Jump to content

Random CMD prompts when laptop charger plugged in


CrashX

Recommended Posts

On 7/2/2020 at 1:52 AM, AdvancedSetup said:

Hello @MalwareIsDum

Please let us know the following

Manufacturer name:
Model number:
Current OS:

Then run the following so we can get some logs to see what is running on your system

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
Ran by amory (administrator) on AMMAR (Dell Inc. Vostro 3591) (30-12-2021 21:54:25)
Running from C:\Users\amory\OneDrive\Desktop
Loaded Profiles: amory
Platform: Microsoft Windows 11 Pro Version 21H2 22000.376 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <8>
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_eede4da71d933122\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_eede4da71d933122\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_dd349ca1e8d98184\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxCUIServiceN.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_71cc42bf8b620f67\igfxEMN.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_4789e47f6228caeb\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d8b7fef7fc5b1320\IntelCpHDCPSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_34f570cbe7f3d6c7\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1141544 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe [1774688 2020-09-03] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [124599048 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2543992 2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-13] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D5557D4-5CDB-4788-A062-778F5D1A2766} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4074344 2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {0E875E77-A365-479E-B92F-8126C8E962C7} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4188240 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {19B32236-3159-480B-BC59-F373BC998526} - System32\Tasks\UninstallTool_SkipUAC_amory => C:\Program Files\Uninstall Tool\UninstallTool.exe [4924576 2021-11-14] (CrystalBit Solutions -> CrystalIDEA Software) [File not signed]
Task: {35C78A5C-7AE3-4AEF-9835-52ACD1D448A2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {36D85500-A20E-4EC9-B044-BC0F4256F22B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {718AE2F1-9D1E-42F2-A269-2E0CAF670F84} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-11-15] (Dell Inc -> Dell Inc.)
Task: {7FE15CF4-E55E-4BF4-8520-C979C7DA0D4F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9A85AF8E-9486-4042-B7F0-113156B30C6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-08] (Google LLC -> Google LLC)
Task: {AAD9728E-0F4D-42A0-9A4E-0E983C0B144A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B0F736CE-792E-450A-8545-927A7F3609BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B72B5B0D-9EA8-493E-B476-30E72D852553} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3311934168-2331551463-2117884847-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4074344 2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFD6A388-7C17-43E8-95E5-458B25E16049} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {D507930E-2E3C-4EFF-8794-B818AA146E6A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D524668B-8D1E-47F6-9F41-03AEBE2628CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFFAA8EB-88BB-4FD4-A41E-7D821FF34D1D} - System32\Tasks\Altening Alt Loader => %windir%\System32\cmd.exe /C start %AppData%\altening\altening.launcher.exe --background
Task: {E00F9CF1-EEC8-4CBC-84E8-65BA4328DAF1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9F2E6A3-3652-4C03-8626-E375350B9993} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-08] (Google LLC -> Google LLC)
Task: {EF0A44DE-57E7-4E58-9C39-400449F83C46} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {F92F8BBE-9F22-487E-8BF8-041792AED70F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF8760E8-8C40-4373-9BD1-D508B40C23FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-18] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{b0362493-a9e4-4434-8245-2d13edbdd70d}: [DhcpNameServer] 192.168.100.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\amory\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-30]
Edge Notifications: Default -> hxxps://www.instagram.com
Edge DefaultSearchURL: Default -> hxxps://www.bing.com/search?PC=U523&q={searchTerms}
Edge Extension: (Google Translate) - C:\Users\amory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-11-08]
Edge Extension: (Microsoft Rewards) - C:\Users\amory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2021-11-08]
Edge Extension: (Project Naptha) - C:\Users\amory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eckaechjaiiiffijigiigbhbfhelljmi [2021-11-08]
Edge Extension: (Office) - C:\Users\amory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gggmmkjegpiggikcnhidnjjhmicpibll [2021-11-08]
Edge Extension: (Emoji Keyboard- copy&past your emoji.) - C:\Users\amory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kgmeffmlnkfnjpgmdndccklfigfhajen [2021-11-08]
Edge Extension: (Simple Allow Copy) - C:\Users\amory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kkemgiffjdndikokhpoecoloebgeibde [2021-11-08]
Edge Extension: (360 Internet Protection) - C:\Users\amory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okdacpiidbbphpjpfmecjjhicomjdeie [2021-12-16]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-12-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-12-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default [2021-12-30]
CHR Notifications: Default -> hxxps://top.gg; hxxps://web.whatsapp.com; hxxps://www.instagram.com
CHR Extension: (Google Translate) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-11-08]
CHR Extension: (Slides) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-08]
CHR Extension: (Simple Allow Copy) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefehdhdciieocakfobpaaolhipkcpgc [2021-11-08]
CHR Extension: (Docs) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-08]
CHR Extension: (Google Drive) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-08]
CHR Extension: (YouTube) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-08]
CHR Extension: (Sheets) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-08]
CHR Extension: (Gmail) - C:\Users\amory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-08]
CHR Profile: C:\Users\amory\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-12-28]
CHR Profile: C:\Users\amory\AppData\Local\Google\Chrome\User Data\System Profile [2021-12-28]
CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-12-26] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [436256 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3847712 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [462880 2021-09-29] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1024680 2021-09-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-11-11] (Dell Inc -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2021-12-26] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-10-01] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncHelper.exe [3280760 2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.230.1107.0004\OneDriveUpdaterService.exe [3737976 2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188728 2021-05-28] (Qualcomm Atheros, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6078536 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-11-15] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [54800 2018-11-24] (Software Security Systems ChTUP -> CrystalIdea Software)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [192824 2021-12-25] (Microsoft Windows -> Microsoft Corporation)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2021-11-23] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
S3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_83918281f99bbdde\rt68cx21x64.sys [510344 2021-11-02] (Realtek Semiconductor Corp. -> Realtek)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [90112 2021-12-25] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-30 21:54 - 2021-12-30 21:54 - 000000000 ____D C:\FRST
2021-12-30 21:46 - 2021-12-30 21:46 - 002500008 _____ (Sysinternals - www.sysinternals.com) C:\Users\amory\Downloads\autoruns.exe
2021-12-30 09:41 - 2021-12-30 09:41 - 000000853 _____ C:\Users\Public\Desktop\Among Us.lnk
2021-12-30 09:41 - 2021-12-30 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Among Us
2021-12-30 09:41 - 2021-12-30 09:41 - 000000000 ____D C:\Program Files\Among Us
2021-12-30 09:35 - 2021-12-30 09:35 - 000318464 _____ C:\Users\amory\Downloads\Among.Us.Free.Chat.Unlocker.exe
2021-12-30 09:04 - 2021-12-30 09:04 - 000000000 ____D C:\Users\amory\AppData\LocalLow\Innersloth
2021-12-30 08:58 - 2021-07-18 14:44 - 000000000 ____D C:\Users\amory\Downloads\Among US
2021-12-29 19:22 - 2021-12-29 19:22 - 000601293 _____ C:\Users\amory\Downloads\7bef40dacfbdb401.mp4
2021-12-29 16:43 - 2021-12-29 16:43 - 000652551 _____ C:\Users\amory\Downloads\video0-2-1.mov
2021-12-29 15:40 - 2021-12-29 15:40 - 004168620 _____ C:\WINDOWS\Minidump\122921-7906-01.dmp
2021-12-29 15:39 - 2021-12-29 15:40 - 000000000 _____ C:\hsrv.txt
2021-12-29 15:39 - 2021-12-29 15:39 - 000000000 ____D C:\Users\amory\.VirtualBox
2021-12-29 15:39 - 2021-12-29 15:39 - 000000000 ____D C:\Program Files\Oracle
2021-12-29 15:39 - 2021-12-29 15:39 - 000000000 ____D C:\Program Files\Droid4Xext
2021-12-29 15:39 - 2014-05-16 14:04 - 000254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2021-12-29 15:30 - 2021-12-29 15:30 - 000000000 ____D C:\Users\amory\AppData\Local\ThinkTimeCreations
2021-12-28 16:27 - 2021-12-28 16:27 - 000463430 _____ C:\Users\amory\Downloads\add80c5849d14212.mov
2021-12-28 11:10 - 2021-12-28 11:13 - 194505023 _____ (Innersloth ) C:\Users\amory\Downloads\AmongUsSetup.exe
2021-12-28 11:06 - 2021-12-28 11:06 - 000997511 _____ C:\Users\amory\Downloads\جدول تمارين GYM.pdf
2021-12-27 20:18 - 2021-12-27 20:18 - 000924069 _____ C:\Users\amory\Downloads\eb7c9260c0639ab2.mp4
2021-12-27 15:04 - 2021-12-27 15:04 - 001852816 _____ C:\Users\amory\Downloads\CJ beats up Patrick.mp4
2021-12-27 14:17 - 2021-12-27 14:17 - 000000000 ____D C:\Users\amory\AppData\Local\OH_MR_KRABS
2021-12-27 07:41 - 2021-12-27 07:41 - 000000000 ___HD C:\$WinREAgent
2021-12-26 22:46 - 2021-12-26 22:46 - 000000000 ___SH C:\Users\Public\Shared Files
2021-12-26 22:25 - 2021-12-26 22:25 - 000000000 ____D C:\Users\amory\AppData\Local\CrashReportClient
2021-12-26 22:24 - 2021-12-26 22:25 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-12-26 22:24 - 2021-12-26 22:24 - 000000000 ____D C:\Users\amory\AppData\Roaming\EasyAntiCheat
2021-12-26 22:24 - 2021-12-26 22:24 - 000000000 ____D C:\Users\amory\AppData\Local\FortniteGame
2021-12-26 20:21 - 2021-12-30 08:45 - 000000000 ____D C:\Program Files\Epic Games
2021-12-26 15:43 - 2021-12-26 15:43 - 000000000 ___SD C:\WINDOWS\system32\containers
2021-12-26 15:43 - 2021-12-26 15:43 - 000000000 ____D C:\WINDOWS\system32\HvsiSettingsProviders
2021-12-26 15:43 - 2021-12-26 15:43 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-12-26 15:43 - 2021-12-26 15:43 - 000000000 ____D C:\Program Files\Hyper-V
2021-12-25 15:59 - 2021-12-27 10:05 - 000000000 ____D C:\Users\amory\AppData\Local\Epic Games
2021-12-25 15:59 - 2021-12-25 15:59 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2021-12-25 15:59 - 2021-12-25 15:59 - 000001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2021-12-25 15:59 - 2021-12-25 15:59 - 000000000 ____D C:\Users\amory\AppData\Local\UnrealEngineLauncher
2021-12-25 15:59 - 2021-12-25 15:59 - 000000000 ____D C:\Users\amory\AppData\Local\EpicGamesLauncher
2021-12-25 15:58 - 2021-12-25 15:59 - 000000000 ____D C:\Program Files (x86)\Epic Games
2021-12-25 14:28 - 2021-12-26 20:38 - 000000000 ____D C:\Users\amory\AppData\Local\Growtopia
2021-12-25 14:28 - 2021-12-25 14:28 - 000000000 ____D C:\Users\amory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Growtopia
2021-12-25 14:04 - 2021-12-30 21:52 - 000000434 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-12-25 13:59 - 2021-12-25 13:59 - 000000000 ____D C:\Users\amory\OneDrive\Documents\WsaPackage_1.7.32815.0_x64_Release-Nightly
2021-12-25 13:47 - 2021-12-26 15:44 - 000001591 _____ C:\WINDOWS\system32\config\VSMIDK
2021-12-25 13:02 - 2021-12-25 13:03 - 000000000 ____D C:\Users\amory\Downloads\Microsoft.WindowsNotepad_11.2111.0.0_neutral___8wekyb3d8bbwe
2021-12-25 12:52 - 2021-12-25 12:54 - 000000000 ____D C:\Users\amory\Downloads\Microsoft.ZuneMusic_11.2110.34.0_neutral___8wekyb3d8bbwe
2021-12-24 23:48 - 2021-12-24 23:48 - 000000000 ___HD C:\Users\amory\AppData\Roaming\com.rtsoft.growtopia
2021-12-22 23:54 - 2021-12-23 00:21 - 000393750 _____ C:\Users\amory\OneDrive\Documents\20200158 - كيم.pdf
2021-12-22 22:26 - 2021-12-22 22:27 - 000465593 _____ C:\Users\amory\OneDrive\Documents\التوزيع الالكتروني.pdf
2021-12-21 08:28 - 2021-12-25 13:12 - 000000000 ____D C:\Program Files (x86)\IObit
2021-12-20 23:02 - 2021-12-20 23:02 - 000006892 _____ C:\Users\amory\-1.14-windows.xml
2021-12-20 22:59 - 2021-12-26 15:50 - 000000000 ____D C:\Users\Public\BlueStacks
2021-12-20 22:43 - 2021-12-20 22:43 - 000000000 ____D C:\Program Files (x86)\GAMER PC
2021-12-20 22:36 - 2021-12-20 22:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2021-12-20 20:18 - 2021-12-20 20:19 - 000000000 ____D C:\ProgramData\PopCap Games
2021-12-20 20:02 - 2021-12-30 21:45 - 000000000 ____D C:\Users\amory\AppData\Local\ElevatedDiagnostics
2021-12-20 19:56 - 2021-12-20 19:56 - 000000000 ____D C:\Users\amory\AppData\Roaming\mythus
2021-12-20 19:51 - 2021-12-20 19:51 - 000000000 ____D C:\Users\amory\AppData\Roaming\Opera Software
2021-12-20 19:51 - 2021-12-20 19:51 - 000000000 ____D C:\Users\amory\AppData\Local\Adaware
2021-12-20 19:46 - 2021-12-20 19:46 - 000000000 ____D C:\Users\amory\AppData\Local\GamesManager
2021-12-20 11:04 - 2021-12-20 19:50 - 000000000 ____D C:\Users\amory\AppData\Local\MobiGame
2021-12-20 11:00 - 2021-12-26 22:26 - 000000000 ____D C:\Users\amory\AppData\Local\NVIDIA Corporation
2021-12-20 10:56 - 2021-12-27 14:17 - 000000000 ____D C:\Users\amory\AppData\Local\UnrealEngine
2021-12-20 10:55 - 2021-12-27 14:30 - 000000000 ____D C:\ProgramData\Epic
2021-12-20 10:12 - 2021-12-28 22:45 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2021-12-20 10:12 - 2021-12-28 22:45 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-12-17 15:08 - 2021-12-18 18:27 - 000000000 ____D C:\Program Files\dotnet
2021-12-16 18:16 - 2021-12-16 18:19 - 000766230 _____ C:\Users\amory\OneDrive\Documents\20200158 كيم.odt
2021-12-16 18:16 - 2021-12-06 14:52 - 000000665 _____ C:\Users\amory\OneDrive\Documents\BACKUP DATA - Shortcut.lnk
2021-12-16 15:29 - 2021-12-16 15:29 - 000420363 _____ C:\Users\amory\OneDrive\Documents\20200158 - مهام.pdf
2021-12-16 15:14 - 2021-12-16 15:14 - 000015000 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-16 13:57 - 2021-12-16 13:58 - 000000000 ____D C:\Users\amory\AppData\Local\Adobe
2021-12-16 13:57 - 2021-12-16 13:57 - 000000000 ____D C:\Users\amory\AppData\LocalLow\Adobe
2021-12-16 13:57 - 2021-12-16 13:57 - 000000000 ____D C:\Users\amory\AppData\Local\SolidDocuments
2021-12-16 13:56 - 2021-12-16 13:56 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-12-16 13:56 - 2021-12-16 13:56 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-12-16 13:56 - 2021-12-16 13:56 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2021-12-16 13:46 - 2021-12-16 13:46 - 070241252 _____ C:\Users\amory\OneDrive\Documents\1295578_MOE_Gr8_A_TEXT_1_Trimboxes_ipp.pdf.pdf
2021-12-15 16:37 - 2021-12-15 16:37 - 000000000 ____D C:\Users\amory\OneDrive\Documents\Custom Office Templates
2021-12-12 08:03 - 2021-12-12 13:25 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-12-12 08:02 - 2021-12-12 08:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2021-12-12 08:01 - 2021-12-20 11:10 - 000000000 ____D C:\Program Files\SteelSeries
2021-12-12 08:01 - 2021-12-12 08:01 - 000000000 ____D C:\ProgramData\SteelSeries
2021-12-11 22:29 - 2021-12-11 22:29 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3311934168-2331551463-2117884847-1001
2021-12-08 13:23 - 2021-12-08 13:23 - 000000000 ____D C:\Users\amory\AppData\Roaming\BetterDiscord Installer
2021-12-08 13:23 - 2021-12-08 13:23 - 000000000 ____D C:\Users\amory\AppData\Roaming\BetterDiscord
2021-12-07 23:07 - 2021-12-07 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerShell
2021-12-07 23:07 - 2021-12-07 23:07 - 000000000 ____D C:\Program Files\PowerShell
2021-12-07 21:36 - 2021-12-07 21:36 - 000000000 ____D C:\Users\amory\AppData\Roaming\Sun
2021-12-07 21:31 - 2021-12-07 21:31 - 000625088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-06 15:10 - 2021-12-06 15:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-12-06 15:10 - 2021-12-06 15:10 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2021-12-06 15:10 - 2021-12-06 15:10 - 000000000 ____D C:\Program Files (x86)\Qualcomm
2021-12-06 14:59 - 2021-12-06 14:59 - 000000000 _____ C:\WINDOWS\invcol.tmp
2021-12-06 14:56 - 2021-12-06 14:56 - 000000000 ____D C:\Users\amory\OneDrive\Documents\Dell
2021-12-06 14:55 - 2021-12-06 14:55 - 000000000 ____D C:\ProgramData\PCDr
2021-12-06 14:55 - 2021-12-06 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-12-06 14:53 - 2021-12-06 14:53 - 000003920 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-12-06 14:53 - 2021-12-06 14:53 - 000000000 ____D C:\ProgramData\Dell Inc
2021-12-06 14:52 - 2021-12-06 15:28 - 000000000 ____D C:\Program Files\Dell
2021-12-06 14:52 - 2021-12-06 15:09 - 000000000 ____D C:\ProgramData\Dell
2021-12-06 14:52 - 2021-12-06 14:52 - 000000000 ____D C:\ProgramData\SupportAssist
2021-12-06 14:52 - 2021-12-06 14:52 - 000000000 ____D C:\Program Files (x86)\Dell
2021-12-06 11:10 - 2021-12-30 20:51 - 000000000 ____D C:\Users\amory\AppData\Roaming\discord
2021-12-06 11:10 - 2021-12-30 20:24 - 000000000 ____D C:\Users\amory\AppData\Local\Discord
2021-12-06 11:10 - 2021-12-06 11:10 - 000000000 ____D C:\Users\amory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\Users\amory\AppData\Roaming\Screaming Bee
2021-12-06 11:04 - 2021-12-06 11:04 - 000000000 ____D C:\ProgramData\Screaming Bee
2021-12-05 08:11 - 2021-12-05 08:11 - 000000000 ____D C:\Users\amory\AppData\Roaming\java
2021-12-05 08:10 - 2021-12-07 22:49 - 000000000 ____D C:\Program Files\Java
2021-12-05 08:10 - 2021-12-07 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-12-05 08:10 - 2021-12-07 21:35 - 000191832 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-12-05 08:10 - 2021-12-05 08:10 - 000000000 ____D C:\Users\amory\AppData\LocalLow\Sun
2021-12-05 08:10 - 2021-12-05 08:10 - 000000000 ____D C:\Users\amory\AppData\LocalLow\Oracle
2021-12-05 08:10 - 2021-12-05 08:10 - 000000000 ____D C:\ProgramData\Sun
2021-12-05 08:10 - 2021-12-05 08:10 - 000000000 ____D C:\ProgramData\Oracle
2021-12-04 13:02 - 2021-12-30 08:01 - 000000000 ____D C:\Users\amory\AppData\Roaming\Authy Desktop
2021-12-04 13:02 - 2021-12-04 13:02 - 000000000 ____D C:\Users\amory\AppData\Local\authy

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-30 21:54 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-30 21:54 - 2021-11-08 13:52 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-30 21:52 - 2021-11-08 23:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-30 21:52 - 2021-11-08 23:33 - 000000000 ____D C:\Intel
2021-12-30 21:52 - 2021-11-08 23:32 - 000012288 ___SH C:\DumpStack.log.tmp
2021-12-30 21:52 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-30 21:52 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-30 21:52 - 2021-11-08 22:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-30 21:52 - 2021-11-08 12:46 - 000000000 ___RD C:\Users\amory\OneDrive - Ministry of Education
2021-12-30 21:52 - 2021-11-08 12:42 - 000000000 ___RD C:\Users\amory\OneDrive
2021-12-30 21:52 - 2021-11-08 12:40 - 000000000 __SHD C:\Users\amory\IntelGraphicsProfiles
2021-12-30 21:51 - 2021-11-08 22:55 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-30 21:46 - 2021-11-08 22:57 - 000000000 ____D C:\WINDOWS\INF
2021-12-30 21:46 - 2021-11-08 12:45 - 000849072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-30 21:35 - 2021-11-21 15:02 - 000000000 ____D C:\Users\amory\AppData\Roaming\vlc
2021-12-30 21:30 - 2021-11-08 23:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-29 23:35 - 2021-11-08 12:39 - 000000000 ____D C:\Users\amory
2021-12-29 15:40 - 2021-11-25 21:53 - 1261868682 _____ C:\WINDOWS\MEMORY.DMP
2021-12-29 15:40 - 2021-11-25 21:53 - 000000000 ____D C:\WINDOWS\Minidump
2021-12-29 15:40 - 2021-11-14 13:57 - 000003624 _____ C:\WINDOWS\system32\Tasks\UninstallTool_SkipUAC_amory
2021-12-27 18:33 - 2021-11-14 18:55 - 000000000 ____D C:\Users\amory\AppData\Local\CrashDumps
2021-12-27 18:08 - 2021-11-08 12:40 - 000000000 ____D C:\Users\amory\AppData\Local\D3DSCache
2021-12-27 14:35 - 2021-11-08 22:58 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-27 14:35 - 2021-11-08 12:40 - 000000000 ____D C:\Users\amory\AppData\Local\Packages
2021-12-27 14:35 - 2021-11-08 12:40 - 000000000 ____D C:\ProgramData\Packages
2021-12-27 14:34 - 2021-11-11 10:07 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-27 07:43 - 2021-11-08 22:55 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-26 22:45 - 2021-11-08 22:58 - 000000000 __SHD C:\Users\Public\Libraries
2021-12-26 15:43 - 2021-11-08 22:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2021-12-26 15:43 - 2021-11-08 22:58 - 000000000 ___SD C:\WINDOWS\system32\lxss
2021-12-26 15:43 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\schemas
2021-12-26 15:43 - 2021-10-07 21:33 - 001368384 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmemulateddevices.dll
2021-12-26 15:43 - 2021-10-07 21:33 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gns.dll
2021-12-26 15:43 - 2021-10-07 21:33 - 000221520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickrnl.dll
2021-12-26 15:43 - 2021-10-07 21:33 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmmsprox.dll
2021-12-26 15:43 - 2021-06-05 15:24 - 000048128 _____ C:\WINDOWS\SysWOW64\vmstaging.dll
2021-12-26 15:43 - 2021-06-05 15:23 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe
2021-12-26 15:43 - 2021-06-05 15:21 - 000049464 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtilityVmSysprep.dll
2021-12-26 15:43 - 2021-06-05 15:20 - 000098616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtpm.dll
2021-12-26 15:43 - 2021-06-05 15:19 - 001126728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxcore.sys
2021-12-26 15:43 - 2021-06-05 15:19 - 000323896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HvsiSettingsProvider.dll
2021-12-26 15:43 - 2021-06-05 15:19 - 000213328 _____ C:\WINDOWS\system32\IsolatedWindowsEnvironmentUtils.dll
2021-12-26 15:43 - 2021-06-05 15:19 - 000192848 _____ C:\WINDOWS\system32\HvsiSettingsWorker.exe
2021-12-26 15:43 - 2021-06-05 15:19 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\HgsClientWmi.dll
2021-12-26 15:43 - 2021-06-05 15:19 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCG.exe
2021-12-26 15:43 - 2021-06-05 15:19 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wslconfig.exe
2021-12-26 15:43 - 2021-06-05 15:19 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bash.exe
2021-12-26 15:43 - 2021-06-05 15:19 - 000114688 _____ C:\WINDOWS\system32\hvsiproxyapp.exe
2021-12-26 15:43 - 2021-06-05 15:19 - 000094536 _____ (Microsoft Corporation) C:\WINDOWS\system32\CmAgent.dll
2021-12-26 15:43 - 2021-06-05 15:19 - 000082256 _____ C:\WINDOWS\system32\HvsiMachinePolicies.dll
2021-12-26 15:43 - 2021-06-05 15:19 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CCGLaunchPad.dll
2021-12-26 15:43 - 2021-06-05 15:19 - 000069944 _____ C:\WINDOWS\system32\AuditSettingsProvider.dll
2021-12-26 15:43 - 2021-06-05 15:19 - 000049464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lxss.sys
2021-12-26 15:43 - 2021-06-05 15:19 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostGuardianServiceClientResources.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 001583420 _____ C:\WINDOWS\system32\WindowsVirtualization.V2.mof
2021-12-26 15:43 - 2021-06-05 15:18 - 001152966 _____ C:\WINDOWS\system32\WindowsHyperVCluster.V2.mof
2021-12-26 15:43 - 2021-06-05 15:18 - 000716800 _____ C:\WINDOWS\system32\hgattest.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000680264 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedStorage.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000414008 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmEmulatedNic.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000319816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvdev.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000282944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmfirmwarepcat.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000270672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CExecSvc.exe
2021-12-26 15:43 - 2021-06-05 15:18 - 000266552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthfcvdev.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000250184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmtpm.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000242000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000237896 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpcievdev.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000205112 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000196944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdebug.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000192848 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvc.exe
2021-12-26 15:43 - 2021-06-05 15:18 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgclientservice.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000144967 _____ C:\WINDOWS\system32\virtmgmt.msc
2021-12-26 15:43 - 2021-06-05 15:18 - 000127288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmhgs.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000110904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcsetupagent.exe
2021-12-26 15:43 - 2021-06-05 15:18 - 000077824 _____ C:\WINDOWS\system32\hgsclientplugin.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000073728 _____ C:\WINDOWS\system32\vmstaging.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000069960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vkrnlintvsc.sys
2021-12-26 15:43 - 2021-06-05 15:18 - 000069952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vkrnlintvsp.sys
2021-12-26 15:43 - 2021-06-05 15:18 - 000069952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ramparser.sys
2021-12-26 15:43 - 2021-06-05 15:18 - 000066480 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmplatformca.exe
2021-12-26 15:43 - 2021-06-05 15:18 - 000065848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys
2021-12-26 15:43 - 2021-06-05 15:18 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AttestationWmiProvider.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000036864 _____ C:\WINDOWS\system32\hgclientserviceps.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeProxy.dll
2021-12-26 15:43 - 2021-06-05 15:18 - 000024904 _____ (Microsoft Corporation) C:\WINDOWS\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 005386576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmfirmware.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000700744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000627024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000553296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmpmem.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000491824 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000454984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvpci.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000430416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000344400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2021-12-25 13:46 - 2021-10-07 21:33 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnsdiag.exe
2021-12-25 13:46 - 2021-10-07 21:33 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fse.sys
2021-12-25 13:46 - 2021-10-07 21:33 - 000024912 _____ (Microsoft Corporation) C:\WINDOWS\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2021-12-25 13:46 - 2021-06-05 15:21 - 000143672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2021-12-25 13:46 - 2021-06-05 15:20 - 000065864 _____ (Microsoft Corporation) C:\WINDOWS\system32\NvAgent.dll
2021-12-25 13:46 - 2021-06-05 15:19 - 000504144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll
2021-12-25 13:46 - 2021-06-05 15:19 - 000139600 _____ C:\WINDOWS\system32\nmscrub.exe
2021-12-25 13:46 - 2021-06-05 15:19 - 000119120 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe
2021-12-25 13:46 - 2021-06-05 15:19 - 000082248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l2bridge.sys
2021-12-25 13:46 - 2021-06-05 15:19 - 000049488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hnswfpdriver.sys
2021-12-25 13:46 - 2021-06-05 15:18 - 000401736 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000360784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmiccore.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000356680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe
2021-12-25 13:46 - 2021-06-05 15:18 - 000327992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000311616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmflexio.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000258384 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000250184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000233808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2021-12-25 13:46 - 2021-06-05 15:18 - 000229688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2021-12-25 13:46 - 2021-06-05 15:18 - 000164176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvirtio.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000143672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000123208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpevents.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000122880 _____ C:\WINDOWS\system32\vmhbmgmt.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000119104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2021-12-25 13:46 - 2021-06-05 15:18 - 000090112 _____ C:\WINDOWS\system32\Drivers\vmbusproxy.sys
2021-12-25 13:46 - 2021-06-05 15:18 - 000078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2021-12-25 13:46 - 2021-06-05 15:18 - 000069968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2021-12-25 13:46 - 2021-06-05 15:18 - 000061776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys
2021-12-25 13:46 - 2021-06-05 15:18 - 000049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000049464 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000045840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000041288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000024904 _____ (Microsoft Corporation) C:\WINDOWS\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000024904 _____ (Microsoft Corporation) C:\WINDOWS\system32\f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000024904 _____ (Microsoft Corporation) C:\WINDOWS\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000024896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2021-12-25 13:46 - 2021-06-05 15:18 - 000006658 _____ C:\WINDOWS\system32\VmFirmware Third-Party Notices.txt
2021-12-25 13:09 - 2020-08-11 12:10 - 000015360 _____ () C:\WINDOWS\system32\ViVeTool.exe
2021-12-25 13:09 - 2020-08-11 11:59 - 000015360 _____ () C:\WINDOWS\system32\Albacore.ViVe.dll
2021-12-21 08:14 - 2021-11-08 12:42 - 000000000 ____D C:\Users\amory\AppData\Local\PlaceholderTileLogoFolder
2021-12-20 22:40 - 2021-11-14 22:13 - 000000000 ____D C:\ProgramData\Avast Software
2021-12-20 22:36 - 2021-11-08 22:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-20 10:19 - 2021-11-14 18:23 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2021-12-20 10:19 - 2021-11-14 18:23 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2021-12-20 10:19 - 2021-11-14 18:23 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2021-12-20 10:19 - 2021-11-14 18:23 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2021-12-19 13:51 - 2021-11-18 13:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-12-19 10:38 - 2021-11-08 23:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-19 10:38 - 2021-11-08 23:33 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-18 19:16 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-12-18 14:15 - 2021-11-08 13:31 - 000000000 ____D C:\Program Files\Microsoft Office
2021-12-16 15:21 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-16 15:21 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-16 15:21 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-16 15:21 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-16 15:21 - 2021-11-08 22:58 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-12-16 15:17 - 2021-11-11 19:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-16 15:16 - 2021-11-11 19:46 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-16 13:58 - 2021-11-11 13:27 - 000000000 ____D C:\ProgramData\Adobe
2021-12-16 13:57 - 2021-11-08 12:40 - 000000000 ____D C:\Users\amory\AppData\Roaming\Adobe
2021-12-16 13:56 - 2021-11-23 23:19 - 000000000 ____D C:\Program Files\Adobe
2021-12-16 13:56 - 2021-11-11 13:28 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-12-16 12:45 - 2021-11-08 13:29 - 000000000 ____D C:\Users\amory\AppData\Local\Windows Live
2021-12-16 12:04 - 2021-11-08 23:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-12-15 13:30 - 2021-11-18 07:43 - 000002402 _____ C:\Users\amory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2021-12-15 07:20 - 2021-11-19 13:26 - 000116200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2021-12-15 07:20 - 2021-11-08 13:46 - 002225640 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-12-15 07:20 - 2021-11-08 13:46 - 000333288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-12-15 07:20 - 2021-11-08 13:46 - 000217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-12-15 07:20 - 2021-11-08 13:46 - 000197048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-12-15 07:20 - 2021-11-08 13:46 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-12-15 07:20 - 2021-11-08 13:46 - 000062952 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-12-13 23:04 - 2021-11-08 13:52 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-13 23:04 - 2021-11-08 13:52 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-12 07:58 - 2021-11-08 22:58 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-10 12:28 - 2021-11-24 14:12 - 000000000 ____D C:\Users\amory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-12-09 08:00 - 2021-11-08 23:33 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-09 08:00 - 2021-11-08 23:33 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-08 10:21 - 2021-11-09 07:25 - 000000000 ____D C:\Users\amory\AppData\Roaming\Code
2021-12-06 19:46 - 2021-11-08 13:39 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-12-06 19:46 - 2021-11-08 13:39 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-06 18:08 - 2021-11-08 23:03 - 000000000 ____D C:\WINDOWS\Panther
2021-12-06 11:10 - 2021-11-08 13:48 - 000000000 ____D C:\Users\amory\AppData\Local\SquirrelTemp
2021-12-04 13:02 - 2021-11-10 07:49 - 000000000 ____D C:\Users\amory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2021-12-01 10:41 - 2021-11-08 22:55 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-11-30 22:53 - 2021-11-14 14:25 - 000000000 ____D C:\ProgramData\TechSmith

==================== Files in the root of some directories ========

2021-11-11 10:08 - 2021-11-11 10:10 - 000000755 _____ () C:\Users\amory\AppData\Roaming\.cache~$
2021-12-29 15:36 - 2021-12-29 15:37 - 000002163 _____ () C:\Users\amory\AppData\Roaming\droid4xinstaller.log
2021-11-28 11:18 - 2021-11-28 11:27 - 000000000 _____ () C:\Users\amory\AppData\Roaming\MCVi2UserDetail.ini
2021-11-24 09:42 - 2021-11-24 12:42 - 000000205 _____ () C:\Users\amory\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Ran by amory (30-12-2021 21:56:03)
Running from C:\Users\amory\OneDrive\Desktop
Microsoft Windows 11 Pro Version 21H2 22000.376 (X64) (2021-11-08 20:35:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3311934168-2331551463-2117884847-500 - Administrator - Disabled)
amory (S-1-5-21-3311934168-2331551463-2117884847-1001 - Administrator - Enabled) => C:\Users\amory
DefaultAccount (S-1-5-21-3311934168-2331551463-2117884847-503 - Limited - Disabled)
Guest (S-1-5-21-3311934168-2331551463-2117884847-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3311934168-2331551463-2117884847-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Total Security (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.007.20099 - Adobe)
Among Us version 2021.12.14 (HKLM-x32\...\{F95D6058-6DA2-4DFE-BB50-6E382B690FCD}_is1) (Version: 2021.12.14 - Innersloth)
Authy Desktop (HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\...\authy) (Version: 1.9.0 - Twilio Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell SupportAssist (HKLM\...\{E0659C89-D276-4B77-A5EC-A8F2F042E78F}) (Version: 3.10.4.18 - Dell Inc.)
Discord (HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
Growtopia (remove only) (HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\...\Growtopia) (Version:  - )
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2FA9DAAC-895B-4E99-99D9-DC2965FBE79C}) (Version: 2.87.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.22 (x64) (HKLM-x32\...\{68de94b9-46ac-495e-a96b-de484c02f5b3}) (Version: 3.1.22.30721 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PowerShell 7-x64 (HKLM\...\{D91EDB21-FCD5-45AE-B983-CAFA80899437}) (Version: 7.2.0.0 - Microsoft Corporation)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10527 - Qualcomm)
Roblox Player for amory (HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\...\roblox-player) (Version:  - Roblox Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.22976 - Microsoft Corporation)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.5.10 - CrystalIDEA Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Subsystem for Linux Update (HKLM\...\{8BC9BA1B-F6F3-471D-8773-5283F0C52B84}) (Version: 5.10.60.1 - Microsoft Corporation)
Windows Subsystem for Linux WSLg Preview (HKLM\...\{E04B0005-A349-4BCC-9662-CA0132007E14}) (Version: 1.0.26 - Microsoft Corporation)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\...\ZoomUMX) (Version: 5.8.4 (1736) - Zoom Video Communications, Inc.)

Packages:
=========
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.7.0_x64__htrsf667h5kn2 [2021-12-06] (Dell Inc)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2021-12-19] (Instagram)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-04] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12160.0_x64__8wekyb3d8bbwe [2021-12-18] (Microsoft Studios) [MS Ad]
Pantone Color of the Year 2022 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.PantoneColoroftheYear2022_1.0.0.0_neutral__8wekyb3d8bbwe [2021-12-10] (Microsoft Corp.)
QR Code for Windows 10 -> C:\Program Files\WindowsApps\17036IYIA.QRCodeforWindows10_7.5.2.0_x64__dggz0n4pnn0ge [2021-12-22] (IYIA)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-12-16] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0 [2021-12-12] (Spotify AB) [Startup Task]
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2021-11-08] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3311934168-2331551463-2117884847-1001_Classes\CLSID\{04271989-C4D2-164D-E5BE-1B437B0A4868} -> [OneDrive - Ministry of Education] => C:\Users\amory\OneDrive - Ministry of Education [2021-11-08 12:46]
CustomCLSID: HKU\S-1-5-21-3311934168-2331551463-2117884847-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-3311934168-2331551463-2117884847-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\amory\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3311934168-2331551463-2117884847-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3311934168-2331551463-2117884847-1001_Classes\CLSID\{dd5cacda-7c2e-4997-a62a-04a597b58f76}\localserver32 -> "C:\Program Files\PowerToys\modules\launcher\PowerLauncher.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3311934168-2331551463-2117884847-1001_Classes\CLSID\{e41a3aef-5c40-4832-922f-c8c0a8720acf}\localserver32 -> "C:\Program Files\TechSmith\Camtasia 2021\CamtasiaStudio.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-12-04 14:36 - 2021-12-04 14:36 - 042859520 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.dll
2021-11-12 04:56 - 2021-11-12 04:56 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\amory\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2636]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-12-07] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-12-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-08] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\...\sharepoint.com -> hxxps://moebh-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-11-08 22:58 - 2021-12-25 00:53 - 000001151 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 adclick.g.doublecklick.net
0.0.0.0 googleads.g.doubleclick.net
0.0.0.0 http://www.googleadservices.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 pagead2.googlesyndication.com
0.0.0.0 spclient.wg.spotify.com
0.0.0.0 audio2.spotify.com

2021-12-25 14:04 - 2021-12-30 21:52 - 000000434 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.20.0.1 Ammar.mshome.net # 2026 12 2 29 18 52 28 514

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\PowerShell\7\;C:\Program Files\dotnet\
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-3311934168-2331551463-2117884847-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\amory\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E21A81A-82C8-4DE5-AF4A-AF1074E2E644}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1F8A67D9-CAE6-44DF-B970-70061107DA53}] => (Allow) LPort=2869
FirewallRules: [{8C25D664-AE58-4A7E-AF68-F2350E4F8233}] => (Allow) LPort=1900
FirewallRules: [{DE173CEE-FC86-490A-A11E-ADC69792B4A4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8A01663-3466-4F46-9875-A051132A054D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{866EAFA9-4943-49FA-8626-AE60210BDACB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F4594A74-23C8-4E24-B09C-A30B7ED54AEC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A2E8D2AC-7ECB-458E-ACC5-486A17B42556}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{44218934-0DA0-4619-BC71-E8D2B72EF587}C:\users\amory\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\amory\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{343F68C5-0429-453B-B67B-288149DBFE64}C:\users\amory\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\amory\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1226517D-4419-490C-999E-32524F772AA8}] => (Allow) C:\Users\amory\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4B2EE50A-FE55-440F-8676-73C46FBBE8ED}] => (Allow) C:\Users\amory\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{86382839-77E9-42C7-91B6-4532445DABCA}] => (Allow) C:\Users\amory\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{ADAB1DF1-1B0B-47DF-A6BD-16C1721FEE8C}C:\users\amory\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\amory\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AFC97201-86DA-4B1F-A9E3-D4A7553E60D9}C:\users\amory\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\amory\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7CBC5492-BDE5-48F6-8E4C-02C584C000F8}C:\users\amory\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\amory\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8A33454C-A95A-4050-9403-0926DF3FE674}C:\users\amory\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\amory\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [{FAE1A22D-1E97-42CD-ADD2-168AC2586CAB}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21323.200.1078.109_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C4684C4B-315F-444A-99D1-E67113CE0623}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21323.200.1078.109_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9F4F216-993D-4A3A-AC85-778C0688B255}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E54C3986-1AD4-46DB-8F26-03DC41BD74FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4A933ACF-CD89-438D-A819-4FF5F9AAD2CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E3EF5DCF-2E9C-45CF-8C2F-6EB16FAD5AFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F89B6EE-2E07-450D-88BA-A88F0FA1E705}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D0F1FADD-BF4F-4E00-8722-D546800F1BA3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{381DD571-0FA2-4C25-90DA-8E1E54BA60D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC860D0F-ED95-4D1C-BDC3-5A239D56D069}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{117294F8-425C-42AA-97C9-ABCA6AF12565}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5A891439-B53C-4775-97E2-844BA3CE4026}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7C2B953-8B7E-48EE-A441-7A1AFCBF0406}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{504AF615-5C6C-447E-804A-B424986E97ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AD8A658F-9314-4208-80EC-3193B5641061}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{3808B753-A512-4C20-869F-DCFEF0552294}C:\program files\among us\among us.exe] => (Allow) C:\program files\among us\among us.exe () [File not signed]
FirewallRules: [UDP Query User{200575ED-CEED-4D57-9BDF-C1E8CD970F68}C:\program files\among us\among us.exe] => (Allow) C:\program files\among us\among us.exe () [File not signed]
FirewallRules: [{A5D65565-8AC1-4497-B8F1-356FC3861874}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C80F376B-9F3F-4E3D-B167-012F1CF94F0D}C:\users\amory\dropbox\pc\downloads\amongus v2021.7.20\amongus\among us.exe] => (Allow) C:\users\amory\dropbox\pc\downloads\amongus v2021.7.20\amongus\among us.exe => No File
FirewallRules: [UDP Query User{2E111E08-47C8-4E64-A87D-438C7034CC88}C:\users\amory\dropbox\pc\downloads\amongus v2021.7.20\amongus\among us.exe] => (Allow) C:\users\amory\dropbox\pc\downloads\amongus v2021.7.20\amongus\among us.exe => No File
FirewallRules: [{B69EB798-61AC-499A-8BB5-7C99C7CCCA1B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{92C46C41-1AA4-4809-8A6D-2A16890BBE90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{7BAC0067-FD0E-419E-80C6-E2BCECDB1B0D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{F12B4C45-422E-4C0C-9ADE-F0FF6753381A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{B6B203E5-EB19-4BD9-8D15-8CDF156E3E19}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{1F72A52F-345E-4F13-82FC-9F889F220A6B}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{9BA28FF2-48A4-4AE4-9F5B-1D2031552FE1}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{BBBCDEC1-56B8-49D4-8335-9D562EA8D766}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{C33DD818-21D3-4C6C-AFA0-41C8EB1C0CB0}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [TCP Query User{434027E2-A9BE-4D8E-9505-CF0DD06A138D}C:\users\amory\dropbox\pc\downloads\mr. krabs commits arson\mr. krabs commits arson\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\amory\dropbox\pc\downloads\mr. krabs commits arson\mr. krabs commits arson\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [UDP Query User{F3119ADE-EA29-4473-BA24-004F681DFF50}C:\users\amory\dropbox\pc\downloads\mr. krabs commits arson\mr. krabs commits arson\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\amory\dropbox\pc\downloads\mr. krabs commits arson\mr. krabs commits arson\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [{D5BAF1E4-741C-4DDC-ACCA-10CFF80E446D}] => (Block) C:\users\amory\dropbox\pc\downloads\mr. krabs commits arson\mr. krabs commits arson\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [{8B76809C-A4AD-48A3-BA88-7C11D141809F}] => (Block) C:\users\amory\dropbox\pc\downloads\mr. krabs commits arson\mr. krabs commits arson\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [TCP Query User{B587392F-1BD0-4EE7-A538-624A05DF78CB}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{8A3A8E0B-CCF8-41B7-8265-FC4E5D8A4B80}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{45ED52B5-0D65-4C29-BB75-178AB5EEEF14}] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{A013FA9E-1AA3-4905-B4FE-06378FD4C2E4}] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7706256E-8500-4F47-8C51-D6757B0EB4D0}C:\users\amory\dropbox\pc\downloads\among us hitechpoint\among us\among us\among.us.v2021.6.30s\among us.exe] => (Allow) C:\users\amory\dropbox\pc\downloads\among us hitechpoint\among us\among us\among.us.v2021.6.30s\among us.exe => No File
FirewallRules: [UDP Query User{C3E6649D-3CD0-4613-8BAD-DAB9C1BF0A75}C:\users\amory\dropbox\pc\downloads\among us hitechpoint\among us\among us\among.us.v2021.6.30s\among us.exe] => (Allow) C:\users\amory\dropbox\pc\downloads\among us hitechpoint\among us\among us\among.us.v2021.6.30s\among us.exe => No File
FirewallRules: [{CF03B92C-46CE-47EA-AAB4-82421C718413}] => (Block) C:\users\amory\dropbox\pc\downloads\among us hitechpoint\among us\among us\among.us.v2021.6.30s\among us.exe => No File
FirewallRules: [{009201DF-D4DD-4DA0-A270-91F3B399878A}] => (Block) C:\users\amory\dropbox\pc\downloads\among us hitechpoint\among us\among us\among.us.v2021.6.30s\among us.exe => No File

==================== Restore Points =========================

27-12-2021 07:41:08 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/27/2021 06:32:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FortniteClient-Win64-Shipping.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffc0009d341
Faulting process id: 0x3a44
Faulting application start time: 0x01d7fb33804bea8d
Faulting application path: C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe
Faulting module path: unknown
Report Id: f143f3fd-1c98-445e-9c42-a1688ca49b68
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/27/2021 06:32:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicWebHelper.exe, version: 4.23.0.0, time stamp: 0x61b8fcc8
Faulting module name: libcef.dll, version: 84.1.6.0, time stamp: 0x5ed84288
Exception code: 0x80000003
Fault offset: 0x0000000002be0e39
Faulting process id: 0x1ac0
Faulting application start time: 0x01d7fb37024bbff8
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe
Faulting module path: C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
Report Id: 0ac0d324-1a22-4779-8dbc-80e746872c28
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/27/2021 06:06:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FortniteClient-Win64-Shipping.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000374
Fault offset: 0x00007ffc0018be99
Faulting process id: 0x1db4
Faulting application start time: 0x01d7fb31ea82394d
Faulting application path: C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe
Faulting module path: unknown
Report Id: 925737db-5bcd-42e4-b50d-ec534ddd708e
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/27/2021 08:46:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RoundedTB.exe, version: 1.0.0.0, time stamp: 0xc000f604
Faulting module name: KERNELBASE.dll, version: 10.0.22000.348, time stamp: 0x71e3e134
Exception code: 0xe0434352
Fault offset: 0x0013eb22
Faulting process id: 0x964
Faulting application start time: 0x01d7fae4845f6dc0
Faulting application path: C:\Program Files\WindowsApps\14082CryzenTechnologies.RoundedTB_1.3.1.0_neutral__6b5yntewjra3r\RoundedTB\RoundedTB.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fd1687dd-19fd-448d-a528-9b95fa46b265
Faulting package full name: 14082CryzenTechnologies.RoundedTB_1.3.1.0_neutral__6b5yntewjra3r
Faulting package-relative application ID: App

Error: (12/27/2021 08:46:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RoundedTB.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.Windows.Application.GetResourcePackage(System.Uri)
   at System.Windows.Application.GetResourceOrContentPart(System.Uri)
   at System.Windows.Application.GetResourceStream(System.Uri)
   at RoundedTB.MainWindow.TrayIconCheck()
   at RoundedTB.MainWindow.ApplyButton_Click(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.Controls.Primitives.ButtonBase.OnClick()
   at System.Windows.Controls.Button.OnClick()
   at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
   at System.Windows.UIElement.OnMouseLeftButtonUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
   at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
   at System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
   at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.Input.InputManager.ProcessStagingArea()
   at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)
   at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
   at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
   at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
   at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at RoundedTB.App.Main()

Error: (12/27/2021 08:23:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program winsdksetup.exe version 10.1.22000.194 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 94

Start Time: 01d7fae0cb6dd469

Termination Time: 4294967295

Application Path: C:\Users\amory\AppData\Local\Temp\{D555C498-88BE-4FD3-A1EA-BC5F0F43C0F0}\.cr\winsdksetup.exe

Report Id: 0d190e61-fed9-4efe-84d2-3bb56258feea

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Top level window is idle

Error: (12/26/2021 08:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Growtopia.exe, version: 0.0.0.0, time stamp: 0x61a3326e
Faulting module name: ntdll.dll, version: 10.0.22000.348, time stamp: 0x22eb3761
Exception code: 0xc0000005
Fault offset: 0x0000000000028a00
Faulting process id: 0x364c
Faulting application start time: 0x01d7fa7f5b240e8f
Faulting application path: C:\Users\amory\AppData\Local\Growtopia\Growtopia.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a54a27c0-a191-49ad-8099-f7f97934b5fc
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/26/2021 08:37:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Growtopia.exe, version: 0.0.0.0, time stamp: 0x61a3326e
Faulting module name: ntdll.dll, version: 10.0.22000.348, time stamp: 0x22eb3761
Exception code: 0xc0000005
Fault offset: 0x0000000000028a00
Faulting process id: 0x10fc
Faulting application start time: 0x01d7fa7f4ca677f5
Faulting application path: C:\Users\amory\AppData\Local\Growtopia\Growtopia.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1bf86c77-aa31-4d10-b173-1056f025fa88
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (12/30/2021 09:30:24 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0362493-A9E4-4434-8245-2D13EDBDD70D} because another computer on the network has the same name.  The server could not start.

Error: (12/30/2021 08:51:41 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0362493-A9E4-4434-8245-2D13EDBDD70D} because another computer on the network has the same name.  The server could not start.

Error: (12/30/2021 08:05:20 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0362493-A9E4-4434-8245-2D13EDBDD70D} because another computer on the network has the same name.  The server could not start.

Error: (12/30/2021 05:53:15 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0362493-A9E4-4434-8245-2D13EDBDD70D} because another computer on the network has the same name.  The server could not start.

Error: (12/30/2021 01:13:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0362493-A9E4-4434-8245-2D13EDBDD70D} because another computer on the network has the same name.  The server could not start.

Error: (12/30/2021 12:15:38 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0362493-A9E4-4434-8245-2D13EDBDD70D} because another computer on the network has the same name.  The server could not start.

Error: (12/30/2021 07:58:22 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0362493-A9E4-4434-8245-2D13EDBDD70D} because another computer on the network has the same name.  The server could not start.

Error: (12/29/2021 10:17:58 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{B0362493-A9E4-4434-8245-2D13EDBDD70D} because another computer on the network has the same name.  The server could not start.


Windows Defender:
================
Date: 2021-12-28 17:29:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-12-18 20:45:38
Description: 
N/A

Date: 2021-12-16 14:50:25
Description: 
N/A

Date: 2021-12-15 11:06:53
Description: 
N/A

Date: 2021-12-09 14:38:03
Description: 
N/A

CodeIntegrity:
===============
Date: 2021-12-21 08:32:33
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ਍


==================== Memory info =========================== 

BIOS: Dell Inc. 1.18.0 10/06/2021
Motherboard: Dell Inc. 052X6W
Processor: Intel(R) Core(TM) i3-1005G1 CPU @ 1.20GHz
Percentage of memory in use: 88%
Total physical RAM: 3863.47 MB
Available physical RAM: 429.99 MB
Total Virtual: 9495.47 MB
Available Virtual: 3944.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.45 GB) (Free:140.65 GB) NTFS

\\?\Volume{1ba8e064-2547-474a-9e85-c4c69d3b2bce}\ () (Fixed) (Total:1 GB) (Free:0.08 GB) NTFS
\\?\Volume{900f0108-e5ba-4e10-8e3b-4bac05b73d0d}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.