Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024 Ran by Dee Skelley (04-10-2024 20:03:45) Running from C:\Users\Dee Skelley\Desktop Microsoft Windows 10 Home Version 22H2 19045.4957 (X64) (2021-07-08 18:34:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2958740073-524152327-740456925-500 - Administrator - Disabled) Dee Skelley (S-1-5-21-2958740073-524152327-740456925-1001 - Administrator - Enabled) => C:\Users\Dee Skelley DefaultAccount (S-1-5-21-2958740073-524152327-740456925-503 - Limited - Disabled) dskel (S-1-5-21-2958740073-524152327-740456925-1002 - Administrator - Enabled) Guest (S-1-5-21-2958740073-524152327-740456925-501 - Limited - Enabled) ozzet (S-1-5-21-2958740073-524152327-740456925-1003 - Administrator - Enabled) WDAGUtilityAccount (S-1-5-21-2958740073-524152327-740456925-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.5.2 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 129.0.6668.90 - Google LLC) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 129.0.2792.79 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 129.0.2792.65 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 131.0 (x64 en-US)) (Version: 131.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla) NVIDIA PhysX v8.09.04 (HKLM-x32\...\{A7E07C2B-2220-4415-87E3-784D5814BC93}) (Version: 8.09.04 - NVIDIA Corporation) PowerPoint (HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) Revo Uninstaller 2.5.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.5.0 - VS Revo Group, Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Chrome apps: ============ YouTube (HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\3a5d7b257cb5d0c14f9769fecc433d33) (Version: 1.0 - Google\Chrome) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Dee Skelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat{ca52b842-3aa0-11ec-84df-3085a9b34157}.TM.blf:D0B775491F [3442] AlternateDataStreams: C:\ProgramData\ntuser.dat{ca52b842-3aa0-11ec-84df-3085a9b34157}.TMContainer00000000000000000002.regtrans-ms:5915CEE35F [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10018] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2958740073-524152327-740456925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dee Skelley\Pictures\Furry_files\6686e0bc71f3a1b5a95e7ba3831e9f20.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. Network Binding: ============= Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "RZSurroundHelper" HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe" HKLM\...\StartupApproved\Run: => "Riot Vanguard" HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_C9176D295DD1B25034BE632CD236401C" HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_9E06BE8F7D505564A0EB94364EDC4BA2" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{789901D8-742B-4FBD-A62A-45586D322CAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{F6AD17CB-ED3C-4DAA-8D64-6D02196D0E66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{4F9E5993-9026-457F-AA51-69BFB0DBEB12}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CC0463A2-1B1B-434A-9914-CF15B3B401DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{DF8D1765-0910-47BF-8FC6-205438EF846C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> ) FirewallRules: [{061164CE-9DBA-434B-B413-84E77B62A6C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> ) FirewallRules: [{0E233C12-FD45-4C9E-A652-776AC35A8846}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File FirewallRules: [{E717B377-50FA-4C73-BA76-363FA1602785}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File FirewallRules: [{EFB169AB-2D2D-45BD-9337-6990F6ACFC44}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File FirewallRules: [{8D586DB2-183C-4899-89A3-607005E89F96}] => (Allow) C:\Users\Dee Skelley\Downloads\radeon-software-adrenalin-2020-21.7.1-minimalsetup-210714_web.exe => No File FirewallRules: [{903E6A5C-DB4D-457B-AEC3-54A8437C33C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{952DEC82-E68E-4BE1-8478-39AAB770ABBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{36AD491E-79B6-4015-918A-AC1EFB2BCB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{1826B53B-0DFD-40A3-AB6A-0C09EAD522CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [TCP Query User{A8389675-CDEA-4324-8C03-F6183E60AFA6}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{3820EEAE-810D-405C-9E55-490010259459}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{C168B53A-D8B4-40C0-9B2F-CE78DBDF1441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed\Game.exe () [File not signed] FirewallRules: [{BCF5374F-910B-4E85-AF31-20E391283B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed\Game.exe () [File not signed] FirewallRules: [{2677E04E-B105-4646-A511-1665334B5F62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{882AA130-7A26-4048-8CEF-0B916EFBE53A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{6BB42385-388B-40AD-9210-A3FA50BADE42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{8A582698-159E-4EF3-A1D7-709F57D7C646}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{6644D58A-5A42-4908-94B2-771FAE428F43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{50D1A42A-CD3D-4060-B7B4-3AFBC9EA5A2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{22582601-4648-4426-89C4-F97853631912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{C84A7E9C-21C4-4E7B-81ED-BE8846D8EC83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{DEB6B823-5EDC-42D3-9DB7-9E239EC08888}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{F12850D1-D835-4C06-8EE5-C2924B7109EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{B073138F-F286-4867-8537-C2F69F34A56F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{22A143AA-897A-43B2-8B0F-C3914DCB9743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{98913933-BDAD-4435-9734-99E9DF2F1A36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Labrat\SCP Labrat.exe () [File not signed] FirewallRules: [{C7711C7B-C29B-4232-9E34-C52D5B0A7FB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Labrat\SCP Labrat.exe () [File not signed] FirewallRules: [{160B13C3-213A-42E2-8AD8-F8DF93175345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Containment Breach Multiplayer\game.exe () [File not signed] FirewallRules: [{4B95A1E4-E6FF-4897-BEFC-A669C8C714C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Containment Breach Multiplayer\game.exe () [File not signed] FirewallRules: [{1A9262DC-1D87-440F-80F0-C33322633BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clue\Cluedo.exe () [File not signed] FirewallRules: [{ED4CB6EE-6D04-435A-98B2-FF2270E5580F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clue\Cluedo.exe () [File not signed] FirewallRules: [{26F4EA49-F7ED-4185-A45E-4D5BCCCC68AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland) FirewallRules: [{C54F173E-6842-45C3-B4AA-BB552627FCF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland) FirewallRules: [{46746F23-E5D2-413C-8510-D7B2EC657D82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SubnauticaZero\SubnauticaZero.exe () [File not signed] FirewallRules: [{5EEF3A91-A526-4E0F-A530-8170E4A139A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SubnauticaZero\SubnauticaZero.exe () [File not signed] FirewallRules: [{B3E0436E-7391-488C-8CED-226FC8F3EDC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin2\TEW2.exe (Zenimax Asia K.K.) [File not signed] FirewallRules: [{2FC96979-D6ED-4C5D-8843-7205FD09198F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin2\TEW2.exe (Zenimax Asia K.K.) [File not signed] FirewallRules: [{A3AB422A-0DB8-4572-AFB1-677B89805DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCPTheFoundation\SCPTheFoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{30BEFD05-3D3E-46DB-81BD-7BDB932686F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCPTheFoundation\SCPTheFoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [TCP Query User{FC3A4517-E100-4060-9D5A-DA76CA4B863E}C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [UDP Query User{62B6C5C7-34F0-41C5-94BE-FDB13ECE325A}C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{D169D7C4-5CEF-4EC8-94F6-3D99808285D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe () [File not signed] FirewallRules: [{55E06CD5-7E21-441C-858F-DAA6834FDB5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe () [File not signed] FirewallRules: [{84FEC5C7-4CDB-47AE-9E24-0316E92CF01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed] FirewallRules: [{78522E69-306B-47E7-A701-1187B77E44D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed] FirewallRules: [{429D6F0F-055A-40F3-9CAC-455C6D7E892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slender - The Arrival\Slender - The Arrival.exe () [File not signed] FirewallRules: [{8B357991-D239-4CAA-942A-B7A6AD381074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slender - The Arrival\Slender - The Arrival.exe () [File not signed] FirewallRules: [TCP Query User{86D26A35-1D61-47B0-AF40-4F7BD2BE59FE}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{43E4E806-1DCD-4231-BA83-90E88D162360}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{F5BD1E88-1198-4F13-B010-7E95A2B0CEA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed] FirewallRules: [{CE01C190-8981-4D12-A1D1-FA1F372818CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed] FirewallRules: [{6095B4B2-A276-4982-A67F-48BDEBC5921E}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe => No File FirewallRules: [{B97F7C89-59DA-4459-88AA-51161113B351}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe => No File FirewallRules: [{B1CAB6A0-453D-4B66-9F0D-86F5C9D5BF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Intruders Hide and Seek\Intruders.exe () [File not signed] FirewallRules: [{431853D6-7A3A-4763-BFFA-64DDE27C7A10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Intruders Hide and Seek\Intruders.exe () [File not signed] FirewallRules: [TCP Query User{AA8D2D43-1508-440B-8994-A83B2ACFE642}C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe (Tessera Studios SL) [File not signed] FirewallRules: [UDP Query User{74571DC5-E28D-4D95-9FC0-2DE755D949D2}C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe (Tessera Studios SL) [File not signed] FirewallRules: [{46BAF21F-3D33-4FF2-A708-2278076D88B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - Little Hope\LittleHope.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [{A494709E-ABC1-46BA-9BA4-0667B995D9CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - Little Hope\LittleHope.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [TCP Query User{6DB66AD7-DA47-45C8-9F95-37C940A3DD07}C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [UDP Query User{48903A87-7172-42B6-837E-FF1AD5BE4C6E}C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [TCP Query User{75DC90F3-CCBC-4DA9-A7B3-C053871F6BBF}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{CDEF6C89-A83D-4D74-B708-ABDFC362E553}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{C549DE2C-5DD2-4ADA-BB83-4339FFB4AC90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland) FirewallRules: [{F2418A59-1235-4582-B71A-46CEFCFF5F49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland) FirewallRules: [{8C6DCD9E-D932-421B-A983-8749456F56DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM CO., LTD. -> CAPCOM U.S.A, INC.) FirewallRules: [{66851D45-6C9A-48B1-A22B-5807F978CD65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM CO., LTD. -> CAPCOM U.S.A, INC.) FirewallRules: [{C54134E8-2DD9-4F93-A042-8D5B80C91FCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed-special\Game.exe () [File not signed] FirewallRules: [{3B1E767B-418E-463E-A1D5-4B32748507C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed-special\Game.exe () [File not signed] FirewallRules: [{5C5A1D32-077E-42D2-ACA3-B64111B63EB0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8F5A58A8-2F34-4EF6-951D-41B83954B897}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{26C09BB8-88AC-4A8E-B0D2-48170F4E8D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5C2E0EEF-135D-4251-ABE8-829B2276F82B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5D5FEF95-79CA-4628-9A69-A5B09CAE3C2F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C961D570-72D6-4902-A06E-4E17E3912039}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 26-09-2024 16:28:18 Scheduled Checkpoint 27-09-2024 12:25:04 Windows Modules Installer 27-09-2024 13:09:34 Windows Modules Installer 28-09-2024 15:08:47 Windows Modules Installer 28-09-2024 17:53:21 Windows Modules Installer 30-09-2024 16:48:43 Windows Modules Installer ==================== Faulty Device Manager Devices ============ Name: Microsoft Hyper-V Virtualization Infrastructure Driver Description: Microsoft Hyper-V Virtualization Infrastructure Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: Vid Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual Drive Enumerator Description: Microsoft Virtual Drive Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vdrvroot Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: NDIS Virtual Network Adapter Enumerator Description: NDIS Virtual Network Adapter Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisVirtualBus Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (10/04/2024 07:02:10 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (10/04/2024 07:01:45 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {e0f9d1bb-2317-43b8-a404-449ad7da844d} Error: (10/04/2024 07:01:45 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {e0f9d1bb-2317-43b8-a404-449ad7da844d} Error: (10/04/2024 07:01:17 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (10/04/2024 07:00:37 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {e0f9d1bb-2317-43b8-a404-449ad7da844d} Error: (10/04/2024 07:00:36 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {e0f9d1bb-2317-43b8-a404-449ad7da844d} Error: (10/04/2024 07:00:36 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {1a351b29-c74e-4331-8bce-566198cfcc76} Error: (10/04/2024 06:49:16 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. System errors: ============= Error: (10/04/2024 07:25:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3.0 service failed to start due to the following error: The system cannot find the path specified. Error: (10/04/2024 06:50:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3.0 service failed to start due to the following error: The system cannot find the path specified. Error: (10/02/2024 12:35:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3.0 service failed to start due to the following error: The system cannot find the path specified. Error: (10/02/2024 12:34:23 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control. Error: (10/02/2024 12:25:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3.0 service failed to start due to the following error: The system cannot find the path specified. Error: (10/02/2024 12:23:28 PM) (Source: DCOM) (EventID: 10010) (User: ORIGINALWIN10) Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout. Error: (10/02/2024 11:24:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.3.0 service failed to start due to the following error: The system cannot find the path specified. Error: (10/02/2024 11:23:57 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 4:48:34 PM on ‎10/‎1/‎2024 was unexpected. Windows Defender: ================ Date: 2024-10-04 19:54:44 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-04 19:15:56 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-11-23 19:08:26 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-07-22 19:24:24 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-07-22 19:07:59 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2024-10-04 19:04:33 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. Date: 2023-02-23 15:17:31 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. Date: 2022-05-26 20:37:21 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. Date: 2022-04-29 19:36:19 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. Date: 2022-04-29 19:28:39 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. CodeIntegrity: =============== Date: 2024-10-04 18:52:18 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2024-10-04 18:51:17 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 5103 09/19/2012 Motherboard: ASUSTeK COMPUTER INC. F2A85-M Processor: AMD A10-5800K APU with Radeon(tm) HD Graphics Percentage of memory in use: 22% Total physical RAM: 12078.23 MB Available physical RAM: 9302.39 MB Total Virtual: 13934.23 MB Available Virtual: 11282.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.9 GB) (Free:443.27 GB) (Model: WDC WD10EZEX-08WN4A0) NTFS \\?\Volume{c7297c65-6034-45ca-8036-e15ad3fd9034}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS \\?\Volume{22800b9a-daa3-4194-a793-022140f7d324}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 7B309A69) Partition: GPT. ==================== End of Addition.txt =======================