Solved Hundreds of rundll32.exe running

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Malnutrition said:
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Click to expand...
I have disabled win updates with the freeware you have provided.

Fixlog.
Code: 
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by Max (19-07-2024 11:02:42) Run:3
Running from C:\Users\Ripple\Desktop
Loaded Profiles: Max
Boot Mode: Normal
==============================================

fixlist content:
*****************
start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
EmptyEventLogs:
S3 SbieDrv; \??\d:\Program Files\Sandboxie\SbieDrv.sys [X]
C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt
AlternateDataStreams: C:\ProgramData\autoclickconfig.ini:07021500A6 [5162]
AlternateDataStreams: C:\ProgramData\empty.ico:8C1C1B484F [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk:088221F38A [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk:FE00AE19CB [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5162]
Folder: C:\Windows\System32\Tasks

StartBatch:
WMIC SERVICE WHERE Name="dcomlaunch" set startmode="auto"
WMIC SERVICE WHERE Name="nsi" set startmode="auto"
WMIC SERVICE WHERE Name="dhcp" set startmode="auto"
WMIC SERVICE WHERE Name="rpcss" set startmode="auto"
WMIC SERVICE WHERE Name="rpceptmapper" set startmode="auto"
WMIC SERVICE WHERE Name="winmgmt" set startmode="auto"
WMIC SERVICE WHERE Name="sdrsvc" set startmode="manual"
WMIC SERVICE WHERE Name="vss" set startmode="manual"
WMIC SERVICE WHERE Name="eventlog" set startmode="auto"
WMIC SERVICE WHERE Name="bfe" set startmode="auto"
WMIC SERVICE WHERE Name="eventsystem" set startmode="auto"
WMIC SERVICE WHERE Name="msiserver" set startmode="manual"
WMIC SERVICE WHERE Name="sstpsvc" set startmode="manual"
WMIC SERVICE WHERE Name="rasman" set startmode="manual"
WMIC SERVICE WHERE Name="trustedinstaller" set startmode="auto"
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winhttp reset proxy
bitsadmin /list /allusers
bitsadmin /reset /allusers
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
netsh advfirewall reset
netsh advfirewall set allprofiles state on
del /f /s /q %windir%\prefetch\*.*
sc stop sysmain
sc config sysmain start= disabled
sc stop DiagTrack
sc config DiagTrack start= disabled
sc stop dmwappushservice
sc config dmwappushservice start= disabled
sc stop WSearch
sc config WSearch start= disabled
sc stop lfsvc
sc config lfsvc start= disabled
Endbatch:
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
End::
*****************

Restore point was successfully created.
Processes closed successfully.

=========== EmptyEventLogs: ==========

1173 Event logs cleared.


================================
HKLM\System\CurrentControlSet\Services\SbieDrv => removed successfully
SbieDrv => service removed successfully
C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt => moved successfully
C:\ProgramData\autoclickconfig.ini => ":07021500A6" ADS removed successfully
C:\ProgramData\empty.ico => ":8C1C1B484F" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk => ":A1B76439FE" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk => ":088221F38A" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk => ":FE00AE19CB" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini => ":41964AA945" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk => ":B96E9B8455" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk => ":C5112377E0" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk => ":980850BA8A" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => ":8096E45125" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk => ":C5D586BE93" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk => ":E77773B271" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk => ":60EC9648C0" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk => ":5465085A2F" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk => ":1DC1525F34" ADS removed successfully

========================= Folder: C:\Windows\System32\Tasks ========================

2024-07-12 11:51 - 2024-07-19 10:56 - 000003016 ____A [FDD89532680206F2087B6AA027D1AD51] () C:\Windows\System32\Tasks\BlueStacksHelper_nxt
2024-07-12 11:51 - 2024-07-12 11:51 - 000002590 ____A [350F8795900C9A972AA532E9BF5BA8F1] () C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2024-07-12 11:51 - 2024-07-19 10:57 - 000003298 ____A [E20BAC84A3A554F637B9DEA74AFC7BDD] () C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-12 11:51 - 2024-07-19 10:57 - 000003522 ____A [03005B4CD693085373FE2B3CC22206E2] () C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 11:51 - 2024-07-19 10:57 - 000002220 ____A [E71112CEB89B93A87C0D288BCCFE0EFA] () C:\Windows\System32\Tasks\npcapwatchdog
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\GoogleSystem
2024-07-12 11:51 - 2024-07-19 10:32 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\GoogleSystem\GoogleUpdater
2024-07-19 00:58 - 2024-07-19 10:56 - 000003342 ____A [54D1A30F0D8EE26D828AF8130A77917A] () C:\Windows\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.3{1EF25398-1393-46D7-9025-1FC7773C3FA4}
2022-05-07 11:09 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft
2024-07-12 11:51 - 2024-07-12 12:06 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Office
2024-07-12 11:51 - 2024-07-12 12:06 - 000005128 ____A [78FA3BE0DB89F79D4C1CB5E6984A43AA] () C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0
2024-07-12 11:51 - 2024-07-19 10:56 - 000003512 ____A [329938F0F00402FDCF288EF89A7C135D] () C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor
2024-07-12 11:51 - 2024-07-12 12:06 - 000007256 ____A [6711BDD62C8C6CA1B147758423907878] () C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates
2024-07-12 11:51 - 2024-07-12 12:06 - 000004332 ____A [AD6DC17A43C5A6AEAEFC6CA714B15B82] () C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon
2024-07-12 11:51 - 2024-07-19 10:56 - 000003038 ____A [42965EB2BC7528317952C570F9178AAB] () C:\Windows\System32\Tasks\Microsoft\Office\Office Performance Monitor
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\OneCore
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\OneCore\DirectX
2022-05-07 11:09 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
2024-07-12 11:51 - 2024-07-13 16:20 - 000003706 ____A [770D3B37566D20D56592A3DF3DBBCFD5] () C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
2024-07-12 11:51 - 2024-07-13 16:20 - 000003712 ____A [A2275832D00F717F0CCFC51C32C7FE28] () C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
2024-07-12 11:51 - 2024-07-12 12:51 - 000002882 ____A [C32239A18C997402DB95FAF8A4F764D2] () C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
2024-07-12 11:51 - 2024-07-12 12:51 - 000002876 ____A [B86EBF660E5832FE736763B4098BF591] () C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
2024-07-12 11:51 - 2024-07-12 11:51 - 000003978 ____A [4354BDCD3AEDEAB8BBE2281D6899D42D] () C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
2024-07-12 11:51 - 2024-07-12 11:51 - 000003426 ____A [D9E587010F978D667F0212B2144C44E1] () C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\AppID
2024-07-12 11:51 - 2024-07-12 11:51 - 000003436 ____A [0EF7D29DB858D8D00DC3F2F1DE323E6A] () C:\Windows\System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
2024-07-12 11:51 - 2024-07-12 11:51 - 000002722 ____A [EEE41022E55AAEB619210E8366C2E048] () C:\Windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
2024-07-12 11:51 - 2024-07-12 11:51 - 000003346 ____A [AA4CCBF36BBBDBCC9BA1074FD310083D] () C:\Windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
2024-07-12 11:51 - 2024-07-19 10:56 - 000003420 ____A [5E522D6EF23C53474BF8458A52B47719] () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\MareBackup
2024-07-12 11:51 - 2024-07-12 11:51 - 000003344 ____A [3297209B6C9718B80C32CE0663C4505E] () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
2024-07-12 11:51 - 2024-07-12 12:10 - 000004368 ____A [9F0ACCD368DEBDA3AA6D8B29423CF3EE] () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\PcaPatchDbTask
2024-07-12 11:51 - 2024-07-12 12:10 - 000004366 ____A [293A942896EA2C9DA850662689C2BDA5] () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect
2024-07-12 11:51 - 2024-07-12 11:51 - 000003430 ____A [320E240137DB59A95346BBF332557E80] () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\SdbinstMergeDbTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000003090 ____A [0BDE2A4342F763D8A55251395C14AF63] () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
2024-07-12 11:51 - 2024-07-12 11:51 - 000003316 ____A [EBD4D1229A8BAFE4D9E0624280E20596] () C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily
2024-07-12 11:51 - 2024-07-12 11:51 - 000003422 ____A [90FC38AE67C7E55DA1445FFCD73AAAEA] () C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall
2024-07-12 11:51 - 2024-07-12 11:51 - 000003052 ____A [B97EEB6111E0CAFC5660C41463BB20B4] () C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
2024-07-12 11:51 - 2024-07-12 11:51 - 000002716 ____A [BDCC5D5AEA37EEC6B1BEDC1EA832B098] () C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\AppListBackup
2024-07-12 11:51 - 2024-07-12 11:51 - 000002796 ____A [59C40D50E5F6CA2A929033554F3EC102] () C:\Windows\System32\Tasks\Microsoft\Windows\AppListBackup\Backup
2024-07-12 11:51 - 2024-07-12 11:51 - 000003086 ____A [9DF05D3978AA95FD6661C7F171055114] () C:\Windows\System32\Tasks\Microsoft\Windows\AppListBackup\BackupNonMaintenance
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient
2024-07-12 11:51 - 2024-07-13 16:20 - 000003086 ____A [39622D5C2D4710EDA8BE8FD1D127EC79] () C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
2024-07-12 11:51 - 2024-07-12 11:51 - 000002546 ____A [95BD3C2A2156CBA24141D2A7765CF72B] () C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
2024-07-12 11:51 - 2024-07-12 11:51 - 000002870 ____A [072DCBFD73085D1358EBACE36C1EE1F9] () C:\Windows\System32\Tasks\Microsoft\Windows\Autochk\Proxy
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker
2024-07-12 11:51 - 2024-07-12 11:51 - 000002496 ____A [6D44CDECB427D524A30AA40A5C3869F7] () C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives
2024-07-12 11:51 - 2024-07-12 11:51 - 000002344 ____A [AB84CA8B1D44095F680E4C04F7B5A96F] () C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
2024-07-12 11:51 - 2024-07-12 11:51 - 000002328 ____A [A90757604458D5A881FA829AB95E8FE1] () C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\BrokerInfrastructure
2024-07-12 11:51 - 2024-07-12 11:51 - 000003088 ____A [E1F8756D91FD0DE5CB739AC623134242] () C:\Windows\System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\capabilityaccessmanager
2024-07-12 11:51 - 2024-07-12 11:51 - 000003082 ____A [9EEA2079AC92ECB0EAFEAC68A79CDA00] () C:\Windows\System32\Tasks\Microsoft\Windows\capabilityaccessmanager\maintenancetasks
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
2024-07-12 11:51 - 2024-07-12 11:51 - 000002936 ____A [24D6991FFA5884C59005B31E87CBEC5E] () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000002830 ____A [64CA400E3ED6B9B6070691BD8836EB9B] () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000005486 ____A [CF6B96BBA76C987B91CBE4D4291DEF1A] () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000003694 ____A [B79F280F8B06288D6A92623C7360E01E] () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000004816 ____A [AF919660DAC7699D4C89E0F7D8160781] () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000003554 ____A [DA89EF2A15ED103DC6F29B1E9E1A4E4F] () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
2024-07-12 11:51 - 2024-07-12 11:51 - 000002780 ____A [BD35E15531B75FEDAAC17A4F070AC2F1] () C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
2024-07-12 11:51 - 2024-07-12 11:51 - 000002448 ____A [1B083E31B0725873A0AE644ABEB9F777] () C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk\SyspartRepair
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Clip
2024-07-12 11:51 - 2024-07-12 11:51 - 000003428 ____A [9678E6CF1E5E28843E456B0F5D0182C7] () C:\Windows\System32\Tasks\Microsoft\Windows\Clip\License Validation
2024-07-12 11:51 - 2024-07-12 11:51 - 000003688 ____A [FD80F9E471C41C65D8FE84FFB386CE92] () C:\Windows\System32\Tasks\Microsoft\Windows\Clip\LicenseImdsIntegration
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost
2024-07-12 11:51 - 2024-07-12 11:51 - 000002240 ____A [888E9CEB54341183623016C2A2747CEF] () C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\CloudRestore
2024-07-12 11:51 - 2024-07-12 11:51 - 000003358 ____A [C78EF9AC5A72B7BB979EFCF7A1AB84A7] () C:\Windows\System32\Tasks\Microsoft\Windows\CloudRestore\Backup
2024-07-12 11:51 - 2024-07-12 11:51 - 000002970 ____A [050212FCC2D02B05466BC1D5FA716598] () C:\Windows\System32\Tasks\Microsoft\Windows\CloudRestore\Restore
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\ConsentUX
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\ConsentUX\UnifiedConsent
2024-07-12 11:51 - 2024-07-12 11:51 - 000003252 ____A [32E9A5C09BABC1A0260137A41DFC422E] () C:\Windows\System32\Tasks\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
2024-07-12 11:51 - 2024-07-12 11:51 - 000003030 ____A [5D240C0C8A68AFA288D765EC717BECC8] () C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
2024-07-12 11:51 - 2024-07-12 11:51 - 000003162 ____A [A6B83AE2E4B0CA541CE97AA8E6E3C8FB] () C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
2024-07-12 11:51 - 2024-07-12 11:51 - 000003594 ____A [8A1D6C76B26AF75382D80096E6AA0346] () C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Check And Scan
2024-07-12 11:51 - 2024-07-12 11:51 - 000002862 ____A [A1B1EC66118786EBF58DADB125429C52] () C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
2024-07-12 11:51 - 2024-07-12 11:51 - 000003354 ____A [6DDAD9C9B84F54A3FE6B533D8FEE3815] () C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
2024-07-12 11:51 - 2024-07-12 12:02 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
2024-07-12 11:51 - 2024-07-12 12:02 - 000003472 ____A [FFD43E95164AD372649A627E587CE473] () C:\Windows\System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Device Information
2024-07-12 11:51 - 2024-07-12 11:51 - 000004326 ____A [F38FCAE149103B3E4628A11A9FD487D1] () C:\Windows\System32\Tasks\Microsoft\Windows\Device Information\Device
2024-07-12 11:51 - 2024-07-12 11:51 - 000002866 ____A [6A4748317A0246A14D7333C05A463661] () C:\Windows\System32\Tasks\Microsoft\Windows\Device Information\Device User
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
2024-07-12 11:51 - 2024-07-12 11:51 - 000002984 ____A [7C69AFA443BB72C29624594C91745CBB] () C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient
2024-07-12 11:51 - 2024-07-12 11:51 - 000002784 ____A [6BE0FF19B4D3A2CB575BAAFD4D293C58] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
2024-07-12 11:51 - 2024-07-12 11:51 - 000002784 ____A [238CF788E1B152FDCBA470D99673F00B] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
2024-07-12 11:51 - 2024-07-12 11:51 - 000003440 ____A [FF684A54E3421C6060CF17E2598A1545] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
2024-07-12 11:51 - 2024-07-12 11:51 - 000002810 ____A [11EC9F0F4711DE11619E3FE7A8C5D1F0] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
2024-07-12 11:51 - 2024-07-12 11:51 - 000003404 ____A [EF174D6265FBFB667B6E793BCABA40E1] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
2024-07-12 11:51 - 2024-07-12 11:51 - 000003546 ____A [449904DDE28B518BDB71A1CE06633B22] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
2024-07-12 11:51 - 2024-07-12 11:51 - 000003682 ____A [1AFCBE7783B0FCBD1BC6DD7021D66A48] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
2024-07-12 11:51 - 2024-07-12 11:51 - 000003402 ____A [5BAF84542B623A4AADB5718E35A75E22] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
2024-07-12 11:51 - 2024-07-12 11:51 - 000003154 ____A [7EC49C1A80A2A7D2AECCCA22C75CA05F] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged
2024-07-12 11:51 - 2024-07-12 11:51 - 000003414 ____A [CA5C44EE39FFD765101D68AC694BE348] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
2024-07-12 11:51 - 2024-07-12 11:51 - 000003520 ____A [0E6145D43CCD097F0E256EAA9A1564C5] () C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
2024-07-12 11:51 - 2024-07-12 11:51 - 000003852 ____A [73A2725B3CCAE7953393FE61B89340F7] () C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner
2024-07-12 11:51 - 2024-07-12 11:51 - 000003092 ____A [7850154410AFA2EB17A602F025E6EC5E] () C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\DirectX
2024-07-12 11:51 - 2024-07-16 10:05 - 000003630 ____A [9A95ACC899B1EDAD3D08BC8EC92A8C59] () C:\Windows\System32\Tasks\Microsoft\Windows\DirectX\DirectXDatabaseUpdater
2024-07-12 11:51 - 2024-07-12 11:51 - 000002900 ____A [EE2D333C377AFF6C922639E7947A60CC] () C:\Windows\System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
2024-07-12 11:51 - 2024-07-12 11:51 - 000003200 ____A [3E282B45FB904C517BC11B132923443F] () C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
2024-07-12 11:51 - 2024-07-12 11:51 - 000003034 ____A [A76EA9910F9DCDBF48784B6F05B728AB] () C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
2024-07-12 11:51 - 2024-07-12 11:51 - 000002766 ____A [580B7B4B4D02CBB334C86B2FD3E72D47] () C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
2024-07-12 11:51 - 2024-07-12 11:51 - 000002398 ____A [6434B8D98519D8507799B75F77278A8E] () C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
2024-07-12 11:51 - 2024-07-12 11:51 - 000002366 ____A [502CD952702469DBD01DD879142E78C4] () C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\DUSM
2024-07-12 11:51 - 2024-07-12 11:51 - 000002384 ____A [3013C7C46E9F8FB3A3FD86D945E18A2B] () C:\Windows\System32\Tasks\Microsoft\Windows\DUSM\dusmtask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\EDP
2024-07-12 11:51 - 2024-07-12 11:51 - 000002302 ____A [7E0493D9879855F5FC2BCFACA888240E] () C:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
2024-07-12 11:51 - 2024-07-12 11:51 - 000002284 ____A [837912F46B2DE20227F1DA00239270C1] () C:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
2024-07-12 11:51 - 2024-07-12 11:51 - 000002348 ____A [CF66586664BB7592FA145CA49FE70581] () C:\Windows\System32\Tasks\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task
2024-07-12 11:51 - 2024-07-12 11:51 - 000002344 ____A [DBBB4F8594EE96D519644858AACA2184] () C:\Windows\System32\Tasks\Microsoft\Windows\EDP\StorageCardEncryption Task
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt
2024-07-12 11:51 - 2024-07-12 11:51 - 000002182 ____A [C11C1CBFA7B00CEEAFB8EF5FE319679A] () C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\ExploitGuard
2024-07-12 11:51 - 2024-07-12 11:51 - 000003172 ____A [840EEBFA16F463D5D0ED2977838DC228] () C:\Windows\System32\Tasks\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Feedback
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf
2024-07-12 11:51 - 2024-07-12 11:51 - 000002880 ____A [E31D70482F0F894D02FD3BE61780C3B8] () C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient
2024-07-12 11:51 - 2024-07-12 11:51 - 000002998 ____A [E63288313283C274D13D8C8A11253568] () C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\File Classification Infrastructure
2024-07-12 11:51 - 2024-07-12 11:51 - 000003596 ____A [B165A04C8788CFFDA6E77F111C4E36C0] () C:\Windows\System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
2024-07-12 11:51 - 2024-07-12 11:51 - 000002996 ____A [E8553B036871891D2902976B5D8DFB4A] () C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Flighting
2024-07-12 11:51 - 2024-07-12 12:10 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig
2024-07-12 12:10 - 2024-07-13 12:15 - 000004352 ____A [1142E92D0F511DDB9D2ED8BF520A167C] () C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting
2024-07-12 11:51 - 2024-07-12 12:10 - 000005892 ____A [893A23A4438EB17A85241AF25EE962E1] () C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
2024-07-12 11:51 - 2024-07-12 12:10 - 000004532 ____A [53504124F16A8BB58E7B06423CBFF684] () C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\UsageDataFlushing
2024-07-12 11:51 - 2024-07-12 12:10 - 000004288 ____A [060D5462F12AE442CF7E48DCD4F0C10A] () C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporting
2024-07-12 11:51 - 2024-07-12 12:10 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\OneSettings
2024-07-12 11:51 - 2024-07-19 10:48 - 000004756 ____A [A88364DCAED847CD423239A12D58A075] () C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Input
2024-07-12 11:51 - 2024-07-12 11:51 - 000002850 ____A [6B2C276E41A107CD4AA743B6F3A76AB4] () C:\Windows\System32\Tasks\Microsoft\Windows\Input\InputSettingsRestoreDataAvailable
2024-07-12 11:51 - 2024-07-12 11:51 - 000002754 ____A [38F682826E79ED251ABD657147F939A0] () C:\Windows\System32\Tasks\Microsoft\Windows\Input\LocalUserSyncDataAvailable
2024-07-12 11:51 - 2024-07-12 11:51 - 000002738 ____A [281D46016A4A1E8DCF1BD89613030037] () C:\Windows\System32\Tasks\Microsoft\Windows\Input\MouseSyncDataAvailable
2024-07-12 11:51 - 2024-07-12 11:51 - 000002730 ____A [0C640C60B154EC97631A3CE62E449006] () C:\Windows\System32\Tasks\Microsoft\Windows\Input\PenSyncDataAvailable
2024-07-12 11:51 - 2024-07-12 11:51 - 000002714 ____A [CACAC5A847741F80B4D8C1DBE67A5E96] () C:\Windows\System32\Tasks\Microsoft\Windows\Input\syncpensettings
2024-07-12 11:51 - 2024-07-12 11:51 - 000002750 ____A [1097778E348B283A2739CB02710B3D76] () C:\Windows\System32\Tasks\Microsoft\Windows\Input\TouchpadSyncDataAvailable
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\InstallService
2024-07-12 11:51 - 2024-07-12 11:51 - 000002612 ____A [07C0F5F0572596060737AAFB43E9C791] () C:\Windows\System32\Tasks\Microsoft\Windows\InstallService\RestoreDevice
2024-07-12 11:51 - 2024-07-12 11:51 - 000003452 ____A [D9DB0431F925B621E4AC64847EF13879] () C:\Windows\System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdates
2024-07-12 11:51 - 2024-07-12 11:51 - 000002596 ____A [F263B544D83C8C2BFADD39E7295649A9] () C:\Windows\System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdatesAsUser
2024-07-12 11:51 - 2024-07-18 10:20 - 000005154 ____A [8A0506DD02041A5E544AE85E4F887E4E] () C:\Windows\System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
2024-07-12 11:51 - 2024-07-12 11:51 - 000002572 ____A [4BB817BD0B97E53D9C7D8D53CC488467] () C:\Windows\System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
2024-07-12 11:51 - 2024-07-12 11:51 - 000003028 ____A [52D4F47FF729418D1FB032A5AB0B85E4] () C:\Windows\System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\International
2024-07-12 11:51 - 2024-07-12 11:51 - 000003276 ____A [9291F9B9D3C9680975E47D30422AE9BB] () C:\Windows\System32\Tasks\Microsoft\Windows\International\Synchronize Language Settings
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Kernel
2024-07-12 11:51 - 2024-07-12 11:51 - 000002916 ____A [2878D4D00E81FAF4D5B8170555F1E6E8] () C:\Windows\System32\Tasks\Microsoft\Windows\Kernel\La57Cleanup
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller
2024-07-12 11:51 - 2024-07-12 11:51 - 000003450 ____A [3959FC3E32785F26E488CC9AF61D2F0E] () C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
2024-07-12 11:51 - 2024-07-12 11:51 - 000003242 ____A [AAEB417B86E1311F35082C762B8092D2] () C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources
2024-07-12 11:51 - 2024-07-16 10:19 - 000003232 ____A [2416C715152434A0F8A173FC7AFE2C7C] () C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\License Manager
2024-07-12 11:51 - 2024-07-12 11:51 - 000003340 ____A [9DC1C49D39C701F6355891C2E7B8AFAF] () C:\Windows\System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Live
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Live\Roaming
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Location
2024-07-12 11:51 - 2024-07-12 11:51 - 000002638 ____A [8BE17095C256CF953E79F61B0673D198] () C:\Windows\System32\Tasks\Microsoft\Windows\Location\Notifications
2024-07-12 11:51 - 2024-07-12 11:51 - 000002572 ____A [C6255EBB1E0F758FEE929CC972836ED6] () C:\Windows\System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
2024-07-12 11:51 - 2024-07-12 11:51 - 000003002 ____A [53A65939335DBCAA6F8BB6C5EE27214F] () C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\WinSAT
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Management
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Management\Autopilot
2024-07-12 11:51 - 2024-07-12 11:51 - 000003016 ____A [00B3720E4C2502AB4B63D449554454BF] () C:\Windows\System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange
2024-07-12 11:51 - 2024-07-12 11:51 - 000002866 ____A [1ECE3F7368920E96D1F3AE6D1BAAFE38] () C:\Windows\System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning
2024-07-12 11:51 - 2024-07-12 11:51 - 000002690 ____A [F13D37482360D587C450373A25D5F24F] () C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning\Cellular
2024-07-12 11:51 - 2024-07-12 11:51 - 000002704 ____A [5E70A09926C6A4D555066D9E1DD4F687] () C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon
2024-07-12 11:51 - 2024-07-12 11:51 - 000002602 ____A [C07737CD1D39B7BA06676EFA060F1ED8] () C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup
2024-07-12 11:51 - 2024-07-12 11:51 - 000002610 ____A [698DBE142A766FEA4FC67199DBFA4073] () C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning\Retry
2024-07-12 11:51 - 2024-07-12 11:51 - 000002634 ____A [0649BFE3C5F75154409407BE5DA66D1B] () C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning\RunOnReboot
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Maps
2024-07-12 11:51 - 2024-07-12 11:51 - 000003010 ____A [CBE62B6F890796A60DD13B650F63ADEA] () C:\Windows\System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000003474 ____A [762819BB0E3F48F605CECA2F7D519830] () C:\Windows\System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
2024-07-12 11:51 - 2024-07-12 11:51 - 000005826 ____A [9F0D6291BCC9164234AE00909F8424E5] () C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
2024-07-12 11:51 - 2024-07-12 11:51 - 000003506 ____A [700CD5CDE28679001B9E8A17B9A00CDE] () C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\MUI
2024-07-12 11:51 - 2024-07-12 11:51 - 000002726 ____A [0EAFF333690E2140CF92E358F647A07F] () C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
2024-07-12 11:51 - 2024-07-12 11:51 - 000002574 ____A [728007430D778A49687344A5AFF65046] () C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
2024-07-12 11:51 - 2024-07-12 11:51 - 000002444 ____A [82B51B2A4AF7173131DE09C6BA1D9D33] () C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc
2024-07-12 11:51 - 2024-07-12 11:51 - 000002992 ____A [63C5DC8F8BD4C7AD339EDD8F05D87417] () C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files
2024-07-12 11:51 - 2024-07-12 11:51 - 000003170 ____A [FEEDE6809FF58339369FE0536AEDAE27] () C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization
2024-07-12 11:51 - 2024-07-12 11:51 - 000002840 ____A [7360A82DD523D27126372EC7CFB7A8A3] () C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\PI
2024-07-12 11:51 - 2024-07-12 11:51 - 000003676 ____A [6121E96EAF2C0087D1793A481E5F4F87] () C:\Windows\System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI
2024-07-12 11:51 - 2024-07-12 11:51 - 000003516 ____A [28F354CB33B3C006B0EA951585ECF2C2] () C:\Windows\System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
2024-07-12 11:51 - 2024-07-12 11:51 - 000002880 ____A [C554CC00ACC83521585043B7494191D6] () C:\Windows\System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
2022-05-07 11:09 - 2022-05-07 11:09 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\PLA
2022-05-07 11:09 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
2024-07-12 11:51 - 2024-07-12 11:51 - 000002972 ____A [7006D76C475F875686CC2B3A16F7E268] () C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
2024-07-12 11:51 - 2024-07-12 11:51 - 000003028 ____A [D61490D56D6D66C8B9298A1220F43F49] () C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
2024-07-12 11:51 - 2024-07-12 11:51 - 000002338 ____A [EF7774860D9C4EE92A88CA23247087E2] () C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
2024-07-12 11:51 - 2024-07-12 11:51 - 000003128 ____A [180AAD66C4F7FA7B250B31B9DE349BF1] () C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Printing
2024-07-12 11:51 - 2024-07-12 11:51 - 000002590 ____A [B5CA0D4927CE89C08F3A71BE170ED4F5] () C:\Windows\System32\Tasks\Microsoft\Windows\Printing\EduPrintProv
2024-07-12 11:51 - 2024-07-12 11:51 - 000002840 ____A [984C26E454D816DDD581D058D43746C0] () C:\Windows\System32\Tasks\Microsoft\Windows\Printing\PrinterCleanupTask
2024-07-12 11:51 - 2024-07-12 12:00 - 000002900 ____A [E8F50C7157BF421A74B6D64A6F0DEA58] () C:\Windows\System32\Tasks\Microsoft\Windows\Printing\PrintJobCleanupTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\PushToInstall
2024-07-12 11:51 - 2024-07-12 11:51 - 000003274 ____A [ACD87914D6481E5AB186D19716317A65] () C:\Windows\System32\Tasks\Microsoft\Windows\PushToInstall\LoginCheck
2024-07-12 11:51 - 2024-07-19 10:36 - 000004280 ____A [A7E8C14FC851794901E536CDF8081205] () C:\Windows\System32\Tasks\Microsoft\Windows\PushToInstall\Registration
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Ras
2024-07-12 11:51 - 2024-07-12 11:51 - 000003462 ____A [CD108933BF9D3A1C35833955F6309B15] () C:\Windows\System32\Tasks\Microsoft\Windows\Ras\MobilityManager
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment
2024-07-12 11:51 - 2024-07-12 11:51 - 000003420 ____A [BF34A1CF5753F0832452E40502974461] () C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Registry
2024-07-12 11:51 - 2024-07-12 11:51 - 000003218 ____A [05777A5442924D1153176D5AC129E733] () C:\Windows\System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
2022-05-07 11:09 - 2022-05-07 11:09 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
2024-07-12 11:51 - 2024-07-12 11:51 - 000003796 ____A [2A9FA9855B9BA3E94FC4DAA7CC3F2837] () C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\RetailDemo
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Security
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless
2024-07-12 11:51 - 2024-07-12 11:51 - 000003412 ____A [00000000000000000000000000000000] () C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
2024-07-12 11:51 - 2024-07-12 11:51 - 000002502 ____A [8699B124702DE82A8AFA348B36FE7338] () C:\Windows\System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
2024-07-12 11:51 - 2024-07-15 09:43 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Setup
2024-07-12 11:51 - 2024-07-12 11:51 - 000002838 ____A [8CAF365DE578AA10C0703CBF8106CAC9] () C:\Windows\System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\SharedPC
2024-07-12 11:51 - 2024-07-12 11:51 - 000002766 ____A [691CA16FBAA65A6D4983D0949F678F8B] () C:\Windows\System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Shell
2024-07-12 11:51 - 2024-07-12 11:51 - 000002636 ____A [E478D400176B927DF62A1EC131E0CE77] () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000002622 ____A [DDCFF84B918E9D6465CB7B28FB0A7612] () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
2024-07-12 11:51 - 2024-07-12 11:51 - 000003200 ____A [C4ECBFD478D78881435DA7E15FE76105] () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000002858 ____A [98BC4202BE211FC77B0D36B4900DEDA6] () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
2024-07-12 11:51 - 2024-07-12 11:51 - 000002482 ____A [2CACFCD99A7F0BA4A7BD3FAFFAE8AE11] () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState
2024-07-12 11:51 - 2024-07-12 11:51 - 000003104 ____A [132925FD74EAD847954F40D6F94A6C6D] () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\ThemesSyncedImageDownload
2024-07-12 11:51 - 2024-07-12 11:51 - 000002330 ____A [C6C43C44DEE21EB257D9439E733138DF] () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\UpdateUserPictureTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
2024-07-12 11:51 - 2024-07-19 11:02 - 000004676 ____A [B6223A1AADF05B1884A905835FA2B32E] () C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000003312 ____A [8CBC84881481158749FD559D1D305C46] () C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
2024-07-12 11:51 - 2024-07-12 12:11 - 000003984 ____A [302A119B87944C644B8463363D118378] () C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
2024-07-12 11:51 - 2024-07-12 11:51 - 000003322 ____A [3FED7DA36547FB494449DFD6072DE650] () C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcTrigger
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
2024-07-12 11:51 - 2024-07-12 11:51 - 000003006 ____A [C68AC5388FB517EE7473E7CE3057D4AC] () C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000003066 ____A [9E43447E0BF6F4548FD49B4CBAE4C81C] () C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Speech
2024-07-12 11:51 - 2024-07-12 11:51 - 000003276 ____A [0FED9B1246FE5B26E9EBB2B6D068447C] () C:\Windows\System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\StateRepository
2024-07-12 11:51 - 2024-07-12 11:51 - 000003112 ____A [183D04307BA05AC13166A073984CC57B] () C:\Windows\System32\Tasks\Microsoft\Windows\StateRepository\MaintenanceTasks
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management
2024-07-12 11:51 - 2024-07-12 11:51 - 000003204 ____A [B40EBFE0838AB7047C24F94B422FD580] () C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
2024-07-12 11:51 - 2024-07-12 11:51 - 000003290 ____A [FB566A50AF497D794A624B19D509616E] () C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Subscription
2024-07-12 11:51 - 2024-07-12 11:51 - 000004684 ____A [86718857482C80C6C6A4E87C8CE54D82] () C:\Windows\System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition
2024-07-12 11:51 - 2024-07-12 11:51 - 000003758 ____A [C8CBEE3BB05636F7C0D1C98530C66A93] () C:\Windows\System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition
2022-05-07 11:09 - 2022-05-07 11:09 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
2024-07-12 11:51 - 2024-07-12 11:51 - 000003056 ____A [E9F1539E90748BC8F9AF47003D83870D] () C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
2024-07-12 11:51 - 2024-07-12 11:51 - 000003126 ____A [B251415191CB5DF30ABC19C607FB9570] () C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
2024-07-12 11:51 - 2024-07-12 11:51 - 000002972 ____A [93AC0F9DCF4B395B1D047FBDE22D886E] () C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
2024-07-12 11:51 - 2024-07-16 10:24 - 000003858 ____A [F1C1C8BDD3D71C4DA978A1703159E4AF] () C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
2024-07-12 11:51 - 2024-07-12 11:51 - 000002976 ____A [7B4EF601179BED6FE32DB84939A55905] () C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
2024-07-12 11:51 - 2024-07-12 11:51 - 000002762 ____A [62248D9B519AEB9F06998AF03D3023EE] () C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager\Interactive
2022-05-07 11:09 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
2024-07-12 11:51 - 2024-07-12 11:51 - 000002622 ____A [688479812C2BAFE266ACDAF952BBC332] () C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
2024-07-12 11:51 - 2024-07-12 11:51 - 000003190 ____A [A957215CABCE94ADADD28EBDD76C67CA] () C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
2024-07-12 11:51 - 2024-07-12 11:51 - 000002900 ____A [1CA85B19D81E65D657F8538DC95055E5] () C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
2024-07-12 11:51 - 2024-07-12 11:51 - 000002600 ____A [33BB30ACA14F3F52139EDD37581D0B9F] () C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\TPM
2024-07-12 11:51 - 2024-07-12 11:51 - 000002816 ____A [3AD67DD47B006D6D20419FEE24BF399B] () C:\Windows\System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
2024-07-12 11:51 - 2024-07-12 11:51 - 000003592 ____A [DBBA597DD8D026AB3AF7295B476D1D13] () C:\Windows\System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\UNP
2024-07-12 11:51 - 2024-07-12 11:51 - 000003084 ____A [3282993A8B7FC8573AEAEBBF6E116167] () C:\Windows\System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr
2024-07-12 11:51 - 2024-07-17 15:14 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
2024-07-12 11:51 - 2024-07-19 11:02 - 000003380 ____A [3672DB8374F857B00F74FFBB516A6BAF] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Report policies
2024-07-12 11:51 - 2024-07-12 11:51 - 000002324 ____A [4A1207C912587C864073A62A3CDE142A] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work
2024-07-12 11:51 - 2024-07-19 11:02 - 000002730 ____A [84C9EE948CDD912FC4EDCC553F551AED] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
2024-07-12 11:51 - 2024-07-19 11:02 - 000004382 ____A [732319BCE149DAA5C92D20A19ECE3BB5] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan Static Task
2024-07-12 11:51 - 2024-07-12 12:08 - 000003376 ____A [390C4CA7F90CE9FA8EE7729CD56A6D64] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work
2024-07-12 11:51 - 2024-07-19 10:46 - 000003362 ____A [B8E743E5D182065A3A0C9B02EF4EC645] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work
2024-07-12 11:51 - 2024-07-19 11:02 - 000003114 ____A [18FDD08EAAF67C3EA084F8AD2F8EC79A] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Start Oobe Expedite Work
2024-07-12 11:51 - 2024-07-19 11:02 - 000003064 ____A [67BF07D344697161CD2F5D2B3B53A612] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted
2024-07-12 11:51 - 2024-07-19 11:02 - 000003086 ____A [5225EF2E8CBDE5FF4BB3E8E33C333318] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScanAfterUpdate
2024-07-12 11:51 - 2024-07-19 11:02 - 000003058 ____A [98130A24A8DFE0CE84822E2DF2DEADB4] () C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UUS Failover Task
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
2024-07-12 11:51 - 2024-07-12 11:51 - 000002328 ____A [614592EEDDA9F8208953550A929CAE63] () C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\USB
2024-07-12 11:51 - 2024-07-12 11:51 - 000003496 ____A [4EE9864F2A542BF944A9014E6E0ABDA5] () C:\Windows\System32\Tasks\Microsoft\Windows\USB\Usb-Notifications
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service
2024-07-12 11:51 - 2024-07-12 11:51 - 000003650 ____A [F990F1B964EBE5E6DACE8C3B5C01E76F] () C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic
2024-07-12 11:51 - 2024-07-12 11:51 - 000003218 ____A [8D6B6FE629C79A128E46A71063DF3F53] () C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation
2022-05-07 11:09 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WCM
2024-07-12 11:51 - 2024-07-12 11:51 - 000002922 ____A [1DEEF230FFB132F3B772664DB91C1660] () C:\Windows\System32\Tasks\Microsoft\Windows\WCM\WiFiTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WDI
2024-07-12 11:51 - 2024-07-12 11:51 - 000002892 ____A [452959337E560E3F54599166FDACA2CD] () C:\Windows\System32\Tasks\Microsoft\Windows\WDI\ResolutionHost
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
2024-07-12 11:51 - 2024-07-16 10:24 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender
2024-07-12 11:51 - 2024-07-16 10:24 - 000003816 ____A [0E1835929C6BAFBC49F6C5A83CB1CD41] () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance
2024-07-12 11:51 - 2024-07-16 10:24 - 000003770 ____A [760E277C5B22309528E33EEC2ADC4E20] () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup
2024-07-12 11:51 - 2024-07-16 10:24 - 000003822 ____A [5075AF368DC7A5B1574A5B0DB6E327D0] () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan
2024-07-12 11:51 - 2024-07-16 10:24 - 000003800 ____A [A47CE15091E55D020CAE8643F7DC3DD9] () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
2024-07-12 11:51 - 2024-07-12 11:51 - 000004522 ____A [A870165FA94D21282A70FCABDFFBBEFF] () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
2024-07-12 11:51 - 2024-07-12 11:51 - 000003288 ____A [C169971DBB83A272CD3925491D102517] () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
2024-07-12 11:51 - 2024-07-12 11:51 - 000003420 ____A [29788CF87DCF702A9516AEBC3EEDD0FC] () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Subsystem For Linux
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
2024-07-12 11:51 - 2024-07-12 11:51 - 000003164 ____A [94AD66D07959598F514279EE85F6FFCA] () C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
2024-07-12 11:51 - 2024-07-19 11:02 - 000003072 ____A [D87322B7AF634AFB0047B945AECD259C] () C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache
2024-07-12 11:51 - 2024-07-19 11:01 - 000004022 ____A [E83DCDCBAC2DAD168E9716CBBAC7E338] () C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
2024-07-12 11:51 - 2024-07-12 11:51 - 000002564 ____A [652CA5AE0B16AC099DF8E45F72730C2B] () C:\Windows\System32\Tasks\Microsoft\Windows\Wininet\CacheTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WlanSvc
2024-07-12 11:51 - 2024-07-12 11:51 - 000002646 ____A [0E02197D41CBC25A6C969377F286A8C3] () C:\Windows\System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync
2024-07-12 11:51 - 2024-07-12 11:51 - 000002860 ____A [A1E75931A6DC62F4D2C77E32E5BE632B] () C:\Windows\System32\Tasks\Microsoft\Windows\WlanSvc\MoProfileManagement
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WOF
2024-07-12 11:51 - 2024-07-12 11:51 - 000003060 ____A [8275A4BA11503CA1901151E1B5D556A4] () C:\Windows\System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
2024-07-12 11:51 - 2024-07-12 11:51 - 000002794 ____A [6AC7FCDC9047FAF56AC5BDEAC9B8D013] () C:\Windows\System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
2024-07-12 11:51 - 2024-07-12 11:51 - 000002790 ____A [4896237B881AA3E758AC1B0DDD3160AC] () C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
2024-07-12 11:51 - 2024-07-12 11:51 - 000003090 ____A [066A2DB4C72E617E8F1C2B15AE02494A] () C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join
2024-07-12 11:51 - 2024-07-12 11:51 - 000003832 ____A [B17F649F80963DE7EE1CC18C573840E3] () C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join
2024-07-12 11:51 - 2024-07-12 11:51 - 000003150 ____A [58B1C87F937EADB70ADDE26B8D5EAB2A] () C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join\Device-Sync
2024-07-12 11:51 - 2024-07-12 11:51 - 000002848 ____A [EF4E679D9823AE2D2A995E4FE7116B0D] () C:\Windows\System32\Tasks\Microsoft\Windows\Workplace Join\Recovery-Check
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WS
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc
2024-07-12 11:51 - 2024-07-12 11:51 - 000003012 ____A [273C6C8ECD0A76FF04F5033EB2F5F00D] () C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc\NotificationTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000004292 ____A [04D9E30E380A9096A53D2872ED950BBF] () C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc\OobeDiscovery
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Microsoft\XblGameSave
2024-07-12 11:51 - 2024-07-12 11:51 - 000002622 ____A [C60657E94BB87AD4189FA676C3248E39] () C:\Windows\System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D [00000000000000000000000000000000] C:\Windows\System32\Tasks\Mozilla
2024-07-12 11:51 - 2024-07-19 10:57 - 000004114 ____A [AB9267BB9DCBBFB3BB41ADCEA9587E35] () C:\Windows\System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB
2024-07-12 11:51 - 2024-07-19 10:57 - 000003980 ____A [E9A76796016850AA782FA4D45D155F6F] () C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB

====== End of Folder: ======


========= Batch: =========
Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="DcomLaunch"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="nsi"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="Dhcp"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="RpcSs"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="RpcEptMapper"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="Winmgmt"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="SDRSVC"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="VSS"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="EventLog"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="BFE"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="EventSystem"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="msiserver"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="SstpSvc"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="RasMan"'
Property(s) update successful.


Updating property(s) of '\\DESKTOP-NLBF3N2\ROOT\CIMV2:Win32_Service.Name="TrustedInstaller"'
Property(s) update successful.


The Windows Backup service is starting.
The Windows Backup service was started successfully.



The requested service has already been started.

More help is available by typing NET HELPMSG 2182.



The requested service has already been started.

More help is available by typing NET HELPMSG 2182.



The requested service has already been started.

More help is available by typing NET HELPMSG 2182.



The requested service has already been started.

More help is available by typing NET HELPMSG 2182.



The Windows Installer service is starting.
The Windows Installer service was started successfully.



The requested service has already been started.

More help is available by typing NET HELPMSG 2182.



The Windows Modules Installer service is starting.
The Windows Modules Installer service was started successfully.



Info: Successfully rebuilt performance counter setting from system backup store

Info: Successfully rebuilt performance counter setting from system backup store

Info: Successfully rebuilt performance counter setting from system backup store

Info: Successfully rebuilt performance counter setting from system backup store

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.



Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.



Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.



Windows IP Configuration

No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Local Area Connection* 10 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2404:7c00:48:9fb2:9a:a2a0:cf95:ea69
   Temporary IPv6 Address. . . . . . : 2404:7c00:48:9fb2:193:4a21:b946:6f0a
   Link-local IPv6 Address . . . . . : fe80::f61b:df1b:1949:74bd%11
   Default Gateway . . . . . . . . . : fe80::82f7:a6ff:fe26:b28c%11

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :


Windows IP Configuration

No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Local Area Connection* 10 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2404:7c00:48:9fb2:9a:a2a0:cf95:ea69
   Temporary IPv6 Address. . . . . . : 2404:7c00:48:9fb2:193:4a21:b946:6f0a
   Link-local IPv6 Address . . . . . : fe80::f61b:df1b:1949:74bd%11
   IPv4 Address. . . . . . . . . . . : 192.168.101.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::82f7:a6ff:fe26:b28c%11
                                       192.168.101.1

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes.


Current WinHTTP proxy settings:

    Direct access (no proxy server).



BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Listed 0 job(s).


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.


WMI repository is consistent


WMI repository has been reset


0

Ok.



Ok.



Deleted file - C:\WINDOWS\prefetch\0.DAT-78DFFE22.pf
Deleted file - C:\WINDOWS\prefetch\0.DAT-AEC11D05.pf
Deleted file - C:\WINDOWS\prefetch\126.0.6478.128_CHROME_INSTALL-38D806D2.pf
Deleted file - C:\WINDOWS\prefetch\3RVX.EXE-5383B269.pf
Deleted file - C:\WINDOWS\prefetch\7ZFM.EXE-44040917.pf
Deleted file - C:\WINDOWS\prefetch\7ZG.EXE-D9AA3A0B.pf
Deleted file - C:\WINDOWS\prefetch\ACCOUNTSCONTROLHOST.EXE-3ED0EE8B.pf
Deleted file - C:\WINDOWS\prefetch\ADDINUTIL.EXE-4E6085D4.pf
Deleted file - C:\WINDOWS\prefetch\AGGREGATORHOST.EXE-8DA5EB72.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA.EXE-78CA83B0.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.415.103.0.EX-18A92BEB.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.415.120.0.EX-42F42326.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.415.125.0.EX-C7F1EF2F.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.415.134.0.EX-1D973267.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.415.150.0.EX-C6E29A6D.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.415.50.0.EXE-2A7F4D80.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.415.60.0.EXE-01241FED.pf
Deleted file - C:\WINDOWS\prefetch\AM_DELTA_PATCH_1.415.66.0.EXE-07217B2B.pf
Deleted file - C:\WINDOWS\prefetch\APPINSTALLER.EXE-B75F1120.pf
Deleted file - C:\WINDOWS\prefetch\APPINSTALLERFULLTRUSTAPPSERVI-7A4B47DE.pf
Deleted file - C:\WINDOWS\prefetch\APPLICATIONFRAMEHOST.EXE-8CE9A1EE.pf
Deleted file - C:\WINDOWS\prefetch\APPVSHNOTIFY.EXE-FB3C42F5.pf
Deleted file - C:\WINDOWS\prefetch\AUDIODG.EXE-AB22E9A6.pf
Deleted file - C:\WINDOWS\prefetch\AUTOHOTKEYU64.EXE-6FF3B212.pf
Deleted file - C:\WINDOWS\prefetch\AUTOHOTKEYUX.EXE-28C1E1E8.pf
Deleted file - C:\WINDOWS\prefetch\AUTOLOGGER.EXE-11748E4D.pf
Deleted file - C:\WINDOWS\prefetch\AUTORUNS64.EXE-7ED120A7.pf
Deleted file - C:\WINDOWS\prefetch\AV_Z.EXE-4D174C78.pf
Deleted file - C:\WINDOWS\prefetch\BACKGROUNDTASKHOST.EXE-6D58042C.pf
Deleted file - C:\WINDOWS\prefetch\BACKGROUNDTASKHOST.EXE-97CA74D0.pf
Deleted file - C:\WINDOWS\prefetch\BACKGROUNDTASKHOST.EXE-DFDB6B55.pf
Deleted file - C:\WINDOWS\prefetch\BACKGROUNDTRANSFERHOST.EXE-1DD38560.pf
Deleted file - C:\WINDOWS\prefetch\BCDEDIT.EXE-FE221428.pf
Deleted file - C:\WINDOWS\prefetch\BITSADMIN.EXE-61856B04.pf
Deleted file - C:\WINDOWS\prefetch\BYTECODEGENERATOR.EXE-FB938A53.pf
Deleted file - C:\WINDOWS\prefetch\CALCULATORAPP.EXE-3E92A9D6.pf
Deleted file - C:\WINDOWS\prefetch\CHCP.COM-2CF9B15C.pf
Deleted file - C:\WINDOWS\prefetch\CHECKNETISOLATION.EXE-B39F2C30.pf
Deleted file - C:\WINDOWS\prefetch\CHECK_FOR_64BIT_VISUAL_STUDIO-CE2ADCF6.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA3C.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA3D.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA3E.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA40.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA45.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA46.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA47.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA48.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA49.pf
Deleted file - C:\WINDOWS\prefetch\CHROME.EXE-AED7BA4A.pf
Deleted file - C:\WINDOWS\prefetch\CHSIME.EXE-450F47D5.pf
Deleted file - C:\WINDOWS\prefetch\CHXSMARTSCREEN.EXE-2D9D9C45.pf
Deleted file - C:\WINDOWS\prefetch\CLEARLNK.EXE-63D5F4B4.pf
Deleted file - C:\WINDOWS\prefetch\CLIPUP.EXE-4C5C7B66.pf
Deleted file - C:\WINDOWS\prefetch\CMD.EXE-0BD30981.pf
Deleted file - C:\WINDOWS\prefetch\CMD.EXE-6D6290C5.pf
Deleted file - C:\WINDOWS\prefetch\COMPATTELRUNNER.EXE-B7A68ECC.pf
Deleted file - C:\WINDOWS\prefetch\COMPPKGSRV.EXE-4780F0C1.pf
Deleted file - C:\WINDOWS\prefetch\COMPUTERHARDWAREIDS.EXE-21FB5DC0.pf
Deleted file - C:\WINDOWS\prefetch\CONHOST.EXE-0C6456FB.pf
Deleted file - C:\WINDOWS\prefetch\CONSENT.EXE-40419367.pf
Deleted file - C:\WINDOWS\prefetch\CROSSDEVICESERVICE.EXE-1987D0F6.pf
Deleted file - C:\WINDOWS\prefetch\CSC.EXE-B6D5E435.pf
Deleted file - C:\WINDOWS\prefetch\CSLOL-DIAG.EXE-9AB04EE5.pf
Deleted file - C:\WINDOWS\prefetch\CSLOL-MANAGER.EXE-CE44A2A0.pf
Deleted file - C:\WINDOWS\prefetch\CTFMON.EXE-795F8130.pf
Deleted file - C:\WINDOWS\prefetch\CVTRES.EXE-BBD3ED93.pf
Deleted file - C:\WINDOWS\prefetch\DATAEXCHANGEHOST.EXE-8B66795C.pf
Deleted file - C:\WINDOWS\prefetch\DBINSTALLER.EXE-284684E2.pf
Deleted file - C:\WINDOWS\prefetch\DEFAULTTOOL.EXE-41C87A60.pf
Deleted file - C:\WINDOWS\prefetch\DEFRAG.EXE-3D9E8D72.pf
Deleted file - C:\WINDOWS\prefetch\DEVCON.EXE-66458A35.pf
Deleted file - C:\WINDOWS\prefetch\DIRECTXDATABASEUPDATER.EXE-7B8AED66.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-3F4EF221.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-3F4EF222.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-3F4EF223.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-3F4EF224.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-3F4EF225.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-3F4EF229.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-968B1D66.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-968B1D67.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-968B1D68.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-968B1D69.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-968B1D6A.pf
Deleted file - C:\WINDOWS\prefetch\DISCORD.EXE-968B1D6E.pf
Deleted file - C:\WINDOWS\prefetch\DISCORDHOOKHELPER.EXE-39E1795B.pf
Deleted file - C:\WINDOWS\prefetch\DISCORDHOOKHELPER.EXE-73597721.pf
Deleted file - C:\WINDOWS\prefetch\DISCORDHOOKHELPER64.EXE-326CF78D.pf
Deleted file - C:\WINDOWS\prefetch\DISCORDHOOKHELPER64.EXE-4CB86EF3.pf
Deleted file - C:\WINDOWS\prefetch\DISM.EXE-AA0F2086.pf
Deleted file - C:\WINDOWS\prefetch\DISMHOST.EXE-9ED88D89.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-0BCCFE33.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-1BAE06BB.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-47BE07DC.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-51C0C0B8.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-6F625E57.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-7D5CE0CA.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-858FE9DA.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-97AE7A57.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-A3CD2B45.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-A6DA1980.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-B8720A9F.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-D200FEC3.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-DEEF2761.pf
Deleted file - C:\WINDOWS\prefetch\DLLHOST.EXE-F7FC6593.pf
Deleted file - C:\WINDOWS\prefetch\DOUYIN.EXE-62DB6C84.pf
Deleted file - C:\WINDOWS\prefetch\DOUYIN.EXE-62DB6C85.pf
Deleted file - C:\WINDOWS\prefetch\DOUYIN.EXE-62DB6C86.pf
Deleted file - C:\WINDOWS\prefetch\DOUYIN.EXE-62DB6C8C.pf
Deleted file - C:\WINDOWS\prefetch\DOUYIN_LAUNCHER.EXE-3CA6CE73.pf
Deleted file - C:\WINDOWS\prefetch\DOUYIN_TRAY.EXE-CB951C9B.pf
Deleted file - C:\WINDOWS\prefetch\DRVINST.EXE-39D9EAC7.pf
Deleted file - C:\WINDOWS\prefetch\DSMUSERTASK.EXE-853A6893.pf
Deleted file - C:\WINDOWS\prefetch\DUMP_REPORTER.EXE-A2CA3D84.pf
Deleted file - C:\WINDOWS\prefetch\DWM.EXE-314E93C5.pf
Deleted file - C:\WINDOWS\prefetch\dynrespri.7db
Deleted file - C:\WINDOWS\prefetch\ELEVATION_SERVICE.EXE-4FCD2BB0.pf
Deleted file - C:\WINDOWS\prefetch\ELEVATION_SERVICE.EXE-527613F3.pf
Deleted file - C:\WINDOWS\prefetch\ELEVATION_SERVICE.EXE-87CAB08F.pf
Deleted file - C:\WINDOWS\prefetch\ELEVATION_SERVICE.EXE-8B683CA8.pf
Deleted file - C:\WINDOWS\prefetch\EVERYTHING-1.4.1.1024.X64-SET-9A7A990B.pf
Deleted file - C:\WINDOWS\prefetch\EVERYTHING.EXE-2260A499.pf
Deleted file - C:\WINDOWS\prefetch\EVERYTHING.EXE-5F5BA4E5.pf
Deleted file - C:\WINDOWS\prefetch\EXCEL.EXE-FE860005.pf
Deleted file - C:\WINDOWS\prefetch\EXPLORER.EXE-54012F5E.pf
Deleted file - C:\WINDOWS\prefetch\EXPLORER.EXE-D5E97654.pf
Deleted file - C:\WINDOWS\prefetch\FIND.EXE-66A35B26.pf
Deleted file - C:\WINDOWS\prefetch\FIREFOX.EXE-66015FD1.pf
Deleted file - C:\WINDOWS\prefetch\FRST64.EXE-8A45F98D.pf
Deleted file - C:\WINDOWS\prefetch\FSQUIRT.EXE-A8FF1DEB.pf
Deleted file - C:\WINDOWS\prefetch\GAMEBARPRESENCEWRITER.EXE-5ADEE7C2.pf
Deleted file - C:\WINDOWS\prefetch\GCUSERVICE.EXE-B6520827.pf
Deleted file - C:\WINDOWS\prefetch\GEEK.EXE-1CD184BF.pf
Deleted file - C:\WINDOWS\prefetch\GEEK.EXE-3BB6BE9E.pf
Deleted file - C:\WINDOWS\prefetch\GEEK.EXE-7F0CD7C6.pf
Deleted file - C:\WINDOWS\prefetch\GEEK.EXE-83F04398.pf
Deleted file - C:\WINDOWS\prefetch\GEEK.EXE-9B08747A.pf
Deleted file - C:\WINDOWS\prefetch\GEEK.EXE-B433E1C8.pf
Deleted file - C:\WINDOWS\prefetch\GEEK.EXE-E3E71DA6.pf
Deleted file - C:\WINDOWS\prefetch\GEEK64.EXE-69B8A6E8.pf
Deleted file - C:\WINDOWS\prefetch\GET-GRAPHICS-OFFSETS32.EXE-DA327B27.pf
Deleted file - C:\WINDOWS\prefetch\GET-GRAPHICS-OFFSETS64.EXE-313543E8.pf
Deleted file - C:\WINDOWS\prefetch\GPU_ENCODER_HELPER.EXE-3534FDB9.pf
Deleted file - C:\WINDOWS\prefetch\GPU_ENCODER_HELPER.EXE-5578D93C.pf
Deleted file - C:\WINDOWS\prefetch\GRPCONV.EXE-A548DBA8.pf
Deleted file - C:\WINDOWS\prefetch\GSDK-VULKAN-INIT.EXE-2B90F7F0.pf
Deleted file - C:\WINDOWS\prefetch\HIJACKTHIS.EXE-43AA66B9.pf
Deleted file - C:\WINDOWS\prefetch\IDENTITY_HELPER.EXE-B1938933.pf
Deleted file - C:\WINDOWS\prefetch\IDMAN.EXE-82E77CDF.pf
Deleted file - C:\WINDOWS\prefetch\IDMGRHLP.EXE-C29D073D.pf
Deleted file - C:\WINDOWS\prefetch\IDMINTEGRATOR64.EXE-6B94A449.pf
Deleted file - C:\WINDOWS\prefetch\IDMMSGHOST.EXE-9A561A25.pf
Deleted file - C:\WINDOWS\prefetch\IEXPLORE.EXE-058FE8F5.pf
Deleted file - C:\WINDOWS\prefetch\IEXPLORE.EXE-A033F7A0.pf
Deleted file - C:\WINDOWS\prefetch\INSTALLUTIL.EXE-BB270139.pf
Deleted file - C:\WINDOWS\prefetch\INTEGRATOR.EXE-873C4A60.pf
Deleted file - C:\WINDOWS\prefetch\IPCONFIG.EXE-BFEC2AD0.pf
Deleted file - C:\WINDOWS\prefetch\IPF_HELPER.EXE-337CFBF9.pf
Deleted file - C:\WINDOWS\prefetch\IPF_UF.EXE-93A855E0.pf
Deleted file - C:\WINDOWS\prefetch\JAVAW.EXE-44DB5C38.pf
Deleted file - C:\WINDOWS\prefetch\Layout.ini
Deleted file - C:\WINDOWS\prefetch\LEAGUE OF LEGENDS.EXE-BE4BA152.pf
Deleted file - C:\WINDOWS\prefetch\LEAGUECLIENT.EXE-F9AC060C.pf
Deleted file - C:\WINDOWS\prefetch\LEAGUECLIENTUX.EXE-67EA7345.pf
Deleted file - C:\WINDOWS\prefetch\LEAGUECLIENTUXRENDER.EXE-3C47C0AE.pf
Deleted file - C:\WINDOWS\prefetch\LEAGUECLIENTUXRENDER.EXE-3C47C0AF.pf
Deleted file - C:\WINDOWS\prefetch\LEAGUECLIENTUXRENDER.EXE-3C47C0B5.pf
Deleted file - C:\WINDOWS\prefetch\LEAGUECRASHHANDLER64.EXE-1095281E.pf
Deleted file - C:\WINDOWS\prefetch\LEAGUECRASHHANDLER64.EXE-EBE229AC.pf
Deleted file - C:\WINDOWS\prefetch\LOCKAPP.EXE-7ED5B9D8.pf
Deleted file - C:\WINDOWS\prefetch\LODCTR.EXE-21DD01F9.pf
Deleted file - C:\WINDOWS\prefetch\LODCTR.EXE-57DC4D95.pf
Deleted file - C:\WINDOWS\prefetch\LOGONUI.EXE-F639BD7E.pf
Deleted file - C:\WINDOWS\prefetch\MDSCHED.EXE-21C4D84D.pf
Deleted file - C:\WINDOWS\prefetch\METAEDITOR.EXE-7164C368.pf
Deleted file - C:\WINDOWS\prefetch\MICROSOFTEDGEUPDATE.EXE-7A595326.pf
Deleted file - C:\WINDOWS\prefetch\MMC.EXE-410C5F73.pf
Deleted file - C:\WINDOWS\prefetch\MOBSYNC.EXE-B307E1CC.pf
Deleted file - C:\WINDOWS\prefetch\MOD-TOOLS.EXE-24AA5448.pf
Deleted file - C:\WINDOWS\prefetch\MOFCOMP.EXE-5225C32D.pf
Deleted file - C:\WINDOWS\prefetch\MONOTIFICATIONUX.EXE-23180524.pf
Deleted file - C:\WINDOWS\prefetch\MONOTIFICATIONUX.EXE-62024999.pf
Deleted file - C:\WINDOWS\prefetch\MOUSECLICKER.EXE-4DEF9CEE.pf
Deleted file - C:\WINDOWS\prefetch\MOUSOCOREWORKER.EXE-44A01CE7.pf
Deleted file - C:\WINDOWS\prefetch\MPCMDRUN.EXE-766ACDEA.pf
Deleted file - C:\WINDOWS\prefetch\MPCMDRUN.EXE-82616995.pf
Deleted file - C:\WINDOWS\prefetch\MPDEFENDERCORESERVICE.EXE-9657D0C8.pf
Deleted file - C:\WINDOWS\prefetch\MPRECOVERY.EXE-F2C7680F.pf
Deleted file - C:\WINDOWS\prefetch\MPSIGSTUB.EXE-5D0450B3.pf
Deleted file - C:\WINDOWS\prefetch\MPSIGSTUB.EXE-FD441709.pf
Deleted file - C:\WINDOWS\prefetch\MSCORSVW.EXE-16B291C4.pf
Deleted file - C:\WINDOWS\prefetch\MSCORSVW.EXE-8CE1A322.pf
Deleted file - C:\WINDOWS\prefetch\MSDT.EXE-D579957D.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9A.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9B.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9C.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25F9E.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25FA5.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25FA6.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25FA7.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25FA8.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGE.EXE-37D25FAA.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-72EE758A.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-72EE758B.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-72EE758C.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-72EE758E.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-72EE7594.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-72EE7595.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-72EE7598.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-953EC4AF.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-953EC4B0.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-953EC4B1.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-953EC4B3.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-953EC4B9.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-953EC4BA.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-953EC4BC.pf
Deleted file - C:\WINDOWS\prefetch\MSEDGEWEBVIEW2.EXE-953EC4BD.pf
Deleted file - C:\WINDOWS\prefetch\MSIEXEC.EXE-8FFB1633.pf
Deleted file - C:\WINDOWS\prefetch\MSIEXEC.EXE-CDBFC0F7.pf
Deleted file - C:\WINDOWS\prefetch\MSMPENG.EXE-37E24A32.pf
Deleted file - C:\WINDOWS\prefetch\MSMPENG.EXE-AC5FF58F.pf
Deleted file - C:\WINDOWS\prefetch\MSPAINT.EXE-CB27A74E.pf
Deleted file - C:\WINDOWS\prefetch\N2NIMHE1.EXE-EE203998.pf
Deleted file - C:\WINDOWS\prefetch\NET.EXE-0225D674.pf
Deleted file - C:\WINDOWS\prefetch\NET.EXE-A0964F30.pf
Deleted file - C:\WINDOWS\prefetch\NET1.EXE-091D8149.pf
Deleted file - C:\WINDOWS\prefetch\NET1.EXE-509326A5.pf
Deleted file - C:\WINDOWS\prefetch\NETSH.EXE-A596235F.pf
Deleted file - C:\WINDOWS\prefetch\NGEN.EXE-4A8DA13E.pf
Deleted file - C:\WINDOWS\prefetch\NGEN.EXE-734C6620.pf
Deleted file - C:\WINDOWS\prefetch\NGENTASK.EXE-0E6CEC17.pf
Deleted file - C:\WINDOWS\prefetch\NGENTASK.EXE-849BFD75.pf
Deleted file - C:\WINDOWS\prefetch\NISSRV.EXE-72EC3F25.pf
Deleted file - C:\WINDOWS\prefetch\NISSRV.EXE-98CC5D80.pf
Deleted file - C:\WINDOWS\prefetch\NOTEPAD.EXE-162FBFE7.pf
Deleted file - C:\WINDOWS\prefetch\NVCLEANSTALL_1.16.0.EXE-01060082.pf
Deleted file - C:\WINDOWS\prefetch\NVCLEANSTALL_7ZIP.EXE-1A9B9602.pf
Deleted file - C:\WINDOWS\prefetch\NVDISPCO64.EXE-FA73F936.pf
Deleted file - C:\WINDOWS\prefetch\NVDISPLAY.CONTAINER.EXE-EE9DB6A0.pf
Deleted file - C:\WINDOWS\prefetch\NVIDIA-SMI.EXE-43C94612.pf
Deleted file - C:\WINDOWS\prefetch\NVIDIA-SMI.EXE-5733439B.pf
Deleted file - C:\WINDOWS\prefetch\NVNGX_UPDATE.EXE-CB453E5D.pf
Deleted file - C:\WINDOWS\prefetch\NVSHIM.EXE-C1BF347B.pf
Deleted file - C:\WINDOWS\prefetch\NYTJDFGLX1N.EXE-488A4B0B.pf
Deleted file - C:\WINDOWS\prefetch\OAWRAPPER.EXE-C9A635FF.pf
Deleted file - C:\WINDOWS\prefetch\OBS-BACKGROUNDREMOVAL-1.1.13--0C530748.pf
Deleted file - C:\WINDOWS\prefetch\OBS-BACKGROUNDREMOVAL-1.1.13--1593CFC8.pf
Deleted file - C:\WINDOWS\prefetch\OBS-BACKGROUNDREMOVAL-1.1.13--BD4C73AB.pf
Deleted file - C:\WINDOWS\prefetch\OBS-BROWSER-PAGE.EXE-B650FAFD.pf
Deleted file - C:\WINDOWS\prefetch\OBS-BROWSER-PAGE.EXE-B650FAFE.pf
Deleted file - C:\WINDOWS\prefetch\OBS-BROWSER-PAGE.EXE-B650FB04.pf
Deleted file - C:\WINDOWS\prefetch\OBS-NVENC-TEST.EXE-256562AF.pf
Deleted file - C:\WINDOWS\prefetch\OBS-QSV-TEST.EXE-C01625D7.pf
Deleted file - C:\WINDOWS\prefetch\OBS-STUDIO-30.2.0-WINDOWS-INS-40CB636A.pf
Deleted file - C:\WINDOWS\prefetch\OBS64.EXE-40AD00BD.pf
Deleted file - C:\WINDOWS\prefetch\OFFICECLICKTORUN.EXE-4587B16B.pf
Deleted file - C:\WINDOWS\prefetch\OFFICECLICKTORUN.EXE-F5CCE208.pf
Deleted file - C:\WINDOWS\prefetch\OMEGAT.EXE-3F06549A.pf
Deleted file - C:\WINDOWS\prefetch\ONEDRIVESETUP.EXE-2F4C4906.pf
Deleted file - C:\WINDOWS\prefetch\OPENCONSOLE.EXE-A617E510.pf
Deleted file - C:\WINDOWS\prefetch\OPENWITH.EXE-8B50D58B.pf
Deleted file - C:\WINDOWS\prefetch\PERFBOOST.EXE-D7CAB4F4.pf
Deleted file - C:\WINDOWS\prefetch\PfPre_2fa6a7e2.mkd
Deleted file - C:\WINDOWS\prefetch\PHOTOS.EXE-1D3AFA6C.pf
Deleted file - C:\WINDOWS\prefetch\PICKERHOST.EXE-DE4B8E61.pf
Deleted file - C:\WINDOWS\prefetch\PING.EXE-0314C2F7.pf
Deleted file - C:\WINDOWS\prefetch\PINGSENDER.EXE-B4914655.pf
Deleted file - C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-C6EE3785.pf
Deleted file - C:\WINDOWS\prefetch\PNPUTIL.EXE-372B05C1.pf
Deleted file - C:\WINDOWS\prefetch\POQEXEC.EXE-567EE1A6.pf
Deleted file - C:\WINDOWS\prefetch\POWERSHELL.EXE-AE8EDC9B.pf
Deleted file - C:\WINDOWS\prefetch\POWERSHELL.EXE-CA1AE517.pf
Deleted file - C:\WINDOWS\prefetch\PREMID-INSTALLER.EXE-C47DB514.pf
Deleted file - C:\WINDOWS\prefetch\PREMID.EXE-DFD65C30.pf
Deleted file - C:\WINDOWS\prefetch\PREMID.EXE-DFD65C32.pf
Deleted file - C:\WINDOWS\prefetch\PREMID.EXE-DFD65C38.pf
Deleted file - C:\WINDOWS\prefetch\PROCEXP64.EXE-9F0720F4.pf
Deleted file - C:\WINDOWS\prefetch\PWAHELPER.EXE-93ECA8BC.pf
Deleted file - C:\WINDOWS\prefetch\QBITTORRENT.EXE-97E1315C.pf
Deleted file - C:\WINDOWS\prefetch\QS76K3X5.EXE-9501BC5C.pf
Deleted file - C:\WINDOWS\prefetch\QUALIFICATION_APP.EXE-C5E6086A.pf
Deleted file - C:\WINDOWS\prefetch\RAZERINSTALLER.EXE-108EAF16.pf
Deleted file - C:\WINDOWS\prefetch\RAZERSYNAPSEINSTALLER_PRODDIS-4FE6294D.pf
Deleted file - C:\WINDOWS\prefetch\REG.EXE-0AC99A87.pf
Deleted file - C:\WINDOWS\prefetch\REG.EXE-A93A1343.pf
Deleted file - C:\WINDOWS\prefetch\REGEDIT.EXE-DAB4D60B.pf
Deleted file - C:\WINDOWS\prefetch\REGSVR32.EXE-03D3FB87.pf
Deleted file - C:\WINDOWS\prefetch\REGSVR32.EXE-B31EC963.pf
Deleted file - C:\WINDOWS\prefetch\ResPriUHMStaticDb.ebd
Deleted file - C:\WINDOWS\prefetch\RIOT CLIENT.EXE-DB5D0153.pf
Deleted file - C:\WINDOWS\prefetch\RIOT CLIENT.EXE-DB5D0154.pf
Deleted file - C:\WINDOWS\prefetch\RIOT CLIENT.EXE-DB5D0155.pf
Deleted file - C:\WINDOWS\prefetch\RIOT CLIENT.EXE-DB5D015A.pf
Deleted file - C:\WINDOWS\prefetch\RIOT CLIENT.EXE-DB5D015B.pf
Deleted file - C:\WINDOWS\prefetch\RIOTCLIENTCRASHHANDLER.EXE-56653DA5.pf
Deleted file - C:\WINDOWS\prefetch\RIOTCLIENTSERVICES.EXE-0C7DC176.pf
Deleted file - C:\WINDOWS\prefetch\RSITX64.EXE-68FCBFCB.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-012D304A.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-0B0F028C.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-26F63A71.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-27E52A2D.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-29B5A95A.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-6E75ABA4.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-7241955C.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-75313621.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-880E5BDF.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-A751CE9B.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-A7DB9FAD.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-C0159C27.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-C575CB2E.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-C87919CF.pf
Deleted file - C:\WINDOWS\prefetch\RUNDLL32.EXE-CCD98664.pf
Deleted file - C:\WINDOWS\prefetch\RUNONCE.EXE-BD8A4C8F.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-0C405ED0.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-28060877.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-3B032F93.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-4163B14B.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-4551A062.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-489B63D4.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-4D3D38F0.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-5B4167E1.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-7475E422.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-967B2208.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-AB37D56F.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-B408371A.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-B5475AD7.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-B95961EC.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-C6D4F558.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-CEE04A22.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-D0F9CBDE.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-D9F8A976.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-DE17AACA.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-E0A7F531.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-E404484C.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-E4296D27.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-F0E0C793.pf
Deleted file - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-FE5973AE.pf
Deleted file - C:\WINDOWS\prefetch\RZS3WIZARDPKGS3.EXE-8AEC2626.pf
Deleted file - C:\WINDOWS\prefetch\SBIECTRL.EXE-2EAD5991.pf
Deleted file - C:\WINDOWS\prefetch\SBIESVC.EXE-1FFD779C.pf
Deleted file - C:\WINDOWS\prefetch\SBIESVC.EXE-3C641EB1.pf
Deleted file - C:\WINDOWS\prefetch\SC.EXE-6C4D4413.pf
Deleted file - C:\WINDOWS\prefetch\SC.EXE-F4E1A8F7.pf
Deleted file - C:\WINDOWS\prefetch\SCHTASKS.EXE-8B6144A9.pf
Deleted file - C:\WINDOWS\prefetch\SDBINST.EXE-49E8B208.pf
Deleted file - C:\WINDOWS\prefetch\SDIAGNHOST.EXE-B3171AA1.pf
Deleted file - C:\WINDOWS\prefetch\SDXHELPER.EXE-832215EB.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-44162447.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHHOST.EXE-8F97BC4E.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHHOST.EXE-BA67C789.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf
Deleted file - C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf
Deleted file - C:\WINDOWS\prefetch\SECEDIT.EXE-B8517D62.pf
Deleted file - C:\WINDOWS\prefetch\SECHEALTHUI.EXE-EF8E0FA0.pf
Deleted file - C:\WINDOWS\prefetch\SECURITYHEALTHHOST.EXE-2216DC19.pf
Deleted file - C:\WINDOWS\prefetch\SECURITYHEALTHSERVICE.EXE-91B5FB98.pf
Deleted file - C:\WINDOWS\prefetch\SETUP.EXE-5C4105FE.pf
Deleted file - C:\WINDOWS\prefetch\SETUP.EXE-5C410602.pf
Deleted file - C:\WINDOWS\prefetch\SETUP.EXE-9C1B62B2.pf
Deleted file - C:\WINDOWS\prefetch\SETUP.EXE-D24E177E.pf
Deleted file - C:\WINDOWS\prefetch\SFC.EXE-425529A1.pf
Deleted file - C:\WINDOWS\prefetch\SHELLEXPERIENCEHOST.EXE-6EC78D4F.pf
Deleted file - C:\WINDOWS\prefetch\SIHCLIENT.EXE-98C47F6C.pf
Deleted file - C:\WINDOWS\prefetch\SMARTSCREEN.EXE-EACC1250.pf
Deleted file - C:\WINDOWS\prefetch\SNIPPINGTOOL.EXE-80F9E627.pf
Deleted file - C:\WINDOWS\prefetch\SONAR.DEVINST.EXE-A075643E.pf
Deleted file - C:\WINDOWS\prefetch\SPECCY64.EXE-943BD3B0.pf
Deleted file - C:\WINDOWS\prefetch\SPLWOW64.EXE-57576C25.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFY.EXE-E13D5529.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFY.EXE-E13D552A.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFY.EXE-E13D552B.pf
Deleted file - C:\WINDOWS\prefetch\SPOTIFY.EXE-E13D5531.pf
Deleted file - C:\WINDOWS\prefetch\SPPEXTCOMOBJ.EXE-7D45A1AB.pf
Deleted file - C:\WINDOWS\prefetch\SPPSVC.EXE-96070FE0.pf
Deleted file - C:\WINDOWS\prefetch\SPSETUP133.EXE-241F9597.pf
Deleted file - C:\WINDOWS\prefetch\SRTASKS.EXE-3C9D2EEC.pf
Deleted file - C:\WINDOWS\prefetch\SSDTSHPX_SETUP.EXE-B1FC74F8.pf
Deleted file - C:\WINDOWS\prefetch\SSHZEXECUTOR.EXE-EBDA1112.pf
Deleted file - C:\WINDOWS\prefetch\START.EXE-6188BADF.pf
Deleted file - C:\WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-4DCEE2F2.pf
Deleted file - C:\WINDOWS\prefetch\STEELSERIESENGINE.EXE-217B9D8D.pf
Deleted file - C:\WINDOWS\prefetch\STEELSERIESGG.EXE-030ABABB.pf
Deleted file - C:\WINDOWS\prefetch\STEELSERIESGGINSTALLERDOWNLOA-437312BD.pf
Deleted file - C:\WINDOWS\prefetch\STEELSERIESGGINSTALLERSWC.EXE-B91581C3.pf
Deleted file - C:\WINDOWS\prefetch\STEELSERIESGGWEBINSTALLER-1.3-09C38D87.pf
Deleted file - C:\WINDOWS\prefetch\STEELSERIESPRISM.EXE-14A76429.pf
Deleted file - C:\WINDOWS\prefetch\STEELSERIESSONAR.EXE-34591847.pf
Deleted file - C:\WINDOWS\prefetch\STOREDESKTOPEXTENSION.EXE-FAFBC5D3.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-09F4AEA4.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-0A049705.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-117C4441.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-13304EB0.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-1454AA18.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-14E28BF5.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-18C5C6E4.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-19B557B1.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-1B73F444.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-2FFEC382.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-3CDB0077.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-41084AF7.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-44191FB8.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-4B98D760.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-4BD0A607.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-4D0E9C8C.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-4E79CC0D.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-502A129B.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-529F9AC1.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-59780EBF.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-5F87ABED.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-62105D0D.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-677C0885.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-6867B1E5.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-6A4A44E7.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-73D024B2.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-764FA25C.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-768E59F7.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-77C41F85.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-7AAD9645.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-7CA96BCB.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-84F32335.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-852EC587.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-8A4EB855.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-952637C2.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-9A28EB78.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-9D041ABC.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-A9721AD5.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-AA89143F.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-B18C213B.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-BE3D0421.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C2DA4F6F.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C38EF8DD.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C625B657.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-C88A2A3B.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-CAEF0A6A.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-D2385079.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-D5481872.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-D8C907E1.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-DF14C859.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-E5CD0034.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-EA9BB143.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-EBBF67E6.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-F1E39519.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-F57A5173.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-F5E1DCD3.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-F952D9A9.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-FA38241C.pf
Deleted file - C:\WINDOWS\prefetch\SVCHOST.EXE-FC46CD61.pf
Deleted file - C:\WINDOWS\prefetch\SYSTEMINFO.EXE-14DA5704.pf
Deleted file - C:\WINDOWS\prefetch\SYSTEMSETTINGS.EXE-084BB8F9.pf
Deleted file - C:\WINDOWS\prefetch\SYSTEMSETTINGSADMINFLOWS.EXE-F74198E7.pf
Deleted file - C:\WINDOWS\prefetch\SYSTEMSETTINGSBROKER.EXE-8BBE2894.pf
Deleted file - C:\WINDOWS\prefetch\SYSTRAYCOMPONENT.EXE-C9F17BFE.pf
Deleted file - C:\WINDOWS\prefetch\TASKHOSTW.EXE-2E5D4B75.pf
Deleted file - C:\WINDOWS\prefetch\TASKKILL.EXE-0ECD41EC.pf
Deleted file - C:\WINDOWS\prefetch\TASKKILL.EXE-BE180FC8.pf
Deleted file - C:\WINDOWS\prefetch\TASKLIST.EXE-4641012C.pf
Deleted file - C:\WINDOWS\prefetch\TASKMGR.EXE-4C8500BA.pf
Deleted file - C:\WINDOWS\prefetch\TELEGRAM.EXE-4045FED7.pf
Deleted file - C:\WINDOWS\prefetch\TERMINAL.EXE-138A7F7E.pf
Deleted file - C:\WINDOWS\prefetch\TEXTINPUTHOST.EXE-861368C0.pf
Deleted file - C:\WINDOWS\prefetch\TIWORKER.EXE-65F8DEAA.pf
Deleted file - C:\WINDOWS\prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf
Deleted file - C:\WINDOWS\prefetch\UNINS000.EXE-FAB5105F.pf
Deleted file - C:\WINDOWS\prefetch\UNINST.EXE-0066B9B0.pf
Deleted file - C:\WINDOWS\prefetch\UNINST.EXE-8DB82EF2.pf
Deleted file - C:\WINDOWS\prefetch\UNINSTALL.EXE-16C50215.pf
Deleted file - C:\WINDOWS\prefetch\UNINSTALL.EXE-C8A9BD2C.pf
Deleted file - C:\WINDOWS\prefetch\UN_A.EXE-25687529.pf
Deleted file - C:\WINDOWS\prefetch\UPDATE.EXE-D390C843.pf
Deleted file - C:\WINDOWS\prefetch\UPDATEPLATFORM.AMD64FRE.EXE-804667A0.pf
Deleted file - C:\WINDOWS\prefetch\UPDATER.EXE-8551D93C.pf
Deleted file - C:\WINDOWS\prefetch\UPDATER.EXE-8B065B0B.pf
Deleted file - C:\WINDOWS\prefetch\UPDATER.EXE-8CA706AA.pf
Deleted file - C:\WINDOWS\prefetch\UPDATERSETUP.EXE-0CC28D5F.pf
Deleted file - C:\WINDOWS\prefetch\USERINIT.EXE-5114915C.pf
Deleted file - C:\WINDOWS\prefetch\USEROOBEBROKER.EXE-65584ADF.pf
Deleted file - C:\WINDOWS\prefetch\USOCLIENT.EXE-4ADC110B.pf
Deleted file - C:\WINDOWS\prefetch\VGC.EXE-1D5BD981.pf
Deleted file - C:\WINDOWS\prefetch\VLC.EXE-F1ED81B3.pf
Deleted file - C:\WINDOWS\prefetch\VSSVC.EXE-6C8F0C66.pf
Deleted file - C:\WINDOWS\prefetch\WAB.EXE-5899287B.pf
Deleted file - C:\WINDOWS\prefetch\WERFAULT.EXE-155C56CF.pf
Deleted file - C:\WINDOWS\prefetch\WERFAULT.EXE-19E0D4EB.pf
Deleted file - C:\WINDOWS\prefetch\WERFAULT.EXE-661188F3.pf
Deleted file - C:\WINDOWS\prefetch\WEVTUTIL.EXE-1E154F39.pf
Deleted file - C:\WINDOWS\prefetch\WINDOWSCAMERA.EXE-8A1EBB0D.pf
Deleted file - C:\WINDOWS\prefetch\WINDOWSPACKAGEMANAGERSERVER.E-201C94F9.pf
Deleted file - C:\WINDOWS\prefetch\WINDOWSTERMINAL.EXE-DD240BFA.pf
Deleted file - C:\WINDOWS\prefetch\WINMGMT.EXE-C981BB27.pf
Deleted file - C:\WINDOWS\prefetch\WINPILOT.EXE-38CA5639.pf
Deleted file - C:\WINDOWS\prefetch\WINSAT.EXE-C345C80B.pf
Deleted file - C:\WINDOWS\prefetch\WINSTORE.APP.EXE-743DDED5.pf
Deleted file - C:\WINDOWS\prefetch\WIN_DRIVER_INSTALLER.EXE-1B3E4E9D.pf
Deleted file - C:\WINDOWS\prefetch\WLRMDR.EXE-A7C36FDD.pf
Deleted file - C:\WINDOWS\prefetch\WMIADAP.EXE-BB21CD77.pf
Deleted file - C:\WINDOWS\prefetch\WMIAPSRV.EXE-FC8436DD.pf
Deleted file - C:\WINDOWS\prefetch\WMIC.EXE-311B5CB4.pf
Deleted file - C:\WINDOWS\prefetch\WMIC.EXE-98223A30.pf
Deleted file - C:\WINDOWS\prefetch\WMIPRVSE.EXE-39F97B2D.pf
Deleted file - C:\WINDOWS\prefetch\WMIPRVSE.EXE-E8B8DD29.pf
Deleted file - C:\WINDOWS\prefetch\WT.EXE-26219B2E.pf
Deleted file - C:\WINDOWS\prefetch\WUAUCLTCORE.EXE-07BDE0CF.pf
Deleted file - C:\WINDOWS\prefetch\WUAUCLTCORE.EXE-84257BB2.pf
Deleted file - C:\WINDOWS\prefetch\WUB_X64.EXE-2FDFC964.pf
Deleted file - C:\WINDOWS\prefetch\WWAHOST.EXE-02A78870.pf
Deleted file - C:\WINDOWS\prefetch\WWAHOST.EXE-37768102.pf
Deleted file - C:\WINDOWS\prefetch\ZHPCLEANER(1).EXE-0803C826.pf
Deleted file - C:\WINDOWS\prefetch\ZHPCLEANER.EXE-285CB844.pf
Deleted file - C:\WINDOWS\prefetch\_IU14D2N.TMP-5860BBFB.pf
Deleted file - C:\WINDOWS\prefetch\_UNINSTALL36096-4F505AA8.pf
Deleted file - C:\WINDOWS\prefetch\ReadyBoot\rblayout.xin
Deleted file - C:\WINDOWS\prefetch\ReadyBoot\Trace5.fx
Deleted file - C:\WINDOWS\prefetch\ReadyBoot\Trace6.fx
Deleted file - C:\WINDOWS\prefetch\ReadyBoot\Trace7.fx
Deleted file - C:\WINDOWS\prefetch\ReadyBoot\Trace8.fx
Deleted file - C:\WINDOWS\prefetch\ReadyBoot\Trace9.fx


SERVICE_NAME: sysmain
        TYPE               : 30  WIN32 
        STATE              : 3  STOP_PENDING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x2710


[SC] ChangeServiceConfig SUCCESS


SERVICE_NAME: DiagTrack
        TYPE               : 10  WIN32_OWN_PROCESS 
        STATE              : 3  STOP_PENDING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x3
        WAIT_HINT          : 0x0


[SC] ChangeServiceConfig SUCCESS


[SC] ControlService FAILED 1062:

The service has not been started.



[SC] ChangeServiceConfig SUCCESS


SERVICE_NAME: WSearch
        TYPE               : 10  WIN32_OWN_PROCESS 
        STATE              : 3  STOP_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x2
        WAIT_HINT          : 0x7530


[SC] ChangeServiceConfig SUCCESS


[SC] ControlService FAILED 1062:

The service has not been started.



[SC] ChangeServiceConfig SUCCESS


========= End of Batch: =========


========= del /s /q "%userprofile%\AppData\Local\temp\*.*" =========

Deleted file - C:\Users\Ripple\AppData\Local\temp\000e5e9f-7d5c-47ed-bece-e4b3a9f8e489.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\02b41375-20bc-4178-82a8-7d79c6dd972f.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\02d6d97e-57a7-4f5b-8b86-1d4d7aee209e.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\03abe1be-d0f9-4d83-ad08-a84666c67f6e.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\03f1d3f2-dfa7-432e-9d6f-fd2e323f1fdd.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\06138131-2e01-430b-b7b0-0e1d3ce56283.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\08700c85-9fd2-4b5c-8c90-91384e7cf119.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\088c9fd0-bdf2-4842-b685-e29dbb58516f.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\093458cb-86fc-42c3-9315-596d51ff84d0.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\0afb4d07-1702-4797-850a-10695459ba40.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\0cb06e50-5646-4c83-86fd-a9c31fc15dc6.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\0cbf380a-2f78-4068-b803-00728fbedebd.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\0cbf7ec3-ee7f-4206-9be7-fb50aca61686.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\0e0ceef9-336f-49d9-8351-8af09ed69779.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\0ecb665c-226d-4506-b269-cced8d56e4cb.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\10aaf4a2-d7b4-464b-b5ee-acdadd5ca921.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\1614f8ee-618f-426d-9ae5-ca38c20c60e2.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\16cccebf-448e-4687-83ee-4a7d398d228f.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\17441628-b533-4877-a6c5-1c511eb17268.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\176feff4-ea9c-4845-a35a-30874496cd88.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\17bd9ba8-7db2-46f4-b5f6-5108238cada0.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\1c72bf29-00cd-43ca-97fd-87591a9a6bb9.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\1d1f8f16-996c-4e23-8169-ae043ec340ef.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\1d5a225b-a358-4f0f-a6b9-0d1c8d5894bb.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\1dd4593a-633f-4e25-b949-fac232ef6027.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\1ee7981f-f33a-4ed6-8f4c-a22f0d5c0b85.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\204a4cbb-83e4-4f76-a043-1f611d14723e.tmp.ico
Deleted file - C:\Users\Ripple\AppData\Local\temp\21335448-da85-430b-b419-96768265981c.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\248b5755-f492-4993-b76e-fb26130c40a3.tmp.ico
Deleted file - C:\Users\Ripple\AppData\Local\temp\24fd1dd6-6c8a-4654-a272-06dd14af86e4.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\25707d32-0881-4764-8973-a570016eec35.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\27494c44-3aec-4e87-949a-ff68182ec350.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\27e535e4-1283-4c8a-a8ad-ba058dcb06d8.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\287bd5f8-3eb1-463b-8d2f-d1196f3385eb.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\29936927-270b-458b-89c0-c8f9f884c85c.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\29d85551-f32c-4e2a-8d7b-39a5673cc143.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\2a4967d1-b182-4468-a0c4-5d806ede8b6c.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\2b149659-240a-43e2-b48d-bc76b0158a33.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\2ca61c94-6aa7-4df3-b2e4-0f75bad6ceb4.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\2f2b59ff-f9ab-4c3e-9735-51c35422d600.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\311fb624-90d2-4b3b-a0e0-b48bcb9cf58c.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\3455ca0d-8d8b-4aa7-83ba-22e2341d7115.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\351ce3e0-0b65-42cb-8caa-93085de012d4.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\37fe0948-ad3d-4240-8463-cd5ba34b9662.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\38837797-6bc5-47da-9e21-8dec95bf3b50.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\3924a4c2-4690-4ecd-bad5-ddb372f26bcd.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\3a0ed51f-7d30-4035-8258-a82d21edf81b.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\3aa97a99-8548-4839-abbb-0fbbbd9b4f87.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\3b9ce3b0-2da4-4cc7-95dd-f59ffb55dec3.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\3d10391a-fb94-4263-9b0d-7337718dea25.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\3e6c5a28-9b4c-4c69-b195-dbbb4a080a3d.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\3fc83836-a399-435c-8e9c-d1f7f63bd47e.tmp.ico
Deleted file - C:\Users\Ripple\AppData\Local\temp\40c45357-cf97-4711-af24-eca4b32821df.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\40f9dbff-fbee-488b-a618-3762a62ccd93.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\413c2a73-afdb-4b42-aea5-df8bf843b093.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\425739d1-241e-44de-8ce0-007d20c6310c.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\4435737d-28af-4f51-bf9d-92065d21c468.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\4a2dc72c-bc9d-455c-b856-a1a71f33d15f.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\4bcf2b7c-8980-4d21-9835-62ac0ecffe52.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\4be11248-6d34-4f17-aae0-3f9211e8618e.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\4ccf16a8-4a2b-42b7-a677-e883b32c0ac5.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\4d32bdcd-ab79-45a3-b134-1007cfdafb38.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\4eb46d45-df26-4f77-b3c7-9bc51dcc2003.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\4f24f544-5c7a-4957-bedc-12aa402d9285.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\513be19d-c1df-4125-81ba-26c67ab1029b.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\51b19fde-1ab0-4b8a-a622-d038b6f3d5cd.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\5444c64b-adfa-4d72-a548-23c3e55e0dc3.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\5639ed6e-d1e7-4d06-870c-d5a0e372a5eb.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\5755d083-91b4-46b6-9111-0d54287bf465.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\5784b4ca-a0ff-4696-9bb5-57acde18753f.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\57a6846f-df91-4f99-b2cf-3aec2c875832.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\5eb3413a-05bf-4913-849b-3ef1e5f7bfc4.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\60360540-3a45-41e5-9378-70f60fc6a9d0.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\618d26df-503f-4dec-ab74-2499d16ea330.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\6417fc96-3c41-4131-92fb-c90594f30dcf.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\67959dc3-cd78-40cd-9874-72dec185826d.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\691fec44-ca19-4165-b24e-5ffbd32a9e0b.tmp.ico
Deleted file - C:\Users\Ripple\AppData\Local\temp\69ada4e2-6e07-459b-a553-ba15cdd85186.tmp.ico
Deleted file - C:\Users\Ripple\AppData\Local\temp\6d85d38b-8e82-45ab-af85-012b70fb7581.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\6d8c8f66-ae4e-4398-bad8-9e0ca89f8353.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\70abf38e-1d69-4297-8822-bb87db05a360.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\721accb8-627f-47f9-a013-41850aa79c6c.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\7596c69a-c92e-4f95-b6db-b5a65767f2b0.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\7657ad3a-4232-4164-bf13-dc6a7a5f71b0.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\76f88e00-93f8-465d-bd5f-93b01b0c3875.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\770b3f09-b127-43d0-a649-e43d05162934.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\7a0c3507-014b-43f8-9c15-35b24bd6d521.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\7a1ffb21-31ca-4c7a-a44a-c1058cd75655.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\7b02d9c3-e735-4813-90ed-674897c45f3b.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\7c26c876-2108-48e5-a39d-d8a95d6e9616.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\7e36632a-e85c-4e14-b35e-3a26185fcc46.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\7f5615f7-211c-4be2-8dfa-cf7bc2edc8b3.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\8055d93b-ac18-4ccc-814c-c45572be4c14.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\8155a832-a0e7-4ef7-b274-cf6ccfdf680a.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\86112906-5a25-48b8-99c7-dd8113615d2d.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\865b672f-2f32-49a9-b3b1-e7d803d57797.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\86e3a39b-a064-4080-be3e-fdd05e2e30de.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\87b5246a-58df-4838-957f-e6df90eb2686.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\88fc2d63-a850-4da2-aa6f-c9ab174a0b59.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\89728c09-073b-4df4-aecf-8e2b090b2728.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\8c8385c7-43d0-4a56-bad8-ff63a32d16fc.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\8c91d6e5-60ce-4c11-9ba7-ae2b5e267a17.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\8cdde2ad-c3c9-44ed-8c95-c71644ff8cf1.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\90d30e15-48f8-4bbe-bbe3-406a5d316bc8.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\92aef77e-6e97-4582-ac88-770c83c0c0af.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\944e102a-8553-4341-8ea2-0cc9805ee6dc.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\960ccb30-35cd-4de8-80b3-5aa9f9a2fbc9.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\98d5bee4-678e-4a4a-b48d-9af5c2b030c7.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\9a9caf36-52a6-4161-b091-93cf367b9d06.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\a19680ac-2604-45b8-9f5c-8b42946fb7c3.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\a5d738e1-d562-457a-8c03-2ebbef19d9a4.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\a618582a-4ba6-4f99-a637-e0a94bf1d14a.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\a949ed98-7d65-4e7c-b27e-271a998c5dcd.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\a9777db5-5567-4d29-8c01-a5224b014a02.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\a9c653a5-e7ab-4689-9bdc-ae30439b48bd.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\a9d3e8ae-acc7-4e7c-9760-b85c615a86ef.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\ae0175f7-c336-4a14-99e7-fb214faf0d8f.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\APPX.2169egdoy7qu5rh34oy90fv8b.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp\APPX.7lovvdpy3mblafavt9wyc1vkc.tmp
C:\Users\Ripple\AppData\Local\temp\APPX.kwf676q8r6twf8bkzi07nqsid.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp\APPX.s265uzbfpfah7wm0i0itwjfwh.tmp
C:\Users\Ripple\AppData\Local\temp\APPX.v8kwcn_j_m7mnd4yboxyd047e.tmp
C:\Users\Ripple\AppData\Local\temp\APPX._ez70vzve9365tweu4ympi64f.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp\b4de437e-e8d7-43ae-8f20-971eac8e48d5.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\b5d9e86a-6e00-4ace-9e48-e63159ae2105.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\b60c01ac-6c78-4cba-8f56-21c2fab12805.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\b9e99d52-a542-483f-84a9-390c97017f56.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\be7ba3ec-3fcc-4d79-a2e1-ca07fcde311c.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\bf2a244a-0153-4a3d-96f9-23bf51c36570.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\c15e2da8-c50c-49c6-8853-1580d39f3fd2.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\c2bace452413230a505b65c1d241e36f-{87A94AB0-E370-4cde-98D3-ACC110C5967D}
Deleted file - C:\Users\Ripple\AppData\Local\temp\c3d7bd22-ea4c-40b9-aaab-4c298545c248.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\c4d819b2-d497-4abb-9f50-de72a85adfc1.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\c4ff978a-8b24-4142-bbf6-906b3a3f209f.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\c6aca8c4-b3f5-47e6-baca-371ffb2b04ff.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\c7d7f1be-8852-42b0-a0f1-cc5d11df12a2.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\c83a8131-6cce-43de-828b-5f1151073217.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\c9015c66-4923-4a86-a0fd-b5e7ade91538.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\cbac82aa-a649-4899-b990-9393ea8c2a15.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\ClearLNK.ini
Deleted file - C:\Users\Ripple\AppData\Local\temp\d0bd2760-c657-497e-acad-5ecd0ee39a1a.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\d0dc2a04-621b-4f2d-96ee-8ce1d95cf0f6.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\d2b3f8f6-c8a8-4b29-b5e7-4733c0823a88.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\d53eaaa9-fb79-4131-892a-47c7f4c44061.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\d5cece84-ea35-47c5-9bce-52f346977511.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\d6830396-a513-4ed4-ad84-f826246fb6dc.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\dd1cc1e5-c9c8-4bfb-a812-09badee09a5f.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\e01e56fe-a4fd-44bc-9004-d85cd2103bb6.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\e12650c9-e916-43e9-a356-488596d824f8.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\e5d4df96-707d-4387-b2b1-8c6a4e1faca9.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\e60f3cf9-fe64-49db-8f32-6fa8c5bbe7d3.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\e6e63636-6238-4bba-a721-a15a6969a253.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\e881c859-4c42-4819-8b4d-62bb71df687c.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\e9a88954-c9b4-4e44-8b0f-9374dc3161a4.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\ed2a61dc-809a-428a-bf0b-22e32796fd1f.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\ef29dbeb-3c17-4e12-9b7f-2c08058f596b.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\f44592c3-f326-46a3-8288-5c35bd50592d.tmp.html
Deleted file - C:\Users\Ripple\AppData\Local\temp\f4c5f64c-f29d-403d-9506-b92ed11a8a5a.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\f59fd667-7f1c-4e58-a928-ba841a6dbb26.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\f6e4fea1-df00-4642-b45b-cb33136d3085.tmp.ico
Deleted file - C:\Users\Ripple\AppData\Local\temp\f7c82924-7b58-4679-9a67-830da1124521.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\f8481d58-863f-40b2-951b-aac7d2841379.tmp.css
Deleted file - C:\Users\Ripple\AppData\Local\temp\fa61fb9b-990e-4828-937b-ee410cf14bf5.tmp.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\faa9cd7c-f566-4cf5-952d-5bed0fb54074.tmp.ttf
Deleted file - C:\Users\Ripple\AppData\Local\temp\fd7efcc0-5fda-41b9-a35b-acaae0b3bf12.tmp.woff2
Deleted file - C:\Users\Ripple\AppData\Local\temp\fddf17ad-c871-4c55-b7b4-8958051cf628.tmp.js
Deleted file - C:\Users\Ripple\AppData\Local\temp\geek64.exe
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna4911560465259692089.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna8232274705723621799.hunspell-win-x86-64.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\{45B1D970-9886-4A4D-9212-28ADD3F319DD} - OProcSessId.dat
Deleted file - C:\Users\Ripple\AppData\Local\temp\{4E1B62C6-B77E-48EF-9334-E9EE6DC0B96F} - OProcSessId.dat
Deleted file - C:\Users\Ripple\AppData\Local\temp\{B86C5B59-9C82-44EB-8ED2-40A6B223770B} - OProcSessId.dat
Deleted file - C:\Users\Ripple\AppData\Local\temp\{CA82AAAF-6622-47A0-9831-A0225D73F433} - OProcSessId.dat
Deleted file - C:\Users\Ripple\AppData\Local\temp\7zO462FA464\622.csv
Deleted file - C:\Users\Ripple\AppData\Local\temp\8b24d924-537b-459b-a0ab-cc06ba89e145_geek.7z.145\geek.exe
Deleted file - C:\Users\Ripple\AppData\Local\temp\bafc3223-ebf9-45b3-b865-ade479cb0537_geek.7z.537\geek.exe
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1721209092230134600_6B5745FF-DCF1-4A62-B90D-E6DB8088F33B.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1721209092231158800_6B5745FF-DCF1-4A62-B90D-E6DB8088F33B.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1721209092231715100_6B5745FF-DCF1-4A62-B90D-E6DB8088F33B.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1721209092232561400_6B5745FF-DCF1-4A62-B90D-E6DB8088F33B.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna-77124\jna10132358105755066225.dll
Deleted file - C:\Users\Ripple\AppData\Local\temp\jna-77124\jna10132358105755066225.dll.x
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir12632_109146484\2032b01729dfe2104b52920da5d09b0e.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir12632_109146484\6c9718f1d954c09fb3dc8d410b704522.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir12632_109146484\71c066cc37aa2518ca6ebfebae2a0e58.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir12632_109146484\cdf383ff3876c44ae2c876a3579c9387.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir12632_109146484\f1ff99935cbf2dcc8247ddb580c640c1.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir1972_240717956\6c4e70c602352c04108faae6415f9299.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir1972_240717956\814a388d5d40c07857a4a94a5a6d0281.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir1972_240717956\84d4e23663500c265a42412358bbb81e.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir1972_240717956\a0df42cc9edc6f9eb5d2d0b78d287790.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir1972_240717956\b8e6d1a5e8a307e7a2a5601107b2c420.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir1972_240717956\ca7300b352a09d1fa44864da6f46dcab.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\scoped_dir1972_240717956\de99dc7c3dd658f382a1850e1b439e7c.png
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\LastPing
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings
Deleted file - C:\Users\Ripple\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings_1.0-7e3544113374bc2769af5f67e125ab81de1b4b64c07fe68e2a7bc03646c85dfc


========= End of CMD: =========

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock]
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock" => not found
================== ExportKey: ===================

[HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"3RVX"="D:\Program Files (x86)\3RVX\3RVX.exe"
"electron.app.BlueStacks Services"="C:\Users\Ripple\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden"
"PreMiD"=""C:\Users\Ripple\AppData\Roaming\PreMiD\PreMiD.exe" --hidden"

=== End of ExportKey ===
================== ExportKey: ===================

[HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=== End of ExportKey ===
================== ExportKey: ===================

[HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"MicrosoftEdgeAutoLaunch_2D11F281AFD682F6488A744B0F127922"="020000000000000000000000"
"OneDrive"="020000000000000000000000"
"RiotClient"="020000000000000000000000"
"Discord"="03000000d94903f7dccdda01"
"IDMan"="020000000000000000000000"
"3RVX"="020000000000000000000000"
"electron.app.BlueStacks Services"="03000000345b2cb6355bda01"
"SandboxieControl"="020000000000000000000000"
"Synapse3"="03000000c9f6f665ccbbda01"
"PreMiD"="020000000000000000000000"

=== End of ExportKey ===
================== ExportKey: ===================

[HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" => not found
================== ExportKey: ===================

[HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"Rainmeter.lnk"="03000000a5a1eaf5bb2eda01"
"FANTECH X4S MACRO Gaming Mouse.lnk"="030000004a4552ac5136da01"

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\IpAddresses]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
"C:\Windows\System32\SppExtComObjHook.dll"="0"
"C:\Users\Ripple\AppData\Local\WinRAR"="0"
"C:\Program Files (x86)\Internet Explorer"="0"
"C:\Windows\Microsoft.NET"="0"
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
"Rar64.exe"="0"
"aspnet_compiler.exe"="0"
"RuntimeBroker.exe"="0"
"CrashReporter.exe"="0"
"RegAsm.exe"="0"
"ngentask.exe"="0"
"WsatConfig.exe"="0"
"taskhostw.exe"="0"
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]

=== End of ExportKey ===

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12680561 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 395746794 B
Windows/system/drivers => 2096490 B
Edge => 0 B
Chrome => 10721977 B
Firefox => 1162885094 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2340 B
Ripple => 32536 B

RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:04:17 ====
 
Malnutrition said:
Please Copy and paste that log here in your next post.
Click to expand...

Hi, just copy and paste directly right? I posted it in code and it seemed the colors were not shown. so copy pasted in the next reply, since I can't delete this reply. do I update those red marked files?
 
SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24]
WebSite: www.safezone.cc
DateLog: 19.07.2024 11:07:53
Path starting: C:\Users\Ripple\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Max
VersionXML: 12.38is-14.07.2024
___________________________________________________________________________

Windows 11(6.3.22631) (x64) Professional Release: 23H2 Lang: English(0409)
Installation date OS: 12.07.2024 06:06:13
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
LicenseStatus: Office 21, Office21ProPlus2021VL_KMS_Client_AE edition Initial grace period ends :33164 minutes
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [247.1 Gb] Used: [154.8 Gb] Free: [92.3 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Never check for updates
The computer gets its updates from a WSUS server
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.1.6.117 v.5.1.6.117
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Edge WebView2 Runtime v.126.0.2592.102
Steam v.2.10.91.91
Wireshark 4.2.5 x64 v.4.2.5 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 v.14.40.33810.0
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 v.14.40.33810.0
------------------------------ [ ArchAndFM ] ------------------------------
7-Zip 22.01 (x64) v.22.01 Warning! Download Update
Uninstall old version and install new one.
-------------------------- [ IMAndCollaborate ] ---------------------------
Telegram Desktop v.5.2.3
--------------------------------- [ P2P ] ---------------------------------
qBittorrent v.4.6.5
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.20 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 en-US) v.127.0.2 Warning! Download Update
Google Chrome v.126.0.6478.128 [+]
Microsoft Edge v.126.0.2592.102
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service has stopped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe v.4.18.24060.7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe v.4.18.24060.7
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------
 
maxim123 said:
do I update those red marked files?
Click to expand...


Yes.


maxim123 said:
couldn't uncheck adobe type manager.
Click to expand...

Download Runx.exe drag and drop Autoruns program onto Runx and then you will be able to uncheck it,.


Disable Bitlocker https://www.howtogeek.com/805225/disable-bitlocker/

Do you use Ms Edge? If not then disable it. https://www.sordum.org/9312/edge-blocker-v2-0/

Disable Customer experience imporovement program. https://www.thewindowsclub.com/disable-windows-customer-experience-improvement-program


Also check for and disable the task of these to ensure they are off. https://www.nirsoft.net/utils/task_scheduler_view.html

Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code: 
start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
C:\Windows\System32\SppExtComObjHook.dll
C:\Users\Ripple\AppData\Local\WinRAR

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
# Funtion Remove-all-windefend-excludes to Remove all exclusions on MS Windefend
Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
# Remove all exclusions on MS Windefend
Write-Output "Removing all exclusions on MS Windefend antivirus"
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiVirus" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "PUAProtection" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableBehaviorMonitoring" -force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableOnAccessProtection" -force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableScanOnRealtimeEnable" -force
Get-Service windefend | Select-Object -Property Name, StartType, Status
Set-Service -Name securityhealthservice -StartupType manual -force
Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
# Reset and check Secure Health status
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
# Check if these services are running
Get-Service mbamservice, Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, bfe, WdNisSvc, WdNisDrv, sense, winmgmt, rpcss, RpcEptMapper, bits, cryptsvc, wuauserv, dcomlaunch | Select Name, DisplayName, Status, starttype
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-Item -Path "C:\Windows\Prefetch\*" -force -recurse -ErrorAction SilentlyContinue
Write-Output "updating"
Update-MpSignature
Write-Output "scanning quick scan"
Start-MpScan -ScanType QuickScan
Remove-MpThreat
EndPowerShell:

CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
emptytemp:
Reboot:
End::

1721365362197.png
1721365440781.png
 
Last edited:
  • Like
Reactions: maxim123
After all of the above, let me know the performance of the machine and upload a final set of FRST logs for review.
 
  • Like
Reactions: maxim123
Hi, I will update this at evening here (gmt+5.45 timezone), as I have to leave for a while again.
 
Malnutrition said:
Yes.
Click to expand...
updated. vlc says the version is latest when i checked through the app.

Malnutrition said:
Download Runx.exe drag and drop Autoruns program onto Runx and then you will be able to uncheck it,.
Click to expand...
Still says failed to disable adobe type manager. I tried running with trusted source and system user, but both gave the same thing when trying to uncheck adobe type manager.

Malnutrition said:
Disable Bitlocker https://www.howtogeek.com/805225/disable-bitlocker/
Click to expand...
they are already turned off it seems.

Malnutrition said:
Also check for and disable the task of these to ensure they are off. https://www.nirsoft.net/utils/task_scheduler_view.html
Click to expand...
1721401445331.png
do I disable these two? I didn't see ms edge and customer experience in the task scheduler.
 
Malnutrition said:
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Click to expand...
Code: 
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by Max (19-07-2024 20:55:57) Run:4
Running from C:\Users\Ripple\Desktop
Loaded Profiles: Max
Boot Mode: Normal
==============================================

fixlist content:
*****************
start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
C:\Windows\System32\SppExtComObjHook.dll
C:\Users\Ripple\AppData\Local\WinRAR

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
# Funtion Remove-all-windefend-excludes to Remove all exclusions on MS Windefend
Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
# Remove all exclusions on MS Windefend
Write-Output "Removing all exclusions on MS Windefend antivirus"
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiVirus" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "PUAProtection" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" –Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableBehaviorMonitoring" -force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableOnAccessProtection" -force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableScanOnRealtimeEnable" -force
Get-Service windefend | Select-Object -Property Name, StartType, Status
Set-Service -Name securityhealthservice -StartupType manual -force
Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
# Reset and check Secure Health status
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
# Check if these services are running
Get-Service mbamservice, Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, bfe, WdNisSvc, WdNisDrv, sense, winmgmt, rpcss, RpcEptMapper, bits, cryptsvc, wuauserv, dcomlaunch | Select Name, DisplayName, Status, starttype
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-Item -Path "C:\Windows\Prefetch\*" -force -recurse -ErrorAction SilentlyContinue
Write-Output "updating"
Update-MpSignature
Write-Output "scanning quick scan"
Start-MpScan -ScanType QuickScan
Remove-MpThreat
EndPowerShell:

CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
emptytemp:
Reboot:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Windows\System32\SppExtComObjHook.dll" => not found
"C:\Users\Ripple\AppData\Local\WinRAR" => not found

========= Powershell: =========

Removing all exclusions on MS Windefend antivirus

========= End of Powershell: =========


========= Powershell: =========


Name                  StartType  Status
----                  ---------  ------
windefend             Automatic Running
securityhealthservice    Manual Stopped
Microsoft.SecHealthUI                Ok
bfe                   Automatic Running
bits                     Manual Stopped
cryptsvc              Automatic Running
dcomlaunch            Automatic Running
mbamservice              Manual Stopped
mpsdrv                   Manual Running
mpssvc                Automatic Running
RpcEptMapper          Automatic Running
rpcss                 Automatic Running
SecurityHealthService    Manual Stopped
sense                    Manual Stopped
WdNisDrv                 Manual Running
WdNisSvc                 Manual Running
Windefend             Automatic Running
winmgmt               Automatic Running
wscsvc                Automatic Running
wuauserv               Disabled Stopped



========= End of Powershell: =========


========= Powershell: =========

updating
scanning quick scan

========= End of Powershell: =========


========= del /s /q "%userprofile%\AppData\Local\temp\*.*" =========

C:\Users\Ripple\AppData\Local\temp\APPX.7swgbv6vm5h747d2otp3edbah.tmp
C:\Users\Ripple\AppData\Local\temp\APPX.ahuj04oh386vmy0uhwigzhu4f.tmp
C:\Users\Ripple\AppData\Local\temp\APPX.tp31zuhyoum1tn7y5u_9qazuc.tmp
Deleted file - C:\Users\Ripple\AppData\Local\temp\geek64.bak
Deleted file - C:\Users\Ripple\AppData\Local\temp\7zO8B9DECC1\622.csv
Deleted file - C:\Users\Ripple\AppData\Local\temp\886f9e13-d918-43cb-ac90-9a2a81ffa4c2_geek.7z.4c2\geek.bak
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1721400000565297400_7BDF8B25-26BC-41A0-81F1-5A383DBC556E.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Primary1721400000565820400_7BDF8B25-26BC-41A0-81F1-5A383DBC556E.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1721400000566235400_7BDF8B25-26BC-41A0-81F1-5A383DBC556E.log
Deleted file - C:\Users\Ripple\AppData\Local\temp\Diagnostics\EXCEL\Additional\Additional1721400000566795100_7BDF8B25-26BC-41A0-81F1-5A383DBC556E.log


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10573589 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 80328990 B
Windows/system/drivers => 192097 B
Edge => 0 B
Chrome => 0 B
Firefox => 64539140 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1170 B
Ripple => 25429 B

RecycleBin => 0 B
EmptyTemp: => 149.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:01:20 ====

Hi, also, lot of files in desktop, do I remove them? is it okay to just shift delete them?
 
Yes disable both bitlocker items.

I’ll give a more detailed reply when I get home from work, on lunch now.

Uninstall malwarebytes and run a scan with windows defender.

How is the computer running now?
 
  • Like
Reactions: maxim123
Malnutrition said:
Yes disable both bitlocker items.
Click to expand...
1721415997147.png
I ran this as admin but it still shows this error. I tried to disable them one by one too, but the same thing.

I have uninstalled malwarebytes, win defender was off, when I clicked the notification and opened it, it said something like your IT something has disabled some access to this app or something. thought the error would come again after I closed it and opened the defender again, but it didn't come, so not sure what the error was exactly. going to scan now. [edit. the quick scan finished with no threats found.]

I think I faced no explorer hanging issue today, there was no BSOD in morning too. will still have to check tmrw to be sure after i turn it off and open it again.
 
maxim123 said:
Hi, also, lot of files in desktop, do I remove them?
Click to expand...
Download KpRM
Save to Desktop
Check Delete Tools'
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.
maxim123 said:
I ran this as admin but it still shows this error. I tried to disable them one by one too, but the same thing.
Click to expand...
Follow this guide. https://www.howtogeek.com/805225/disable-bitlocker/

Use this tool. https://www.sordum.org/9416/powerrun-v1-7-run-with-highest-privileges/

maxim123 said:
win defender was off, when I clicked the notification and opened it, it said something like your IT something has disabled some access to this app or something.
Click to expand...


That was due to malwarebytes turning it off. I also reset defender in the last FRST fix.

maxim123 said:
Still says failed to disable adobe type manager. I tried running with trusted source and system user, but both gave the same thing when trying to uncheck adobe type manager.
Click to expand...

Not really important.
maxim123 said:
I think I faced no explorer hanging issue today, there was no BSOD in morning too. will still have to check tmrw to be sure after i turn it off and open it again.
Click to expand...
That is good news, we will wait to see how things. go for a couple days. Can you run FRST and post one last set of logs so I can see please.
 
  • Like
Reactions: maxim123
Malnutrition said:
That is good news, we will wait to see how things. go for a couple days. Can you run FRST and post one last set of logs so I can see please.
Click to expand...
Frst

Code: 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.07.2024
Ran by Max (administrator) on DESKTOP-NLBF3N2 (Standard Standard) (20-07-2024 09:38:54)
Running from C:\Users\Ripple\Desktop\FRST64.exe
Loaded Profiles: Max
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3880 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(D:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] D:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(D:\Riot Games\Riot Client\RiotClientServices.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) D:\Riot Games\Riot Client\RiotClientElectron\Riot Client.exe <5>
(Discord Inc. -> Discord Inc.) C:\Users\Ripple\AppData\Local\Discord\app-1.0.9154\Discord.exe <6>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_helper.exe
(Eclipse.org Foundation, Inc. -> Eclipse Adoptium) D:\Program Files\OmegaT\jre\bin\javaw.exe
(explorer.exe ->) (GitHub, Inc.) [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\PreMiD.exe <3>
(explorer.exe ->) (Matthew Malensek) [File not signed] D:\Program Files (x86)\3RVX\3RVX.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) D:\Riot Games\Riot Client\RiotClientServices.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2405.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <24>
(services.exe ->) (Creative Technology Ltd -> Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_faf3bcecf744f99a\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_c52d1313b56663df\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_19d333f59f2c41d3\RtkAudUService64.exe [3496528 2021-12-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3023152 2024-06-28] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft\Edge* <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [3RVX] => D:\Program Files (x86)\3RVX\3RVX.exe [649216 2016-06-04] (Matthew Malensek) [File not signed]
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\Ripple\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-01-25] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Run: [PreMiD] => C:\Users\Ripple\AppData\Roaming\PreMiD\PreMiD.exe [126285312 2021-02-21] (GitHub, Inc.) [File not signed]
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.128\Installer\chrmstp.exe [2024-07-17] (Google LLC -> Google LLC)
IFEO\EOSnotify.exe: [Debugger] /
IFEO\InstallAgent.exe: [Debugger] /
IFEO\MicrosoftEdge.exe: [Debugger] C:\Windows\System32\systray.exe
IFEO\MicrosoftEdgeUpdate.exe: [Debugger] C:\Windows\System32\systray.exe
IFEO\MoNotificationUx.exe: [Debugger] /
IFEO\msedge.exe: [Debugger] C:\Windows\System32\systray.exe
IFEO\msedgewebview2.exe: [Debugger] C:\Windows\System32\systray.exe
IFEO\MusNotification.exe: [Debugger] /
IFEO\MusNotificationUx.exe: [Debugger] /
IFEO\remsh.exe: [Debugger] /
IFEO\SihClient.exe: [Debugger] /
IFEO\UpdateAssistant.exe: [Debugger] /
IFEO\UsoClient.exe: [Debugger] /
IFEO\WaaSMedic.exe: [Debugger] /
IFEO\WaasMedicAgent.exe: [Debugger] /
IFEO\Windows10Upgrade.exe: [Debugger] /
IFEO\Windows10UpgraderApp.exe: [Debugger] /
Startup: C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANTECH X4S MACRO Gaming Mouse.lnk [2023-12-06]
ShortcutTarget: FANTECH X4S MACRO Gaming Mouse.lnk -> D:\Program Files (x86)\FANTECH X4S MACRO Gaming Mouse\GM_Management.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {EA42CB3B-5A39-4AC0-8A5A-68CE8D0FB14A} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-01-18] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {37657D15-4F3E-4E41-926D-71EDD111C55C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5513520 2024-07-12] (Microsoft Windows -> Microsoft Corporation)
Task: {D4AC5041-77E2-4B65-8A56-183FE771585D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.3{1EF25398-1393-46D7-9025-1FC7773C3FA4} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.3\updater.exe [4623976 2024-06-15] (Google LLC -> Google LLC)
Task: {87086893-B424-4430-86D3-EE498B4BE3D6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {67C10FB8-60E4-41A7-9758-CAD507917BC6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512336 2024-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD4CC5AA-A4A1-4A44-ACB3-6C7B38A52BEE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A89F3999-EEC5-427E-A763-8BA09B4403D1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {9656D819-62AF-4D69-B699-8C68A4310E22} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169408 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {79A20CC3-B704-460F-A061-E00C0679642C} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\WINDOWS\system32\rundll32.exe [90112 2024-07-12] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {4BF5F99D-8958-419C-B89F-885AF217506E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2C7E6ACF-E4F8-4229-B37D-D7D443C303C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6A8CEEB6-9441-42C1-A486-0C3F46A9DE80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C849E698-B738-4660-8BFC-2BF54D6E60E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Update => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6AD209BD-3745-40A2-A435-DF9D73E88AC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F67F9D95-F233-4101-915E-4DC4980112E0} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [677448 2024-07-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {A9E567FC-02C5-45F9-9B7A-B4001FDB210C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-07-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {176762D5-9B28-46D7-91E9-1F49E28C8B2D} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-23] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.101.1 8.8.8.8 4.4.4.4
Tcpip\..\Interfaces\{78d68de6-b91f-4ad0-b2d5-9d46d5172317}: [DhcpNameServer] 192.168.101.1 8.8.8.8 4.4.4.4

Edge:
=======
Edge Profile: C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-19]
Edge Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-15]
Edge Extension: (Edge relevant text changes) - C:\Users\Ripple\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-22]

FireFox:
========
FF DefaultProfile: g5q70h39.default
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\g5q70h39.default [2024-07-19]
FF ProfilePath: C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release [2024-07-20]
FF DownloadDir: C:\Users\Ripple\Desktop
FF Homepage: Mozilla\Firefox\Profiles\10706u2g.default-release -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\10706u2g.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\10706u2g.default-release -> hxxps://pomofocus.io
FF Extension: (Tampermonkey) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\firefox@tampermonkey.net.xpi [2024-05-11]
FF Extension: (FoxyProxy) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\foxyproxy@eric.h.jung.xpi [2024-01-31]
FF Extension: (Web Paint) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\jid1-0dhOSYKGj326og@jetpack.xpi [2024-04-26]
FF Extension: (IDM Integration Module) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2024-07-10]
FF Extension: (PreMiD) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\support@premid.app.xpi [2024-07-16] [UpdateUrl:hxxps://api.premid.app/firefox/updates]
FF Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-05-25]
FF Extension: (Inkah: Chinese & Korean Pop-up Dictionary) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\{de5bbbad-7c53-468e-9d8d-9d737cf5ba81}.xpi [2023-12-06]
FF Extension: (Zhongwen: The Popular Chinese Learning Tool) - C:\Users\Ripple\AppData\Roaming\Mozilla\Firefox\Profiles\10706u2g.default-release\Extensions\{dedb3663-6f13-4c6c-bf0f-5bd111cb2c79}.xpi [2023-12-31]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default [2024-07-19]
CHR Extension: (uBlock Origin) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-06-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-01]
CHR Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2024-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ripple\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15044872 2024-01-27] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-26] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2024-05-25] (EasyAntiCheat Oy -> Epic Games, Inc.)
S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_uf.exe [2751664 2022-03-27] (Intel Corporation -> Intel Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe [1377416 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvtfi.inf_amd64_c52d1313b56663df\Display.NvContainer\NVDisplay.Container.exe [1275424 2024-07-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UWPService; C:\WINDOWS\SysWOW64\Creative.UWPRPCService.exe [364616 2022-08-03] (Creative Technology Ltd -> Creative Technology Ltd)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9705560 2024-06-28] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe [3236728 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe [133688 2024-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_0e92b4646ab70162\iaLPSS2_GPIO2_ADL.sys [150624 2022-06-02] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_35ed2fd5a51c2bc2\iaLPSS2_I2C_ADL.sys [220256 2022-06-02] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88760 2023-07-02] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_cpu.sys [80560 2022-03-27] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_lf.sys [432800 2022-03-27] (Intel Corporation -> Intel Corporation)
R3 MBfilt; C:\WINDOWS\system32\drivers\MBfilt64.sys [37528 2022-08-03] (WDKTestCert ctl_avpbuild,132732627431976536 -> Creative Technology Ltd.)
R3 MpKsl274f0a19; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6252D370-8D40-449F-B959-329010492E37}\MpKslDrv.sys [271640 2024-07-20] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [77792 2023-10-20] (Nmap Software LLC -> Insecure.Com LLC.)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48800 2022-02-23] (SteelSeries ApS -> SteelSeries ApS)
R3 UWACPIDriver; C:\WINDOWS\System32\drivers\UWACPIDriver.sys [43776 2022-09-14] (Uniwill Technology Inc. -> )
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [40415320 2024-06-28] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21968 2024-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-07-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-07-16] (Microsoft Windows -> Microsoft Corporation)
S2 mbamchameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-20 09:38 - 2024-07-20 09:38 - 000034552 _____ C:\Users\Ripple\Desktop\Addition.txt
2024-07-20 09:36 - 2024-07-20 09:39 - 000022999 _____ C:\Users\Ripple\Desktop\FRST.txt
2024-07-20 09:36 - 2024-07-20 09:39 - 000000000 ____D C:\FRST
2024-07-20 09:36 - 2024-07-20 09:36 - 002395648 _____ (Farbar) C:\Users\Ripple\Desktop\FRST64.exe
2024-07-20 09:23 - 2024-07-20 09:24 - 000002513 _____ C:\Users\Ripple\Desktop\kprm-20240720092348.txt
2024-07-20 09:23 - 2024-07-20 09:23 - 000410232 _____ C:\WINDOWS\system32\prfh0804.dat
2024-07-20 09:23 - 2024-07-20 09:23 - 000130308 _____ C:\WINDOWS\system32\prfc0804.dat
2024-07-20 09:23 - 2024-07-20 09:23 - 000000000 ____D C:\KPRM
2024-07-19 23:55 - 2024-07-19 23:55 - 000000016 _____ C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt
2024-07-19 21:02 - 2024-07-19 21:02 - 000500856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-07-19 20:46 - 2024-07-19 20:46 - 000000396 _____ C:\ProgramData\ntuser.pol
2024-07-19 20:39 - 2021-05-19 08:41 - 000954152 _____ (d7xTech, Inc.) C:\Users\Ripple\Desktop\RunXcmd.exe
2024-07-19 20:39 - 2021-05-19 08:40 - 001036072 _____ (d7xTech, Inc.) C:\Users\Ripple\Desktop\RunX.exe
2024-07-19 20:39 - 2020-12-28 10:39 - 000001369 _____ C:\Users\Ripple\Desktop\Info.txt
2024-07-19 20:35 - 2024-07-19 20:35 - 000604234 _____ C:\Users\Ripple\Desktop\RunX.zip
2024-07-19 20:34 - 2024-07-19 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2024-07-19 20:33 - 2024-07-19 20:33 - 001620576 _____ (Igor Pavlov) C:\Users\Ripple\Desktop\7z2407-x64.exe
2024-07-19 11:24 - 2024-07-19 20:55 - 000000000 ____D C:\Users\Ripple\Desktop\avz4
2024-07-19 11:24 - 2024-07-19 11:24 - 010112832 _____ C:\Users\Ripple\Desktop\avz4.zip
2024-07-19 11:17 - 2024-07-19 11:17 - 000000000 ____D C:\Users\Ripple\Desktop\PrivaZer registry backups
2024-07-19 11:15 - 2024-07-19 11:23 - 000032668 _____ C:\Users\Ripple\Desktop\PrivaZer.ini
2024-07-18 10:35 - 2024-07-18 10:35 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\NVIDIA
2024-07-18 10:35 - 2024-07-18 10:35 - 000000000 ____D C:\Users\Ripple\AppData\Local\NVIDIA
2024-07-18 10:30 - 2024-07-18 10:30 - 007817668 _____ C:\Users\Ripple\Desktop\DESKTOP-NLBF3N2.arn
2024-07-18 10:29 - 2024-02-06 19:49 - 000024592 ____N C:\Users\Ripple\Desktop\autoruns.chm
2024-07-18 10:29 - 2019-04-01 14:41 - 000003015 _____ C:\Users\Ripple\Desktop\EULA.txt
2024-07-18 10:28 - 2024-07-18 10:29 - 002932380 _____ C:\Users\Ripple\Desktop\Autoruns.zip
2024-07-18 10:21 - 2024-07-18 10:21 - 000000000 ____D C:\Users\Ripple\AppData\LocalLow\NVIDIA
2024-07-18 10:19 - 2024-07-20 09:15 - 000000000 ____D C:\ProgramData\NVIDIA
2024-07-18 10:19 - 2024-07-18 10:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-07-18 10:16 - 2024-07-16 19:53 - 002040576 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-07-18 10:16 - 2024-07-16 19:53 - 002040576 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-07-18 10:16 - 2024-07-16 19:53 - 001583872 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-07-18 10:16 - 2024-07-16 19:53 - 001583872 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-07-18 10:16 - 2024-07-16 19:53 - 001446656 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 001446656 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 001296640 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 001296640 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 000477704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-07-18 10:16 - 2024-07-16 19:53 - 000374288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 016199688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 014270072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 007133048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 006914056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 006211816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 005910664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 005349408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 003788400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 002178160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001629832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001546760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001202704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001079432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 001034360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 000856584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-07-18 10:15 - 2024-07-16 19:53 - 000853112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-07-18 10:15 - 2024-07-16 19:53 - 000797320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 000669816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 000505992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-07-18 10:15 - 2024-07-16 19:53 - 000461432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-07-18 10:15 - 2024-07-16 19:53 - 000128301 _____ C:\WINDOWS\system32\nvinfo.pb
2024-07-18 10:14 - 2024-07-19 19:47 - 000000000 ____D C:\Users\Ripple\AppData\Local\D3DSCache
2024-07-18 10:09 - 2024-07-18 10:10 - 000000000 ____D C:\Users\Ripple\Desktop\DDU v18.0.7.8
2024-07-18 10:08 - 2024-07-18 10:12 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-07-18 10:06 - 2024-07-11 08:58 - 001235376 _____ (Igor Pavlov) C:\Users\Ripple\Desktop\DDU v18.0.7.8.exe
2024-07-18 10:06 - 2015-09-05 02:03 - 000000000 ____D C:\Users\Ripple\Desktop\Guru3D.com
2024-07-18 10:05 - 2024-07-18 10:05 - 001134976 _____ C:\Users\Ripple\Desktop\[Guru3D.com]-DDU.zip
2024-07-17 14:44 - 2024-07-20 09:23 - 000000000 ____D C:\Users\Ripple\Desktop\LOG
2024-07-17 14:43 - 2024-07-17 14:43 - 000481552 _____ C:\Users\Ripple\Desktop\ClearLNK.zip
2024-07-17 14:39 - 2024-07-17 14:42 - 000000000 ____D C:\Users\Ripple\Desktop\AutoLogger
2024-07-17 14:36 - 2024-07-17 14:36 - 018503564 _____ (Company © regist & Drongo) C:\Users\Ripple\Desktop\AutoLogger.exe
2024-07-17 14:31 - 2024-07-17 14:37 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Everything
2024-07-17 14:31 - 2024-07-17 14:37 - 000000000 ____D C:\Users\Ripple\AppData\Local\Everything
2024-07-17 14:31 - 2024-07-17 14:31 - 000001062 _____ C:\Users\Public\Desktop\Everything.lnk
2024-07-17 14:31 - 2024-07-17 14:31 - 000000000 ____D C:\Program Files\Everything
2024-07-17 12:27 - 2024-07-17 12:27 - 000055142 _____ C:\Users\Ripple\Desktop\1503.pdf
2024-07-17 11:38 - 2024-07-17 11:38 - 288453352 _____ C:\Users\Ripple\Desktop\qs76k3x5.exe
2024-07-15 18:42 - 2024-07-20 09:11 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\PreMiD
2024-07-15 18:42 - 2024-07-15 18:42 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PreMiD
2024-07-15 17:39 - 2024-07-15 17:39 - 000001148 _____ C:\Users\Ripple\Desktop\PreMiD.lnk
2024-07-15 12:43 - 2024-07-15 12:43 - 000000028 _____ C:\Users\Ripple\Desktop\Netflix pass.txt
2024-07-14 19:30 - 2024-07-14 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\obs-backgroundremoval
2024-07-14 19:00 - 2024-07-20 01:56 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\obs-studio
2024-07-14 19:00 - 2024-07-14 19:00 - 000000913 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2024-07-14 19:00 - 2024-07-14 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2024-07-13 17:38 - 2024-07-13 17:38 - 000000000 ____D C:\WINDOWS\system32\SteelSeries
2024-07-12 12:06 - 2024-07-12 12:06 - 000025684 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-12 12:05 - 2024-07-12 12:05 - 000025684 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-07-12 11:55 - 2024-07-20 09:23 - 001376594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-07-12 11:53 - 2023-06-16 07:33 - 000161920 _____ (Razer Inc) C:\WINDOWS\system32\RazerS3CoinstallerEx.dll
2024-07-12 11:52 - 2024-07-12 11:52 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-07-12 11:51 - 2024-07-20 09:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-07-12 11:51 - 2024-07-19 21:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-07-12 11:51 - 2024-07-19 10:57 - 000003522 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-12 11:51 - 2024-07-19 10:57 - 000003298 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-12 11:51 - 2024-07-19 10:57 - 000002220 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2024-07-12 11:51 - 2024-07-19 10:56 - 000003016 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2024-07-12 11:51 - 2024-07-12 11:51 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-07-12 11:51 - 2024-07-12 11:51 - 000000020 ___SH C:\Users\Ripple\ntuser.ini
2024-07-12 11:51 - 2024-07-12 11:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-07-12 11:50 - 2024-07-12 11:51 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2024-07-12 11:50 - 2024-07-12 11:51 - 000011433 _____ C:\WINDOWS\diagerr.xml
2024-07-12 11:50 - 2024-07-12 11:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-07-12 11:49 - 2024-07-20 09:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-07-12 11:49 - 2024-07-20 09:10 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2024-07-12 11:49 - 2024-07-12 11:51 - 000000000 ____D C:\Windows.old
2024-07-12 11:39 - 2024-07-12 11:49 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Crypto
2024-07-12 11:39 - 2024-07-12 11:39 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\SystemCertificates
2024-07-12 11:39 - 2024-07-12 11:39 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Network
2024-07-12 11:36 - 2024-07-12 11:49 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-07-12 11:35 - 2024-07-20 09:23 - 000000000 ____D C:\Users\Ripple
2024-07-12 11:35 - 2024-07-12 11:52 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows
2024-07-12 11:35 - 2024-07-12 11:49 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Spelling
2024-07-12 11:34 - 2024-07-12 11:34 - 000000000 ____D C:\WINDOWS\system32\DTS
2024-07-12 11:33 - 2024-07-12 11:35 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-07-12 11:31 - 2024-07-12 12:09 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-07-12 11:31 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs
2024-07-12 11:31 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2024-07-12 11:27 - 2024-07-12 11:27 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2024-07-12 11:26 - 2024-07-12 11:26 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files\MSBuild
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-07-12 11:23 - 2024-07-12 11:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-07-12 11:22 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\SysWOW64\zh-HANS
2024-07-12 11:22 - 2024-07-12 11:31 - 000000000 ____D C:\WINDOWS\system32\zh-HANS
2024-07-12 11:10 - 2024-07-12 11:10 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-07-12 10:50 - 2024-07-19 11:20 - 000000000 ___DC C:\WINDOWS\Panther
2024-07-12 10:28 - 2024-07-12 10:38 - 000000000 ____D C:\Users\Ripple\Desktop\AV_block_remover
2024-07-12 10:27 - 2024-07-12 10:27 - 000000535 _____ C:\Users\Ripple\Desktop\rules.txt
2024-07-11 12:14 - 2024-07-11 12:14 - 009763745 _____ C:\Users\Ripple\Desktop\AVbr.zip
2024-07-10 12:09 - 2024-07-20 09:38 - 000000000 ____D C:\Users\Ripple\OutsideOfTime2
2024-07-08 17:20 - 2024-07-08 17:20 - 000000000 ____D C:\Users\Ripple\AppData\Local\AeternoBlade2
2024-07-06 23:28 - 2024-07-06 23:28 - 032304119 _____ C:\Users\Ripple\Desktop\抖音202476-821595.mp4
2024-07-06 22:42 - 2024-07-06 22:42 - 002998270 _____ C:\Users\Ripple\Desktop\抖音202476-343052.mp4
2024-07-06 14:49 - 2024-07-06 14:49 - 003854180 _____ C:\Users\Ripple\Desktop\抖音202476-054518.mp4
2024-07-04 22:51 - 2024-07-04 22:51 - 000000917 _____ C:\Users\Ripple\Desktop\cslol-manager - Shortcut.lnk
2024-07-04 20:57 - 2024-07-12 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2024-07-04 20:54 - 2024-07-04 20:54 - 000000000 ____D C:\Users\Ripple\AppData\Local\moonshadow565
2024-07-04 16:47 - 2024-07-04 16:47 - 000000757 _____ C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AutoLogger.lnk
2024-07-03 10:07 - 2024-07-03 10:07 - 000087973 _____ C:\Users\Ripple\Desktop\b9995525a52dc58aecf5.svg
2024-07-02 16:27 - 2024-07-17 14:59 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\ZHP
2024-07-01 22:31 - 2024-07-01 22:31 - 131655600 _____ (NVIDIA Corporation) C:\Users\Ripple\Desktop\GeForce_Experience_v3.28.0.417.exe
2024-07-01 16:53 - 2024-07-01 16:55 - 000000000 ____D C:\Users\Ripple\Documents\The Riftbreaker
2024-07-01 16:53 - 2024-07-01 16:53 - 000000000 ____D C:\Users\Ripple\AppData\Local\mod.io
2024-07-01 16:53 - 2024-07-01 16:53 - 000000000 ____D C:\Users\Public\mod.io
2024-06-29 11:25 - 2024-06-29 11:25 - 000000639 _____ C:\Users\Public\Desktop\The Riftbreaker.lnk
2024-06-25 21:42 - 2024-06-25 21:42 - 000000000 ____D C:\Users\Ripple\AppData\Local\MSAR
2024-06-24 15:34 - 2024-07-14 19:00 - 000000000 ____D C:\ProgramData\obs-studio
2024-06-22 17:36 - 2024-06-22 17:41 - 946240506 _____ C:\Users\Ripple\Downloads\Chhorii (2021) 720p 10bit AMZN WEBRip x265 HEVC Hindi AAC 5.1 ESub ~ Immortal.mkv
2024-06-20 20:35 - 2024-07-20 09:10 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-20 09:32 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-07-20 09:30 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-20 09:23 - 2022-05-07 11:07 - 000000000 ____D C:\WINDOWS\INF
2024-07-20 09:19 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\discord
2024-07-20 09:19 - 2024-02-22 09:44 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\riot-client-ux
2024-07-20 09:19 - 2023-12-06 13:33 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-20 09:18 - 2024-06-03 10:05 - 000000000 ____D C:\Users\Ripple\AppData\Local\Discord
2024-07-20 09:18 - 2024-05-01 15:56 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2024-07-20 09:15 - 2023-12-06 06:52 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-20 09:15 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ServiceState
2024-07-20 09:10 - 2023-12-06 13:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-07-20 01:56 - 2022-05-07 11:02 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2024-07-20 01:00 - 2023-12-16 08:59 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Spotify
2024-07-19 23:03 - 2023-12-16 08:59 - 000000000 ____D C:\Users\Ripple\AppData\Local\Spotify
2024-07-19 21:07 - 2024-02-11 22:16 - 000000124 _____ C:\ProgramData\autoclickconfig.ini
2024-07-19 21:07 - 2024-01-21 19:25 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
2024-07-19 21:07 - 2024-01-21 19:25 - 000001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2024-07-19 21:07 - 2023-12-25 11:25 - 000000000 ____D C:\ProgramData\Riot Games
2024-07-19 21:07 - 2023-12-25 11:23 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-07-19 21:07 - 2023-12-25 11:23 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-07-19 21:07 - 2023-12-25 11:23 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-07-19 21:07 - 2023-12-25 11:23 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-07-19 21:07 - 2023-12-06 13:33 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-07-19 21:07 - 2023-12-06 06:52 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-19 21:05 - 2023-12-06 13:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-07-19 21:01 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-19 20:56 - 2023-12-06 06:56 - 000000000 ____D C:\Users\Ripple\AppData\Local\Packages
2024-07-19 20:50 - 2023-12-06 21:13 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\vlc
2024-07-19 20:35 - 2023-12-26 23:17 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Excel
2024-07-19 20:22 - 2023-12-25 11:23 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-07-19 20:22 - 2023-12-07 17:45 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-19 11:20 - 2023-12-07 10:43 - 000000000 ____D C:\Users\Ripple\AppData\Local\CrashDumps
2024-07-19 11:20 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-07-19 11:17 - 2023-12-15 11:19 - 000000000 ____D C:\Users\Ripple\AppData\Local\ElevatedDiagnostics
2024-07-19 10:37 - 2022-05-07 11:09 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-18 12:20 - 2023-12-06 06:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-07-18 10:28 - 2022-05-07 11:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-07-18 10:26 - 2023-12-06 06:55 - 000000000 ____D C:\ProgramData\Packages
2024-07-18 10:12 - 2023-12-10 12:45 - 001066852 _____ C:\WINDOWS\ntbtlog.txt
2024-07-18 10:12 - 2023-12-06 07:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-07-18 10:12 - 2023-12-06 06:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-07-17 21:12 - 2023-12-07 23:24 - 000000000 ____D C:\Users\Ripple\Downloads\Telegram Desktop
2024-07-17 15:00 - 2023-12-08 22:42 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\qBittorrent
2024-07-17 14:30 - 2023-12-06 16:56 - 000000000 ____D C:\Users\Ripple\Downloads\Compressed
2024-07-17 11:35 - 2023-12-06 07:02 - 000000000 ____D C:\Temp
2024-07-17 11:33 - 2023-12-07 17:45 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-07-17 01:45 - 2024-06-03 10:05 - 000002297 _____ C:\Users\Ripple\Desktop\Discord.lnk
2024-07-16 10:14 - 2023-12-06 06:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-07-15 12:22 - 2023-12-06 21:35 - 000000000 ____D C:\Users\Ripple\AppData\Local\PlaceholderTileLogoFolder
2024-07-15 09:34 - 2023-12-06 13:52 - 000000718 _____ C:\Users\Public\Desktop\Speccy.lnk
2024-07-14 19:39 - 2024-02-23 11:33 - 000000000 ___RD C:\Sandbox
2024-07-12 22:17 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\appcompat
2024-07-12 12:26 - 2022-05-07 11:09 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-12 12:11 - 2024-06-11 12:09 - 000000000 ____D C:\Program Files (x86)\Razer
2024-07-12 12:09 - 2022-05-07 13:24 - 000000000 ____D C:\WINDOWS\InboxApps
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\UUS
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemResources
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Provisioning
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-07-12 12:09 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-07-12 12:07 - 2022-05-07 11:09 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-07-12 12:05 - 2023-12-25 11:20 - 000000000 ____D C:\Program Files\Microsoft Office
2024-07-12 11:51 - 2023-12-06 06:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-07-12 11:51 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Windows Defender
2024-07-12 11:50 - 2023-12-06 06:52 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-07-12 11:50 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Media
2024-07-12 11:49 - 2024-05-24 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2024-07-12 11:49 - 2024-05-24 18:37 - 000000000 ____D C:\WINDOWS\system32\Npcap
2024-07-12 11:49 - 2024-03-22 22:14 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2024-07-12 11:49 - 2024-01-28 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2024-07-12 11:49 - 2024-01-21 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks X
2024-07-12 11:49 - 2023-12-25 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-07-12 11:49 - 2023-12-12 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 EXNESS
2024-07-12 11:49 - 2023-12-07 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3RVX
2024-07-12 11:49 - 2023-12-06 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2024-07-12 11:49 - 2023-12-06 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\FANTECH X4S MACRO Gaming Mouse
2024-07-12 11:49 - 2023-12-06 07:02 - 000000000 ____D C:\Program Files\Intel
2024-07-12 11:49 - 2023-12-05 15:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-07-12 11:49 - 2022-05-07 11:09 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\spool
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2024-07-12 11:49 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-07-12 11:44 - 2022-05-07 11:13 - 000000000 ____D C:\WINDOWS\Setup
2024-07-12 11:36 - 2024-02-20 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2024-07-12 11:36 - 2023-12-12 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2024-07-12 11:36 - 2023-12-05 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-07-12 11:31 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\WUModels
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SystemApps
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\setup
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\id-ID
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\Globalization
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-07-12 11:31 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files\Common Files\System
2024-07-12 11:31 - 2022-05-07 11:02 - 000000000 ____D C:\WINDOWS\servicing
2024-07-12 11:30 - 2022-05-07 13:24 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-07-12 11:30 - 2022-05-07 13:24 - 000024383 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-07-12 11:30 - 2022-05-07 11:10 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-07-12 11:30 - 2022-05-07 11:09 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-07-12 11:24 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\OCR
2024-07-12 11:23 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2024-07-12 11:23 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\MUI
2024-07-12 11:22 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-07-12 11:22 - 2022-05-07 13:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\winrm
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\slmgr
2024-07-12 11:22 - 2022-05-07 13:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ___SD C:\WINDOWS\system32\dsc
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\system32\Com
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\IME
2024-07-12 11:22 - 2022-05-07 11:09 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-07-12 10:45 - 2023-12-05 15:25 - 194135240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-07-11 11:58 - 2024-06-11 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-07-11 11:58 - 2024-06-11 12:08 - 000000000 ____D C:\ProgramData\Razer
2024-07-10 17:55 - 2024-03-22 10:23 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\Anki2
2024-07-09 18:25 - 2024-06-15 11:00 - 000000000 ____D C:\Users\Ripple\OutsideOfTime
2024-07-08 17:20 - 2024-06-05 18:49 - 000000000 ____D C:\Users\Ripple\Documents\Player
2024-07-06 12:28 - 2024-01-15 18:10 - 000000000 ____D C:\Users\Ripple\AppData\Local\UnrealEngine
2024-07-05 12:49 - 2024-03-08 15:32 - 000001290 _____ C:\Users\Ripple\Desktop\loan.txt
2024-07-03 10:14 - 2023-12-06 16:38 - 000002182 _____ C:\Users\Ripple\Desktop\mod-2-.txt
2024-07-02 10:41 - 2024-03-02 11:10 - 000000000 ____D C:\Users\Ripple\AppData\LocalLow\Temp
2024-07-01 22:44 - 2023-12-25 11:23 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2024-06-30 09:56 - 2024-05-01 15:55 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-06-26 15:21 - 2023-12-06 13:45 - 000000000 ____D C:\Users\Ripple\AppData\Roaming\AnyDesk

==================== Files in the root of some directories ========

2024-07-19 23:55 - 2024-07-19 23:55 - 000000016 _____ () C:\Users\Ripple\AppData\Roaming\obs-virtualcam.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition

Code: 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by Max (20-07-2024 09:39:35)
Running from C:\Users\Ripple\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3880 (X64) (2024-07-12 06:06:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2515384590-1499498081-2273501178-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2515384590-1499498081-2273501178-503 - Limited - Disabled)
Guest (S-1-5-21-2515384590-1499498081-2273501178-501 - Limited - Disabled)
Max (S-1-5-21-2515384590-1499498081-2273501178-1001 - Administrator - Enabled) => C:\Users\Ripple
WDAGUtilityAccount (S-1-5-21-2515384590-1499498081-2273501178-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3RVX (HKLM-x32\...\{400A8514-5440-410A-B318-44061BD7EE8E}) (Version: 2.9.2.0 - Matthew Malensek)
7-Zip 24.07 (x64) (HKLM\...\7-Zip) (Version: 24.07 - Igor Pavlov)
AeternoBlade II: Infinity (HKLM-x32\...\AeternoBlade II: Infinity_is1) (Version:  - )
Anki (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Anki) (Version: 23.12.1 - )
AutoHotkey (user) (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\AutoHotkey) (Version: 2.0.10 - AutoHotkey Foundation LLC)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.20.10.1003 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\BlueStacksServices) (Version: 3.0.8 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\BlueStacks X) (Version: 10.10.1.1001 - now.gg, Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{3FD9F3E6-059D-4E4D-8B5B-EBAE90CA882E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools)
FANTECH X4S MACRO Gaming Mouse (HKLM-x32\...\{7587581E-9DAD-412D-9AA4-8541FCBCCAF6}) (Version: 1.00.0000 - FANTECH)
FIFA 16 (HKLM-x32\...\FIFA 16_is1) (Version:  - )
Geeks3D FurMark 1.36.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.36.0.0 - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.128 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{BB1E910B-7D2D-4FC8-A87C-5A53CAC2D5A8}) (Version: 10.1.19159.8331 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a8ed3a4b-8ec2-4b7d-b0f6-0f4db00ea2ce}) (Version: 10.1.19159.8331 - Intel(R) Corporation)
Intel(R) LMS (HKLM\...\{B76FE067-1B6B-416E-9A99-C1BF5E9A2FC1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2149.16.0.2602 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{3EE91568-6FE3-43AA-9BFC-7496A56D272C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{E4924222-0A39-4EEE-8F7E-8C95BDFDCFCE}) (Version: 1.0.0.0 - Intel Corporation) Hidden
League of Legends (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
MetaTrader 4 EXNESS (HKLM-x32\...\MetaTrader 4 EXNESS) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft .NET Host - 6.0.25 (x64) (HKLM\...\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.7 (x64) (HKLM\...\{E914E975-A0B1-49F7-AB71-28DACD495C44}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM\...\{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.7 (x64) (HKLM\...\{62A9DE14-DB7A-41D9-9D7E-ED494E6FCBAF}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM\...\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.7 (x64) (HKLM\...\{ECCA3DB0-6DEF-42CD-A21A-F2F7B918FB59}) (Version: 56.31.61636 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 7.0.7 - Shared Framework (x64) (HKLM-x32\...\{4a749a1a-b799-41b4-a328-33a7b2355e76}) (Version: 7.0.7.23274 - Microsoft Corporation)
Microsoft ASP.NET Core 7.0.7 Shared Framework (x64) (HKLM\...\{5ECA54B7-62F2-39EE-9514-31F7DFFFC968}) (Version: 7.0.7.23274 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.17726.20160 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM\...\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32\...\{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM\...\{593F16DC-C2D3-4740-ABD4-A171B4E32B06}) (Version: 56.31.61651 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.7 (x64) (HKLM-x32\...\{e875fc20-9a37-4344-b046-0bb037cb2d57}) (Version: 7.0.7.32525 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 128.0 (x64 en-US)) (Version: 128.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.78 - Nmap Project)
NVIDIA Graphics Driver 560.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.2.0 - OBS Project)
obs-backgroundremoval version 1.1.13 (HKLM-x32\...\{1527c9ec-2638-4e3b-94d7-cc25d27cd725}_is1) (Version: 1.1.13 - Roy Shilkrot)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
OmegaT version 6.0.0 (HKLM\...\org.omegat_is1) (Version: 6.0.0 - OmegaT)
PreMiD (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\PreMiD latest) (Version: latest - Timeraa)
Prince of Persia: The Lost Crown (HKLM-x32\...\Prince of Persia: The Lost Crown_is1) (Version:  - )
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.5 - The qBittorrent project)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9289.1 - Realtek Semiconductor Corp.)
Riot Client  (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Riot Game Riot_Client.) (Version:  - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.33 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stremio (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Stremio) (Version: 4.4.165 - Smart Code Ltd)
Svarog's Dream (HKLM-x32\...\Svarog's Dream_is1) (Version:  - )
Telegram Desktop (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.2.3 - Telegram FZ-LLC)
The Riftbreaker (HKLM-x32\...\The Riftbreaker_is1) (Version:  - )
VALORANT (HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Warm Snow (HKLM-x32\...\Warm Snow_is1) (Version:  - )

Packages:
=========

AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-16] (INTEL CORP) [Startup Task]
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24061.40.0_x64__cw5n1h2txyewy [2024-07-14] (Microsoft Windows) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-07-18] (NVIDIA Corp.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.3017.0_x64__8wekyb3d8bbwe [2024-07-12] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_x64__dt26b99r8h8gj [2023-12-07] (Realtek Semiconductor Corp)
Sound Blaster Cinema 6+ -> C:\Program Files\WindowsApps\CreativeTechnologyLtd.52058C5BB174B_1.0.9.0_x86__13fcda18mhdz2 [2023-12-07] (Creative Technology Ltd.)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-11] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-11] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-12] (Microsoft Windows)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvtfi.inf_amd64_c52d1313b56663df\nvshext.dll [2024-07-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => d:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\Prince of Persia - The Lost Crown.lnk -> D:\games\Prince of Persia - The Lost Crown\Ryujinx.bat ()

==================== Loaded Modules (Whitelisted) =============

2024-07-15 18:42 - 2021-02-21 06:18 - 002823680 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\ffmpeg.dll
2024-07-15 18:42 - 2021-02-21 06:18 - 000449024 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\libegl.dll
2024-07-15 18:42 - 2021-02-21 06:18 - 007620096 _____ () [File not signed] C:\Users\Ripple\AppData\Roaming\PreMiD\libglesv2.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 002525184 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\ffmpeg.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 000384000 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\libegl.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 006728704 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\libglesv2.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 004486656 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\vk_swiftshader.dll
2024-02-06 10:26 - 2024-02-06 10:26 - 000793088 _____ () [File not signed] D:\Riot Games\Riot Client\RiotClientElectron\vulkan-1.dll
2024-07-20 09:38 - 2024-07-20 09:38 - 000457216 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Users\Ripple\AppData\Local\Temp\jna13045848097226651744.hunspell-win-x86-64.dll
2024-07-19 20:34 - 2024-06-19 12:45 - 000101376 _____ (Igor Pavlov) [File not signed] d:\Program Files\7-Zip\7-zip.dll
2024-07-20 09:38 - 2024-07-20 09:38 - 000246784 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\Ripple\AppData\Local\Temp\jna-77124\jna16749526344863920940.dll
2023-12-25 11:23 - 2023-12-25 11:23 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-12-25 11:23 - 2023-12-25 11:23 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\autoclickconfig.ini:07021500A6 [5162]
AlternateDataStreams: C:\ProgramData\empty.ico:8C1C1B484F [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk:088221F38A [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk:FE00AE19CB [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5162]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 11:09 - 2024-07-17 15:17 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.101.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\StartupFolder: => "FANTECH X4S MACRO Gaming Mouse.lnk"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\Run: => "electron.app.BlueStacks Services"
HKU\S-1-5-21-2515384590-1499498081-2273501178-1001\...\StartupApproved\Run: => "Synapse3"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8CCB1C45-E271-4B01-ABA7-132FF296432A}C:\users\ripple\appdata\roaming\premid\premid.exe] => (Block) C:\users\ripple\appdata\roaming\premid\premid.exe (GitHub, Inc.) [File not signed]
FirewallRules: [UDP Query User{F1741449-ED48-43D2-9DA1-7409F4BCCA55}C:\users\ripple\appdata\roaming\premid\premid.exe] => (Block) C:\users\ripple\appdata\roaming\premid\premid.exe (GitHub, Inc.) [File not signed]
FirewallRules: [TCP Query User{6EB121B7-C8C9-40DE-B773-6B591003B742}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{70DF2B4C-BE61-4BAE-ABCC-B28316DB8DDE}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{DD0E8B3A-D2B1-4225-A5AD-F34961EA8063}E:\program files (x86)\spotify portable\app\spotify\spotify.exe] => (Allow) E:\program files (x86)\spotify portable\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{995B1AB4-B894-435C-A73E-1AA7CA30DB47}E:\program files (x86)\spotify portable\app\spotify\spotify.exe] => (Allow) E:\program files (x86)\spotify portable\app\spotify\spotify.exe (Spotify Ltd) [File not signed]
FirewallRules: [TCP Query User{5F55B6F2-90EF-4BCB-9DE2-38D90809A195}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{6678D7C1-4FE1-4C4E-968F-EA237EF1A6B2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{58326B2A-4DEA-4D37-B810-B4685453554D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D1A6E0B2-386B-499E-99DB-8E1504E46C39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

20-07-2024 09:23:53 KpRm

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/20/2024 09:19:33 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-NLBF3N2)
Description: Faulting application name: RiotClientServices.exe, version: 90.0.2.1805, time stamp: 0xd3edcafb
Faulting module name: RiotClientFoundation.dll_unloaded, version: 90.0.2.1805, time stamp: 0xf706d122
Exception code: 0xc0000005
Fault offset: 0x0062e3f0
Faulting process id: 0x0x288c
Faulting application start time: 0x0x1dada55b91ac1b7
Faulting application path: D:\Riot Games\Riot Client\RiotClientServices.exe
Faulting module path: RiotClientFoundation.dll
Report Id: c575c141-2624-4acf-9be8-bfc7163e4902
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2024 12:52:57 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: MBAMService.exe, version: 3.2.0.1306, time stamp: 0x666a202a
Faulting module name: mbae-api-na.dll_unloaded, version: 1.13.4.585, time stamp: 0x65a15425
Exception code: 0xc0000005
Fault offset: 0x0000000000038d72
Faulting process id: 0x0x1f60
Faulting application start time: 0x0x1dada0eea690a1f
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: mbae-api-na.dll
Report Id: 9eb6f5df-4a72-48d1-931d-aba409dc3d40
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2024 09:02:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Ripple\Desktop\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.

Error: (07/19/2024 08:55:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {28ae482a-dba5-4de4-ae0c-b622c6752498}

Error: (07/19/2024 08:22:27 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-NLBF3N2)
Description: Faulting application name: RiotClientServices.exe, version: 90.0.2.1805, time stamp: 0xd3edcafb
Faulting module name: RiotClientFoundation.dll_unloaded, version: 90.0.2.1805, time stamp: 0xf706d122
Exception code: 0xc0000005
Fault offset: 0x0062e3f0
Faulting process id: 0x0x22e8
Faulting application start time: 0x0x1dad9e92cd6800a
Faulting application path: D:\Riot Games\Riot Client\RiotClientServices.exe
Faulting module path: RiotClientFoundation.dll
Report Id: 77c27e35-b879-415d-8a8b-013a90be8490
Faulting package full name:
Faulting package-relative application ID:

Error: (07/19/2024 07:46:47 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-NLBF3N2)
Description: Faulting application name: RiotClientServices.exe, version: 90.0.2.1805, time stamp: 0xd3edcafb
Faulting module name: RiotClientFoundation.dll_unloaded, version: 90.0.2.1805, time stamp: 0xf706d122
Exception code: 0xc0000005
Fault offset: 0x0062e3f0
Faulting process id: 0x0x39fc
Faulting application start time: 0x0x1dad9e430ac8755
Faulting application path: D:\Riot Games\Riot Client\RiotClientServices.exe
Faulting module path: RiotClientFoundation.dll
Report Id: 550aa612-83f5-4038-b9f4-d7363c555bb2
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (07/20/2024 09:15:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mbamchameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/20/2024 09:15:34 AM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (07/20/2024 09:15:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:11:01 AM on ‎7/‎20/‎2024 was unexpected.

Error: (07/20/2024 09:11:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mbamchameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/20/2024 12:52:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/19/2024 11:28:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/19/2024 11:03:52 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

Error: (07/19/2024 10:53:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NLBF3N2)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.


Windows Defender:
================Event[0]

Date: 2024-07-19 21:12:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

Date: 2024-07-19 21:12:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

Date: 2024-07-19 21:12:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

Date: 2024-07-19 21:12:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

Date: 2024-07-19 21:12:19
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.182.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. 

CodeIntegrity:
===============
Date: 2024-07-20 09:19:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Ripple\AppData\Local\Discord\app-1.0.9154\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements.

Date: 2024-07-20 00:52:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. N.1.14STD00 09/15/2022
Motherboard: Standard Standard
Processor: 12th Gen Intel(R) Core(TM) i7-12700H
Percentage of memory in use: 36%
Total physical RAM: 32508.54 MB
Available physical RAM: 20550.45 MB
Total Virtual: 34556.54 MB
Available Virtual: 19918.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.07 GB) (Free:121.13 GB) (Model: CT1000P3PSSD8) NTFS
Drive d: (Max) (Fixed) (Total:683.59 GB) (Free:439.23 GB) (Model: CT1000P3PSSD8) NTFS
Drive e: (PortableSSD) (Fixed) (Total:931.51 GB) (Free:202.99 GB) (Model: SanDisk Portable SSD SCSI Disk Device) NTFS
Drive f: (portable movies & games) (Fixed) (Total:953.85 GB) (Free:780.4 GB) (Model: JMicron Tech SCSI Disk Device) NTFS

\\?\Volume{32397118-47cf-4961-8f00-d29de02ab434}\ () (Fixed) (Total:0.74 GB) (Free:0.13 GB) NTFS
\\?\Volume{4cd4fb91-1125-4d65-a761-2c4f675a5ae6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================


Unfortunately, I got BSOD again when I started the laptop earlier (after waking up).
 
maxim123 said:
Unfortunately, I got BSOD again when I started the laptop earlier (after waking up).
Click to expand...

maxim123 said:
Unfortunately no. the bsod still stops at 0% error collection.
there is no dump file created, so it shows
1720847500579.png
Click to expand...





Open elevated command prompt. Enter the commands (copy and paste) below hit enter after each.


mkdir %SystemRoot%\Minidump

wmic computersystem where name="%computername%" set automaticmanagedpagefile=true

attrib %SystemRoot%\Minidump

icacls %SystemRoot%\Minidump

Hopefully the machine will write a dump file to this directory now.

Is explorer hanging anymore?
 
  • Like
Reactions: maxim123
Ok. Update when you have run the computer for a while, and if it does BSOD again hopefully it creates a dump we can check.
 
  • Like
Reactions: maxim123
Hi, I got BSOD again. this time in windows loading screen. KERNEL DATA INPAGE ERROR
it also stopped at 0% error gathering. I checked minidump and there was no file there.
 
Status
Not open for further replies.
Top Bottom