2024-06-25 22:03 - 006142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2024-07-01 22:36 - 2024-06-25 14:39 - 000123973 _____ C:\Windows\system32\nvinfo.pb
2024-07-01 22:31 - 2024-07-02 10:18 - 000000000 ____D C:\Users\Ripple\AppData\Local\NVIDIA
2024-07-01 22:31 - 2024-07-01 22:31 - 131655600 _____ (NVIDIA Corporation) C:\Users\Ripple\Desktop\GeForce_Experience_v3.28.0.417.exe
2024-07-01 22:31 - 2024-07-01 22:31 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2024-07-01 22:31 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2024-07-01 22:31 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2024-07-01 22:31 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2024-07-01 22:31 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2024-07-01 22:31 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2024-07-01 22:31 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2024-07-01 22:31 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2024-07-01 22:31 - 2024-07-01 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2024-07-01 22:31 - 2024-06-12 01:30 - 002900520 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2024-07-01 22:31 - 2024-06-12 01:30 - 002231336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2024-07-01 22:31 - 2024-06-12 01:29 - 001296936 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2024-07-01 22:31 - 2024-03-27 00:56 - 000180760 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2024-07-01 22:31 - 2024-03-27 00:56 - 000159768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2024-07-01 16:53 - 2024-07-01 16:55 - 000000000 ____D C:\Users\Ripple\Documents\The Riftbreaker
2024-07-01 16:53 - 2024-07-01 16:53 - 000000000 ____D C:\Users\Ripple\AppData\Local\mod.io
2024-07-01 16:53 - 2024-07-01 16:53 - 000000000 ____D C:\Users\Public\mod.io
2024-07-01 10:39 - 2024-07-01 10:40 - 000062948 _____ C:\Users\Ripple\Desktop\Addition.txt
2024-07-01 10:38 - 2024-07-04 11:15 - 000030205 _____ C:\Users\Ripple\Desktop\FRST.txt
2024-07-01 10:38 - 2024-07-04 11:14 - 000000000 ____D C:\FRST
2024-07-01 10:37 - 2024-07-02 10:21 - 002395648 _____ (Farbar) C:\Users\Ripple\Desktop\FRST64.exe
2024-06-29 11:25 - 2024-06-29 11:25 - 000000639 _____ C:\Users\Public\Desktop\The Riftbreaker.lnk
2024-06-25 21:42 - 2024-06-25 21:42 - 000000000 ____D C:\Users\Ripple\AppData\Local\MSAR
2024-06-24 15:34 - 2024-06-24 15:34 - 000000000 ____D C:\ProgramData\obs-studio
2024-06-24 15:33 - 2024-06-24 15:34 - 000001867 _____ C:\Users\Ripple\Desktop\MetaTFT.lnk
2024-06-24 15:33 - 2024-06-24 15:33 - 000004368 _____ C:\Windows\system32\Tasks\Overwolf Updater Task
2024-06-24 15:33 - 2024-06-24 15:33 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2024-06-24 15:33 - 2024-06-24 15:33 - 000000000 ____D C:\ProgramData\Overwolf
2024-06-22 17:36 - 2024-06-22 17:41 - 946240506 _____ C:\Users\Ripple\Downloads\Chhorii (2021) 720p 10bit AMZN WEBRip x265 HEVC Hindi AAC 5.1 ESub ~ Immortal.mkv
2024-06-20 20:35 - 2024-06-28 15:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-06-15 11:00 - 2024-07-03 21:55 - 000000000 ____D C:\Users\Ripple\OutsideOfTime
2024-06-14 11:44 - 2024-06-14 11:44 - 000024821 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-06-14 11:44 - 2024-06-14 11:44 - 000024821 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-06-14 11:38 - 2024-06-14 11:42 - 000000000 ___HD C:\$WinREAgent
2024-06-11 12:13 - 2024-06-11 12:13 - 000000000 ____D C:\Users\Ripple\AppData\Local\AWSToolkit
2024-06-11 12:11 - 2024-06-11 12:13 - 000000000 ____D C:\Users\Ripple\AppData\Local\Razer
2024-06-11 12:11 - 2024-06-11 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-06-11 12:09 - 2024-06-11 12:11 - 000000000 ____D C:\Program Files (x86)\Razer
2024-06-11 12:08 - 2024-06-11 12:13 - 000000000 ____D C:\ProgramData\Razer
2024-06-10 20:05 - 2024-06-10 20:06 - 007444912 _____ C:\Users\Ripple\Desktop\抖音2024610-920714.mp4
2024-06-06 16:54 - 2024-06-06 16:54 - 047185791 _____ C:\Users\Ripple\Desktop\抖音202466-035444.mp4
2024-06-05 18:49 - 2024-06-25 21:42 - 000000000 ____D C:\Users\Ripple\Documents\Player
2024-06-05 18:49 - 2024-06-05 19:21 - 000000000 ____D C:\Users\Ripple\AppData\Local\User Data
2024-06-05 18:49 - 2024-06-05 18:49 - 000000000 ____D C:\Users\Ripple\AppData\Local\nwjs
2024-06-05 11:21 - 2024-06-05 11:21 - 000000579 _____ C:\Users\Public\Desktop\The Genesis Order.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-04 11:15 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SystemTemp
2024-07-04 11:14 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\discord
2024-07-04 11:14 - 2023-12-06 13:33 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-04 11:13 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Local\Discord
2024-07-04 11:12 - 2023-12-06 06:56 - 000000000 ____D C:\Users\Ripple
2024-07-04 11:12 - 2023-12-06 06:52 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-04 11:12 - 2023-12-06 06:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-07-04 11:12 - 2023-12-06 06:52 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-07-04 11:12 - 2023-12-06 06:52 - 000000000 ____D C:\ProgramData\NVIDIA
2024-07-04 11:12 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\ServiceState
2024-07-04 11:12 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-04 11:09 - 2024-05-01 15:56 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2024-07-04 01:12 - 2024-05-02 11:05 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\DMCache
2024-07-04 01:12 - 2022-05-07 11:02 - 000524288 _____ C:\Windows\system32\config\BBI
2024-07-04 00:11 - 2024-02-22 09:44 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\riot-client-ux
2024-07-03 21:42 - 2023-12-06 21:13 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\vlc
2024-07-03 18:19 - 2024-01-21 19:25 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
2024-07-03 18:19 - 2024-01-21 19:25 - 000001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2024-07-03 18:19 - 2023-12-25 11:23 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-07-03 18:19 - 2023-12-25 11:23 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-07-03 18:19 - 2023-12-25 11:23 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-07-03 18:19 - 2023-12-25 11:23 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-07-03 18:19 - 2023-12-25 11:23 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-07-03 18:19 - 2023-12-07 17:45 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-03 18:19 - 2023-12-07 13:55 - 000000008 _____ C:\ProgramData\ntuser.pol
2024-07-03 18:19 - 2023-12-06 13:33 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-07-03 18:19 - 2023-12-06 06:52 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-03 18:18 - 2023-12-25 11:25 - 000000000 ____D C:\ProgramData\Riot Games
2024-07-03 16:01 - 2023-12-06 07:02 - 001381038 _____ C:\Windows\system32\PerfStringBackup.INI
2024-07-03 16:01 - 2022-05-07 11:07 - 000000000 ____D C:\Windows\INF
2024-07-03 14:58 - 2023-12-26 23:17 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Excel
2024-07-03 11:59 - 2023-12-07 10:43 - 000000000 ____D C:\Users\Ripple\AppData\Local\CrashDumps
2024-07-03 10:29 - 2023-12-25 11:43 - 000000000 ____D C:\KVRT2020_Data
2024-07-03 10:22 - 2023-12-06 13:33 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-07-03 10:20 - 2023-12-06 06:56 - 000000000 ____D C:\Users\Ripple\AppData\Local\Packages
2024-07-03 10:14 - 2023-12-06 16:38 - 000002182 _____ C:\Users\Ripple\Desktop\mod-2-.txt
2024-07-03 10:06 - 2023-12-06 06:54 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-07-03 01:34 - 2023-12-08 22:42 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\qBittorrent
2024-07-03 01:32 - 2023-12-16 08:59 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Spotify
2024-07-02 21:59 - 2023-12-16 08:59 - 000000000 ____D C:\Users\Ripple\AppData\Local\Spotify
2024-07-02 20:28 - 2023-12-07 23:24 - 000000000 ____D C:\Users\Ripple\Downloads\Telegram Desktop
2024-07-02 16:24 - 2024-02-11 22:16 - 000000124 _____ C:\ProgramData\autoclickconfig.ini
2024-07-02 16:24 - 2023-12-06 13:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-07-02 13:31 - 2023-12-06 16:56 - 000000000 ____D C:\Users\Ripple\Downloads\Compressed
2024-07-02 13:24 - 2023-12-10 12:51 - 000000000 ____D C:\Users\Ripple\AppData\Local\D3DSCache
2024-07-02 13:23 - 2022-05-07 11:09 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-07-02 10:41 - 2024-03-02 11:10 - 000000000 ____D C:\Users\Ripple\AppData\LocalLow\Temp
2024-07-02 10:39 - 2022-05-07 11:02 - 000000000 ____D C:\Windows\CbsTemp
2024-07-02 10:30 - 2022-05-07 11:09 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-02 10:30 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\AppReadiness
2024-07-01 22:44 - 2023-12-25 11:23 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2024-07-01 22:40 - 2023-12-06 06:52 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2024-07-01 22:38 - 2023-12-06 06:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-07-01 22:33 - 2023-12-06 07:01 - 000000000 ____D C:\Users\Ripple\AppData\Local\NVIDIA Corporation
2024-07-01 22:31 - 2023-12-06 07:01 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2023-12-06 07:01 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-07-01 22:31 - 2023-12-06 07:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-07-01 22:31 - 2023-12-06 06:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-06-30 09:56 - 2024-05-01 15:55 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-06-30 00:59 - 2024-02-20 18:33 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\steelseries-gg-client
2024-06-29 19:38 - 2023-12-06 06:52 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-06-29 13:08 - 2023-12-25 11:20 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-29 11:51 - 2023-12-11 10:21 - 000000000 ____D C:\Windows\SysWOW64\directx
2024-06-28 17:43 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\LiveKernelReports
2024-06-28 15:01 - 2023-12-06 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-06-27 09:09 - 2023-12-07 17:45 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-26 15:21 - 2023-12-06 13:45 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\AnyDesk
2024-06-26 06:56 - 2024-06-03 10:05 - 000002297 _____ C:\Users\Ripple\Desktop\Discord.lnk
2024-06-24 15:34 - 2024-01-23 20:42 - 000000000 ____D C:\Users\Ripple\AppData\Local\Overwolf
2024-06-22 14:16 - 2024-02-23 11:31 - 000002136 _____ C:\Windows\Sandboxie.ini
2024-06-19 22:38 - 2024-01-28 17:13 - 000000000 ____D C:\Users\Ripple\AppData\Local\Steam
2024-06-15 11:00 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\USOPrivate
2024-06-15 10:45 - 2023-12-06 06:52 - 000504488 _____ C:\Windows\system32\FNTCACHE.DAT
2024-06-15 02:32 - 2023-10-01 12:40 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-06-15 02:32 - 2022-05-07 13:24 - 000000000 ____D C:\Windows\InboxApps
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ___SD C:\Windows\system32\UNP
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ___RD C:\Windows\PrintDialog
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\UUS
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\SystemResources
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\Sgrm
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\setup
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\oobe
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\migwiz
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\Dism
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\appraiser
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\ShellExperiences
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\ShellComponents
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\BrowserCore
2024-06-15 02:32 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\bcastdvr
2024-06-15 02:32 - 2022-05-07 11:02 - 000000000 ____D C:\Windows\servicing
2024-06-14 11:50 - 2023-12-05 15:25 - 000000000 ____D C:\Windows\system32\MRT
2024-06-14 11:46 - 2023-12-05 15:25 - 199048176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-06-14 11:46 - 2022-05-07 13:24 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2024-06-14 11:46 - 2022-05-07 13:24 - 000024383 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2024-06-14 11:13 - 2024-05-19 12:05 - 000000000 ____D C:\Users\Ripple\OutsideOfTime4
2024-06-12 12:05 - 2024-03-22 10:23 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Anki2
2024-06-12 01:01 - 2023-12-06 07:01 - 000086568 _____ C:\Windows\system32\FvSDK_x64.dll
2024-06-12 01:01 - 2023-12-06 07:01 - 000075304 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2024-06-11 01:42 - 2024-03-01 15:19 - 000054408 _____ (SteelSeries ApS) C:\Windows\system32\Drivers\sshid.sys
2024-06-11 01:42 - 2023-12-19 13:15 - 000043568 _____ (SteelSeries ApS) C:\Windows\system32\Drivers\ssdevfactory.sys
2024-06-11 01:07 - 2022-05-07 11:09 - 000000000 ____D C:\Windows\system32\AppLocker
2024-06-07 19:46 - 2023-12-25 11:25 - 000000605 _____ C:\Users\Public\Desktop\Riot Client.lnk
2024-06-07 18:32 - 2023-12-06 06:52 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-07 18:32 - 2023-12-06 06:52 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-06 17:35 - 2023-12-06 07:01 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-05 08:57 - 2023-12-06 06:52 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by Max (04-07-2024 11:16:01)
Running from C:\Users\Ripple\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3737 (X64) (2023-12-06 01:10:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2515384590-1499498081-2273501178-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2515384590-1499498081-2273501178-503 - Limited - Disabled)
Guest (S-1-5-21-2515384590-1499498081-2273501178-501 - Limited - Disabled)
Max (S-1-5-21-2515384590-1499498081-2273501178-1001 - Administrator - Enabled) => C:\Users\Ripple
WDAGUtilityAccount (S-1-5-21-2515384590-1499498081-2273501178-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3RVX (HKLM-x32\...\{400A8514-5440-410A-B318-44061BD7EE8E}) (Version: 2.9.2.0 - Matthew Malensek)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
AeternoBlade II: Infinity (HKLM-x32\...\AeternoBlade II: Infinity_is1) (Version:  - )
Anki (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Anki) (Version: 23.12.1 - )
AutoHotkey (user) (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\AutoHotkey) (Version: 2.0.10 - AutoHotkey Foundation LLC)
Baldur's Gate 3 (HKLM-x32\...\Baldur's Gate 3_is1) (Version:  - )
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.20.10.1003 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\BlueStacksServices) (Version: 3.0.8 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\BlueStacks X) (Version: 10.10.1.1001 - now.gg, Inc.)
Chessarama (HKLM-x32\...\Chessarama_is1) (Version:  - )
Control Center Service (HKLM\...\{6ea3ce12-b991-4b65-9f8d-b148eaaecd87}_is1) (Version: 4.1.47.11 - OEM)
Discord (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Discord) (Version: 1.0.9147 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{3FD9F3E6-059D-4E4D-8B5B-EBAE90CA882E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
FANTECH X4S MACRO Gaming Mouse (HKLM-x32\...\{7587581E-9DAD-412D-9AA4-8541FCBCCAF6}) (Version: 1.00.0000 - FANTECH)
FIFA 16 (HKLM-x32\...\FIFA 16_is1) (Version:  - )
Geeks3D FurMark 1.36.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.36.0.0 - Geeks3D)
Ghostwire: Tokyo (HKLM-x32\...\Ghostwire: Tokyo_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Hades 2 (HKLM-x32\...\Hades 2_is1) (Version: 0.0.0 - DODI-Repacks)
Intel(R) Chipset Device Software (HKLM\...\{BB1E910B-7D2D-4FC8-A87C-5A53CAC2D5A8}) (Version: 10.1.19159.8331 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a8ed3a4b-8ec2-4b7d-b0f6-0f4db00ea2ce}) (Version: 10.1.19159.8331 - Intel(R) Corporation)
Intel(R) LMS (HKLM\...\{B76FE067-1B6B-416E-9A99-C1BF5E9A2FC1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2149.16.0.2602 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{3EE91568-6FE3-43AA-9BFC-7496A56D272C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{E4924222-0A39-4EEE-8F7E-8C95BDFDCFCE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.42.9 - Tonec Inc.)
League of Legends (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
Lysfanga: The Time Shift Warrior (HKLM-x32\...\Lysfanga: The Time Shift Warrior_is1) (Version:  - )
Malwarebytes version 5.1.6.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.6.117 - Malwarebytes)
MetaTFT (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Overwolf_aheglebeeekjdnkljmpngplhpedgejncjhojnndh) (Version: 0.2.341 - Overwolf app)
MetaTrader 4 EXNESS (HKLM-x32\...\MetaTrader 4 EXNESS) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft .NET Host - 6.0.25 (x64) (HKLM\...\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.7 (x64) (HKLM\...\{E914E975-A0B1-49F7-AB71-28DACD495C44}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM\...\{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.7 (x64) (HKLM\...\{62A9DE14-DB7A-41D9-9D7E-ED494E6FCBAF}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM\...\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.7 (x64) (HKLM\...\{ECCA3DB0-6DEF-42CD-A21A-F2F7B918FB59}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.7 - Shared Framework (x64) (HKLM-x32\...\{4a749a1a-b799-41b4-a328-33a7b2355e76}) (Version: 7.0.7.23274 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.7 Shared Framework (x64) (HKLM\...\{5ECA54B7-62F2-39EE-9514-31F7DFFFC968}) (Version: 7.0.7.23274 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.81 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.17726.20126 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM\...\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32\...\{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM\...\{593F16DC-C2D3-4740-ABD4-A171B4E32B06}) (Version: 56.31.61651 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM-x32\...\{e875fc20-9a37-4344-b046-0bb037cb2d57}) (Version: 7.0.7.32525 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 127.0.2 (x64 en-US)) (Version: 127.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.78 - Nmap Project)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.28.0.417 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.417 - NVIDIA Corporation)
NVIDIA Graphics Driver 556.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.0.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
NVIDIA USBC Driver 1.52.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.52.831.832 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
OmegaT version 6.0.0 (HKLM\...\org.omegat_is1) (Version: 6.0.0 - OmegaT)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.251.2.1 - Overwolf Ltd.)
Prince of Persia: The Lost Crown (HKLM-x32\...\Prince of Persia: The Lost Crown_is1) (Version:  - )
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.2 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.5.18 - Rainmeter)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.9.0516.051517 - Razer Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9289.1 - Realtek Semiconductor Corp.)
Riot Client  (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Riot Game Riot_Client.) (Version:  - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Sandboxie 5.67.9 (64-bit) (HKLM\...\Sandboxie) (Version: 5.67.9 - Sandboxie-Plus.com)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 65.0.0 (HKLM\...\SteelSeries GG) (Version: 65.0.0 - SteelSeries ApS)
Stremio (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Stremio) (Version: 4.4.165 - Smart Code Ltd)
Svarog's Dream (HKLM-x32\...\Svarog's Dream_is1) (Version:  - )
Telegram Desktop (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.2.2 - Telegram FZ-LLC)
The Genesis Order (HKLM-x32\...\The Genesis Order_is1) (Version:  - )
The Riftbreaker (HKLM-x32\...\The Riftbreaker_is1) (Version:  - )
VALORANT (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Warm Snow (HKLM-x32\...\Warm Snow_is1) (Version:  - )
Wireshark 4.2.5 x64 (HKLM-x32\...\Wireshark) (Version: 4.2.5 - The Wireshark developer community, hxxps://www.wireshark.org)
Zoom (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)

Packages:
=========

AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-16] (INTEL CORP) [Startup Task]
GamingCenter3_Cross -> C:\Program Files\WindowsApps\ControlCenter3_4.1.47.11_x64__h329z55cwnj8g [2024-02-07] (STD) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-07-01] (NVIDIA Corp.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.20006.0_x64__8wekyb3d8bbwe [2024-06-28] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_x64__dt26b99r8h8gj [2023-12-07] (Realtek Semiconductor Corp)
Sound Blaster Cinema 6+ -> C:\Program Files\WindowsApps\CreativeTechnologyLtd.52058C5BB174B_1.0.9.0_x86__13fcda18mhdz2 [2023-12-07] (Creative Technology Ltd.)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-12] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.159.55.0_x64__8wekyb3d8bbwe [2024-06-12] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-06-15] (Microsoft Windows)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-07-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_4cd94d3ab4900da6\nvshext.dll [2024-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-07-02] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\Prince of Persia - The Lost Crown.lnk -> D:\games\Prince of Persia - The Lost Crown\Ryujinx.bat ()

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\autoclickconfig.ini:07021500A6 [4298]
AlternateDataStreams: C:\ProgramData\empty.ico:8C1C1B484F [4298]
AlternateDataStreams: C:\ProgramData\ntuser.pol:95CF30931B [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk:088221F38A [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk:FE00AE19CB [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [4298]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [4298]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 11:09 - 2024-07-02 10:40 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.101.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\StartupFolder: => "FANTECH X4S MACRO Gaming Mouse.lnk"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\Run: => "electron.app.BlueStacks Services"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\Run: => "Synapse3"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{93C33257-E785-4324-87C7-169C925B2120}] => (Allow) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe (Uniwill Technology Inc. -> )
FirewallRules: [{81128E4D-9597-48EB-9C00-2987104B2C7B}] => (Allow) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe (Uniwill Technology Inc. -> )
FirewallRules: [{B79EE3E6-201C-4024-BFD4-B731AAF98003}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF12C5DC-DD87-4E89-ABC5-329ED525DC23}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{81CB5DC2-4EBF-416E-84AB-EFC2F29DC677}C:\users\ripple\downloads\anydesk.exe] => (Allow) C:\users\ripple\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{08BE5B52-AEA9-4C4C-ADF3-433CF487F3FC}C:\users\ripple\downloads\anydesk.exe] => (Allow) C:\users\ripple\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{FC7DDA0B-2885-4511-BC34-A0515D312F11}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{96DF0EA3-19BB-4730-9C67-0168A71192D0}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{5FF45AEE-EA35-4940-BA99-745F9C4EA5BB}D:\software\anydesk.exe] => (Allow) D:\software\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{1C85AB8F-22E8-44AF-95F9-47D53B4C3BF0}D:\software\anydesk.exe] => (Allow) D:\software\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [TCP Query User{C1E7C675-4134-4C24-99DB-9FAC4106CB41}D:\games\warm snow\warmsnow.exe] => (Allow) D:\games\warm snow\warmsnow.exe () [File not signed]
FirewallRules: [UDP Query User{02530C5B-5B1B-4446-9DC0-F3A969751CCD}D:\games\warm snow\warmsnow.exe] => (Allow) D:\games\warm snow\warmsnow.exe () [File not signed]
FirewallRules: [TCP Query User{78993BF2-4E28-48BA-AC5E-D73EDF569880}D:\riot games\riot client\riotclientservices.exe] => (Allow) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{232F6D0B-CFC4-4ACC-8C86-EA6A1B930100}D:\riot games\riot client\riotclientservices.exe] => (Allow) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{278B6E8B-AF7F-401E-B30D-F09BBC36F812}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{1E2F09D9-E731-46F2-A39B-354DDD55DDAA}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3BAA4325-7379-43B5-AE1E-83C16CC8F3BF}D:\games\baldur's gate 3\bin\bg3_dx11.exe] => (Allow) D:\games\baldur's gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{7C19BB32-A3DD-4A37-8437-9882847C9D6B}D:\games\baldur's gate 3\bin\bg3_dx11.exe] => (Allow) D:\games\baldur's gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [{B50707B5-D9BD-4AB6-950A-C793EF7372D0}] => (Allow) D:\bluestacks\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{6B2E1BAF-0CF0-433D-B5E9-9B17F30E338E}] => (Allow) D:\bluestacks\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{20B9EC59-31AF-4CDF-B390-DE54030493B1}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{8E0FB278-2C49-41C2-A298-22FC33EDAF2A}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [{4B31C6B9-8EEC-4DCB-900B-EC1CB842431B}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{87615D40-2B9D-42A4-B248-805C0F323734}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8B97F87C-A5F5-4FAE-88F4-473E46FB5C55}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3C2F7EB2-1A4A-4908-A9BA-2D3344892EB5}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{777C2B56-FB3A-44FB-BEFC-D6867A6998D1}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{604854D9-3687-459C-833F-8739A8FFAC66}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{2E9572A8-2A0C-4021-8B40-9485725D49BD}C:\users\ripple\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\ripple\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Node.js)
FirewallRules: [UDP Query User{704AB798-101F-4BB7-9AC6-BDDB84C6E0F5}C:\users\ripple\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\ripple\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Node.js)
FirewallRules: [TCP Query User{5BC17E74-AD75-401E-A0CB-17114F9A0451}E:\program files (x86)\spotify portable\app\spotify\spotify.exe] => (Allow) E:\program files (x86)\spotify portable\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{28AE1875-1272-41B1-8FCD-1F12EAB8F7D6}E:\program files (x86)\spotify portable\app\spotify\spotify.exe] => (Allow) E:\program files (x86)\spotify portable\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [{B5F1EAB2-E29C-4A5B-9360-446DC2EF1197}] => (Allow) C:\Users\Ripple\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{C91DBFE7-9784-4424-ABCA-4D8EB36FD3D2}C:\users\ripple\downloads\programs\anydesk.exe] => (Allow) C:\users\ripple\downloads\programs\anydesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{CC23B56B-2A83-4768-BBD9-D55BD4419C29}C:\users\ripple\downloads\programs\anydesk.exe] => (Allow) C:\users\ripple\downloads\programs\anydesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{97C3EA04-81DD-49F7-8A13-D2A519798908}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Goose Goose Duck\GGDLauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{BA1231DA-1D80-4035-AD45-0EB6E6A55494}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Goose Goose Duck\GGDLauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [TCP Query User{97C07BDA-EA0D-4E94-B850-C891A7F18930}D:\games\lysfanga - the time shift warrior\lysfanga the time shift warrior.exe] => (Allow) D:\games\lysfanga - the time shift warrior\lysfanga the time shift warrior.exe () [File not signed]
FirewallRules: [UDP Query User{F61ACD2C-ED51-4C09-908D-87EF7B26E99A}D:\games\lysfanga - the time shift warrior\lysfanga the time shift warrior.exe] => (Allow) D:\games\lysfanga - the time shift warrior\lysfanga the time shift warrior.exe () [File not signed]
FirewallRules: [{4B23D2EF-B85B-4A54-A27C-27F683A086B9}] => (Allow) E:\overwolf\0.251.2.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{66812664-F717-4FF4-8BED-574EE224CE07}] => (Allow) E:\overwolf\0.251.2.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{99179C36-07E0-4AA8-8D17-41ED5CD8873F}] => (Block) E:\overwolf\0.251.2.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{53938091-7501-4B8C-94D1-ED10BB294EDD}] => (Block) E:\overwolf\0.251.2.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{06338940-4A70-4E63-A7E6-C1C05E30F148}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{169EEA74-BED1-474A-BB2F-E063CDDFC2D5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1D7746B5-A6B2-45AE-BE10-ED80E860F3C2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{325DD4ED-6F9D-493C-AE17-A055E11A4FEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B347B7AB-BEB9-43E4-9941-792DF19EADB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{51AC4C50-176A-41D8-BCAB-B15040C509C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{56ADD3A6-37EC-4D2A-A243-BABD2D169818}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4022EE6D-0B77-4513-9DD9-25C9D056050C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6CA7F345-FF05-43B2-BF10-5831B4520D0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

02-07-2024 10:23:45 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/04/2024 11:16:42 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: GCUService.exe, version: 1.0.2.70, time stamp: 0x640579b1
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3733, time stamp: 0x44653e19
Exception code: 0xe0434352
Fault offset: 0x000000000005f39c
Faulting process id: 0x0xcb4
Faulting application start time: 0x0x1dacdd373492cf3
Faulting application path: C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 3f05c0da-f162-4e4f-a587-102ecf7ea5ef
Faulting package full name:
Faulting package-relative application ID:

Error: (07/04/2024 11:16:42 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GCUService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Newtonsoft.Json.JsonReaderException
   at Newtonsoft.Json.Linq.JObject.Load(Newtonsoft.Json.JsonReader, Newtonsoft.Json.Linq.JsonLoadSettings)
   at Newtonsoft.Json.Linq.JObject.Parse(System.String, Newtonsoft.Json.Linq.JsonLoadSettings)
   at Utility.SettingsManager.LoadSettings()
   at GCService5.GPUDeviceItem.Init()
   at GCService5.GPUDeviceItem..ctor()
   at GCService5.GPUDeviceItem..cctor()

Exception Info: System.TypeInitializationException
   at MyControlCenter.MyFan.MyFanManager_RamFan1p5..ctor()
   at MyControlCenter.MyFanCtrl..ctor()
   at MyControlCenter.MyFanCtrl..cctor()

Exception Info: System.TypeInitializationException
   at MyControlCenter.PowerModeEvent..ctor()
   at MyControlCenter.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at MyControlCenter.App.Main()

Error: (07/04/2024 11:16:38 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: GCUService.exe, version: 1.0.2.70, time stamp: 0x640579b1
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3733, time stamp: 0x44653e19
Exception code: 0xe0434352
Fault offset: 0x000000000005f39c
Faulting process id: 0x0x3c9c
Faulting application start time: 0x0x1dacdd370d4bac5
Faulting application path: C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: cf6a723c-f0df-4894-b2a8-dfaa12900b77
Faulting package full name:
Faulting package-relative application ID:

Error: (07/04/2024 11:16:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GCUService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Newtonsoft.Json.JsonReaderException
   at Newtonsoft.Json.Linq.JObject.Load(Newtonsoft.Json.JsonReader, Newtonsoft.Json.Linq.JsonLoadSettings)
   at Newtonsoft.Json.Linq.JObject.Parse(System.String, Newtonsoft.Json.Linq.JsonLoadSettings)
   at Utility.SettingsManager.LoadSettings()
   at GCService5.GPUDeviceItem.Init()
   at GCService5.GPUDeviceItem..ctor()
   at GCService5.GPUDeviceItem..cctor()

Exception Info: System.TypeInitializationException
   at MyControlCenter.MyFan.MyFanManager_RamFan1p5..ctor()
   at MyControlCenter.MyFanCtrl..ctor()
   at MyControlCenter.MyFanCtrl..cctor()

Exception Info: System.TypeInitializationException
   at MyControlCenter.PowerModeEvent..ctor()
   at MyControlCenter.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at MyControlCenter.App.Main()

Error: (07/04/2024 11:16:34 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: GCUService.exe, version: 1.0.2.70, time stamp: 0x640579b1
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3733, time stamp: 0x44653e19
Exception code: 0xe0434352
Fault offset: 0x000000000005f39c
Faulting process id: 0x0x1c98
Faulting application start time: 0x0x1dacdd36e6100ab
Faulting application path: C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: bf5fa597-ae79-4958-97c9-42fd62ad2fe3
Faulting package full name:
Faulting package-relative application ID:

Error: (07/04/2024 11:16:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GCUService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Newtonsoft.Json.JsonReaderException
   at Newtonsoft.Json.Linq.JObject.Load(Newtonsoft.Json.JsonReader, Newtonsoft.Json.Linq.JsonLoadSettings)
   at Newtonsoft.Json.Linq.JObject.Parse(System.String, Newtonsoft.Json.Linq.JsonLoadSettings)
   at Utility.SettingsManager.LoadSettings()
   at GCService5.GPUDeviceItem.Init()
   at GCService5.GPUDeviceItem..ctor()
   at GCService5.GPUDeviceItem..cctor()

Exception Info: System.TypeInitializationException
   at MyControlCenter.MyFan.MyFanManager_RamFan1p5..ctor()
   at MyControlCenter.MyFanCtrl..ctor()
   at MyControlCenter.MyFanCtrl..cctor()

Exception Info: System.TypeInitializationException
   at MyControlCenter.PowerModeEvent..ctor()
   at MyControlCenter.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at MyControlCenter.App.Main()

Error: (07/04/2024 11:16:30 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: GCUService.exe, version: 1.0.2.70, time stamp: 0x640579b1
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3733, time stamp: 0x44653e19
Exception code: 0xe0434352
Fault offset: 0x000000000005f39c
Faulting process id: 0x0x1fd0
Faulting application start time: 0x0x1dacdd36beafdae
Faulting application path: C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: f57892bf-83ab-47db-8135-46090fed40e8
Faulting package full name:
Faulting package-relative application ID:

Error: (07/04/2024 11:16:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GCUService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Newtonsoft.Json.JsonReaderException
   at Newtonsoft.Json.Linq.JObject.Load(Newtonsoft.Json.JsonReader, Newtonsoft.Json.Linq.JsonLoadSettings)
   at Newtonsoft.Json.Linq.JObject.Parse(System.String, Newtonsoft.Json.Linq.JsonLoadSettings)
   at Utility.SettingsManager.LoadSettings()
   at GCService5.GPUDeviceItem.Init()
   at GCService5.GPUDeviceItem..ctor()
   at GCService5.GPUDeviceItem..cctor()

Exception Info: System.TypeInitializationException
   at MyControlCenter.MyFan.MyFanManager_RamFan1p5..ctor()
   at MyControlCenter.MyFanCtrl..ctor()
   at MyControlCenter.MyFanCtrl..cctor()

Exception Info: System.TypeInitializationException
   at MyControlCenter.PowerModeEvent..ctor()
   at MyControlCenter.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at MyControlCenter.App.Main()


System errors:
=============
Error: (07/04/2024 11:12:12 AM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (07/04/2024 11:12:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:10:08 AM on ‎7/‎4/‎2024 was unexpected.

Error: (07/03/2024 09:21:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/03/2024 08:53:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/03/2024 08:31:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/03/2024 08:07:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/03/2024 07:49:47 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/03/2024 07:25:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2024-07-03 10:24:00
Description:
Microsoft Defender Antivirus has detected potentially unwanted application(PUA).
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Packunwan&threatid=298189&enterprise=0
Name: PUA:Win32/Packunwan
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\FRST\Quarantine\C\Users\Ripple\AppData\Local\WinRAR\Rar64.exe.xBAD
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\Ripple\AppData\Local\Temp\{98c8a12f-4599-494c-829e-ad1588d2245f}\387c12b3.exe
Security intelligence Version: AV: 1.413.661.0, AS: 1.413.661.0, NIS: 1.413.661.0
Engine Version: AM: 1.1.24050.5, NIS: 1.1.24050.5

Date: 2024-07-02 10:40:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-07-02 10:30:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-07-01 16:33:37
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Tool:AndroidOS/Multiverze&threatid=304861&enterprise=0
Name: Tool:AndroidOS/Multiverze
Severity: Medium
Category: Tool
Path: file:_E:\installation files\Internet Download Manager (IDM) v6.41 Build 20 + Fix [Lifetime Activation] {CracksHash}\Patch Fix\Crack Fix.zip
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.413.626.0, AS: 1.413.626.0, NIS: 1.413.626.0
Engine Version: AM: 1.1.24050.5, NIS: 1.1.24050.5

Date: 2024-07-01 14:29:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2024-01-10 19:18:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.1898.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80240022
Error description: The program can't check for definition updates. 

Date: 2024-01-10 19:18:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.1898.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80240022
Error description: The program can't check for definition updates. 

Date: 2024-01-10 13:16:49
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.1898.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2023-12-15 11:22:08
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.516.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2023-12-10 12:45:24
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2024-07-04 11:13:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Ripple\AppData\Local\Discord\app-1.0.9152\Discord.exe) attempted to load \Device\HarddiskVolume6\overwolf\0.251.2.1\OWClient.dll that did not meet the Microsoft signing level requirements.

Date: 2024-07-04 11:13:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Ripple\AppData\Local\Discord\app-1.0.9152\Discord.exe) attempted to load \Device\HarddiskVolume6\overwolf\0.251.2.1\ow-graphics-vulkan.dll that did not meet the Microsoft signing level requirements.

Date: 2024-07-04 11:13:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Ripple\AppData\Local\Discord\app-1.0.9152\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. N.1.14STD00 09/15/2022
Motherboard: Standard Standard
Processor: 12th Gen Intel(R) Core(TM) i7-12700H
Percentage of memory in use: 25%
Total physical RAM: 32508.54 MB
Available physical RAM: 24201.22 MB
Total Virtual: 34556.54 MB
Available Virtual: 24672.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.07 GB) (Free:105.14 GB) (Model: CT1000P3PSSD8) NTFS
Drive d: (Max) (Fixed) (Total:683.59 GB) (Free:225.58 GB) (Model: CT1000P3PSSD8) NTFS
Drive e: (PortableSSD) (Fixed) (Total:931.51 GB) (Free:12.21 GB) (Model: SanDisk Portable SSD SCSI Disk Device) NTFS
Drive f: (portable movies & games) (Fixed) (Total:953.85 GB) (Free:485.69 GB) (Model: JMicron Tech SCSI Disk Device) NTFS

\\?\Volume{32397118-47cf-4961-8f00-d29de02ab434}\ () (Fixed) (Total:0.74 GB) (Free:0.06 GB) NTFS
\\?\Volume{4cd4fb91-1125-4d65-a761-2c4f675a5ae6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

the rundll32 error seems to have stopped. hasn't occurred again. But BSOD being a bit frequent, happened twice or thrice yesterday, and when I opened laptop for the first time earlier, after just few mins, the BSOD appeared again like yesterday.

Malnutrition · 2024-07-04T07:34:40+0100

Disable anything you feel that is not needed from start up. AutoRunOrganizer

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.

Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
Right click Autologger and run as administrator. (Xp user double click)
AVZ4 will open and scan your machine, allow this to complete.
Upload Collectionlog.zip to your next reply.

Let's have a look at the dump files.

=============>Upload your dump files <==========

maxim123 · 2024-07-04T12:00:42+0100

Malnutrition said:
Disable anything you feel that is not needed from start up. AutoRunOrganizer

hi, it says this.

maxim123 · 2024-07-04T12:04:40+0100

Malnutrition said:
Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----

it is asking for a password.

maxim123 · 2024-07-04T12:06:17+0100

Malnutrition said:
Let's have a look at the dump files.

there was only one file in the minidump folder, and modified date of the file is 1/5/2024.

maxim123 · 2024-07-04T12:16:49+0100

maxim123 said:
it is asking for a password.
View attachment 13861

okay, I could directly download the exe file from the site, so downloaded the autologger.exe and ran it. here is the log.

Malnutrition · 2024-07-04T12:44:31+0100

Ok, I will check these out, I am going to be in and out a lot today, so you may not have a response till much later.

Malnutrition · 2024-07-04T12:55:59+0100

Open a command prompt with administrative privileges on the device.
Enter the following commands one at a time hitting enter after each.
sc stop dam
sc config dam start= disabled

Code:

Dump: 010524-16468-01.dmp (05.01.2024 07:07:14)
Code: 0x14F - PDC_WATCHDOG_TIMEOUT
Process: ctfmon.exe, probably caused by: dam.sys
Third-party modules in the Raw Stack: KMPDC.sys
FAILURE_BUCKET_ID: 0x14F_DAM_IMAGE_dam.sys

maxim123 · 2024-07-04T13:51:22+0100

Malnutrition said:
Open a command prompt with administrative privileges on the device.

Enter the following commands one at a time hitting enter after each.
sc stop dam
sc config dam start= disabled

Code:

Dump: 010524-16468-01.dmp (05.01.2024 07:07:14) Code: 0x14F - PDC_WATCHDOG_TIMEOUT Process: ctfmon.exe, probably caused by: dam.sys Third-party modules in the Raw Stack: KMPDC.sys FAILURE_BUCKET_ID: 0x14F_DAM_IMAGE_dam.sys

Hi, did it, but the content in the "code" is just info and nothing to do about it right?

maxim123 · 2024-07-05T06:22:30+0100

Hi, there seems to be serious issues with BSOD. First time turning on the laptop today. It gave BSOD in welcome screen. Then restarted immediately, couldn't even see what error, and gave BSOD again. then restarted immediately.
It went to BIOS screen, I just clicked save changes and exit and it went to troubleshoot option in the windows logo screen, where I clicked continue to win 11, and it just opened now.
I checked minidump immediately but the file there still shows one from January and not the recent BSOD logs.

the minidump creation is enabled, maybe because the pc immediately restarts after the BSOD, in 0% of error collection?

maxim123 · 2024-07-05T08:58:55+0100

I have disabled the automatic restart in hopes of knowing what the error is the next time the BSOD appears again.

maxim123

maxim123

Attachments

maxim123

Malnutrition

Malnurished Mod

maxim123

Malnutrition

Malnurished Mod

maxim123

maxim123

maxim123

Attachments

maxim123

Attachments

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

maxim123

maxim123

maxim123

Search

Search

In Progress Hundreds of rundll32.exe running