Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024 Ran by Dee Skelley (11-10-2024 19:22:03) Running from C:\Users\Dee Skelley\Desktop Microsoft Windows 10 Home Version 22H2 19045.5011 (X64) (2024-10-08 19:19:29) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2958740073-524152327-740456925-500 - Administrator - Disabled) Dee Skelley (S-1-5-21-2958740073-524152327-740456925-1001 - Administrator - Enabled) => C:\Users\Dee Skelley DefaultAccount (S-1-5-21-2958740073-524152327-740456925-503 - Limited - Disabled) dskel (S-1-5-21-2958740073-524152327-740456925-1002 - Administrator - Enabled) Guest (S-1-5-21-2958740073-524152327-740456925-501 - Limited - Disabled) ozzet (S-1-5-21-2958740073-524152327-740456925-1003 - Administrator - Enabled) WDAGUtilityAccount (S-1-5-21-2958740073-524152327-740456925-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.5.2 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 129.0.6668.100 - Google LLC) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 5.1.11.133 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.11.133 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 129.0.2792.89 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 129.0.2792.79 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 131.0.2 (x64 en-US)) (Version: 131.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla) NVIDIA PhysX v8.09.04 (HKLM-x32\...\{A7E07C2B-2220-4415-87E3-784D5814BC93}) (Version: 8.09.04 - NVIDIA Corporation) PowerPoint (HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) Revo Uninstaller 2.5.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.5.0 - VS Revo Group, Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Chrome apps: ============ YouTube (HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\3a5d7b257cb5d0c14f9769fecc433d33) (Version: 1.0 - Google\Chrome) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-10-05] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-10-05] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Dee Skelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Dee Skelley\Desktop\AdwCleaner.exe:MBAM.Zone.Identifier [182] AlternateDataStreams: C:\Users\Dee Skelley\Desktop\MediaCreationTool_22H2.exe:MBAM.Zone.Identifier [185] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2958740073-524152327-740456925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dee Skelley\Pictures\Furry_files\6686e0bc71f3a1b5a95e7ba3831e9f20.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. Network Binding: ============= Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_9E06BE8F7D505564A0EB94364EDC4BA2" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BA475757-8B12-48B8-BCE9-EDC847B4FACA}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5D5FEF95-79CA-4628-9A69-A5B09CAE3C2F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5C2E0EEF-135D-4251-ABE8-829B2276F82B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{26C09BB8-88AC-4A8E-B0D2-48170F4E8D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8F5A58A8-2F34-4EF6-951D-41B83954B897}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5C5A1D32-077E-42D2-ACA3-B64111B63EB0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3B1E767B-418E-463E-A1D5-4B32748507C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed-special\Game.exe () [File not signed] FirewallRules: [{C54134E8-2DD9-4F93-A042-8D5B80C91FCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed-special\Game.exe () [File not signed] FirewallRules: [{66851D45-6C9A-48B1-A22B-5807F978CD65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM CO., LTD. -> CAPCOM U.S.A, INC.) FirewallRules: [{8C6DCD9E-D932-421B-A983-8749456F56DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM CO., LTD. -> CAPCOM U.S.A, INC.) FirewallRules: [{F2418A59-1235-4582-B71A-46CEFCFF5F49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland) FirewallRules: [{C549DE2C-5DD2-4ADA-BB83-4339FFB4AC90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland) FirewallRules: [UDP Query User{CDEF6C89-A83D-4D74-B708-ABDFC362E553}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{75DC90F3-CCBC-4DA9-A7B3-C053871F6BBF}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{48903A87-7172-42B6-837E-FF1AD5BE4C6E}C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [TCP Query User{6DB66AD7-DA47-45C8-9F95-37C940A3DD07}C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [{A494709E-ABC1-46BA-9BA4-0667B995D9CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - Little Hope\LittleHope.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [{46BAF21F-3D33-4FF2-A708-2278076D88B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - Little Hope\LittleHope.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [UDP Query User{74571DC5-E28D-4D95-9FC0-2DE755D949D2}C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe (Tessera Studios SL) [File not signed] FirewallRules: [TCP Query User{AA8D2D43-1508-440B-8994-A83B2ACFE642}C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe (Tessera Studios SL) [File not signed] FirewallRules: [{431853D6-7A3A-4763-BFFA-64DDE27C7A10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Intruders Hide and Seek\Intruders.exe () [File not signed] FirewallRules: [{B1CAB6A0-453D-4B66-9F0D-86F5C9D5BF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Intruders Hide and Seek\Intruders.exe () [File not signed] FirewallRules: [{B97F7C89-59DA-4459-88AA-51161113B351}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe => No File FirewallRules: [{6095B4B2-A276-4982-A67F-48BDEBC5921E}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe => No File FirewallRules: [{CE01C190-8981-4D12-A1D1-FA1F372818CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed] FirewallRules: [{F5BD1E88-1198-4F13-B010-7E95A2B0CEA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed] FirewallRules: [UDP Query User{43E4E806-1DCD-4231-BA83-90E88D162360}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{86D26A35-1D61-47B0-AF40-4F7BD2BE59FE}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{8B357991-D239-4CAA-942A-B7A6AD381074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slender - The Arrival\Slender - The Arrival.exe () [File not signed] FirewallRules: [{429D6F0F-055A-40F3-9CAC-455C6D7E892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slender - The Arrival\Slender - The Arrival.exe () [File not signed] FirewallRules: [{78522E69-306B-47E7-A701-1187B77E44D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed] FirewallRules: [{84FEC5C7-4CDB-47AE-9E24-0316E92CF01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed] FirewallRules: [{55E06CD5-7E21-441C-858F-DAA6834FDB5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe () [File not signed] FirewallRules: [{D169D7C4-5CEF-4EC8-94F6-3D99808285D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe () [File not signed] FirewallRules: [UDP Query User{62B6C5C7-34F0-41C5-94BE-FDB13ECE325A}C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [TCP Query User{FC3A4517-E100-4060-9D5A-DA76CA4B863E}C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{30BEFD05-3D3E-46DB-81BD-7BDB932686F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCPTheFoundation\SCPTheFoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{A3AB422A-0DB8-4572-AFB1-677B89805DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCPTheFoundation\SCPTheFoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{2FC96979-D6ED-4C5D-8843-7205FD09198F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin2\TEW2.exe (Zenimax Asia K.K.) [File not signed] FirewallRules: [{B3E0436E-7391-488C-8CED-226FC8F3EDC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin2\TEW2.exe (Zenimax Asia K.K.) [File not signed] FirewallRules: [{5EEF3A91-A526-4E0F-A530-8170E4A139A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SubnauticaZero\SubnauticaZero.exe () [File not signed] FirewallRules: [{46746F23-E5D2-413C-8510-D7B2EC657D82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SubnauticaZero\SubnauticaZero.exe () [File not signed] FirewallRules: [{C54F173E-6842-45C3-B4AA-BB552627FCF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland) FirewallRules: [{26F4EA49-F7ED-4185-A45E-4D5BCCCC68AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland) FirewallRules: [{ED4CB6EE-6D04-435A-98B2-FF2270E5580F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clue\Cluedo.exe () [File not signed] FirewallRules: [{1A9262DC-1D87-440F-80F0-C33322633BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clue\Cluedo.exe () [File not signed] FirewallRules: [{4B95A1E4-E6FF-4897-BEFC-A669C8C714C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Containment Breach Multiplayer\game.exe () [File not signed] FirewallRules: [{160B13C3-213A-42E2-8AD8-F8DF93175345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Containment Breach Multiplayer\game.exe () [File not signed] FirewallRules: [{C7711C7B-C29B-4232-9E34-C52D5B0A7FB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Labrat\SCP Labrat.exe () [File not signed] FirewallRules: [{98913933-BDAD-4435-9734-99E9DF2F1A36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Labrat\SCP Labrat.exe () [File not signed] FirewallRules: [{22A143AA-897A-43B2-8B0F-C3914DCB9743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{B073138F-F286-4867-8537-C2F69F34A56F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{F12850D1-D835-4C06-8EE5-C2924B7109EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{DEB6B823-5EDC-42D3-9DB7-9E239EC08888}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{C84A7E9C-21C4-4E7B-81ED-BE8846D8EC83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{22582601-4648-4426-89C4-F97853631912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{50D1A42A-CD3D-4060-B7B4-3AFBC9EA5A2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{6644D58A-5A42-4908-94B2-771FAE428F43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8A582698-159E-4EF3-A1D7-709F57D7C646}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{6BB42385-388B-40AD-9210-A3FA50BADE42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{882AA130-7A26-4048-8CEF-0B916EFBE53A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{2677E04E-B105-4646-A511-1665334B5F62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{BCF5374F-910B-4E85-AF31-20E391283B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed\Game.exe () [File not signed] FirewallRules: [{C168B53A-D8B4-40C0-9B2F-CE78DBDF1441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed\Game.exe () [File not signed] FirewallRules: [UDP Query User{3820EEAE-810D-405C-9E55-490010259459}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{A8389675-CDEA-4324-8C03-F6183E60AFA6}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{1826B53B-0DFD-40A3-AB6A-0C09EAD522CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{36AD491E-79B6-4015-918A-AC1EFB2BCB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{952DEC82-E68E-4BE1-8478-39AAB770ABBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{903E6A5C-DB4D-457B-AEC3-54A8437C33C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{061164CE-9DBA-434B-B413-84E77B62A6C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> ) FirewallRules: [{DF8D1765-0910-47BF-8FC6-205438EF846C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> ) FirewallRules: [{CC0463A2-1B1B-434A-9914-CF15B3B401DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{4F9E5993-9026-457F-AA51-69BFB0DBEB12}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{F6AD17CB-ED3C-4DAA-8D64-6D02196D0E66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{789901D8-742B-4FBD-A62A-45586D322CAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{6CAE6CBC-3A3D-4DC3-B4F6-461DD36C60A0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 10-10-2024 14:17:48 Windows Modules Installer 11-10-2024 19:04:03 Windows Modules Installer ==================== Faulty Device Manager Devices ============ Name: Microsoft Hyper-V Virtualization Infrastructure Driver Description: Microsoft Hyper-V Virtualization Infrastructure Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: Vid Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual Drive Enumerator Description: Microsoft Virtual Drive Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vdrvroot Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: NDIS Virtual Network Adapter Enumerator Description: NDIS Virtual Network Adapter Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisVirtualBus Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (10/11/2024 06:49:06 PM) (Source: Microsoft-Windows-WMI) (EventID: 28) (User: NT AUTHORITY) Description: Failed to Initialize WMI Core or Provider SubSystem or Event SubSystem with error number 0x80070013. This could be due to a badly installed version of WMI, WMI repository upgrade failure, insufficient disk space or insufficient memory. WMI will try to re-create the WMI Repository by auto-recovery mechanism on its next restart. Error: (10/11/2024 06:48:58 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (10/11/2024 06:48:58 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (10/11/2024 06:48:58 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (10/11/2024 06:48:58 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (10/08/2024 03:03:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409. System errors: ============= Error: (10/11/2024 06:48:57 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control. Error: (10/11/2024 06:42:06 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT AUTHORITY) Description: 3221225473A fatal error occurred processing the restoration data. Error: (10/11/2024 06:48:32 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 2:38:44 PM on ‎10/‎10/‎2024 was unexpected. Error: (10/10/2024 02:24:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240017: 2024-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5044091). Error: (10/10/2024 02:08:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Touch Keyboard and Handwriting Panel Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (10/10/2024 02:08:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Touch Keyboard and Handwriting Panel Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (10/10/2024 02:08:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Radio Management Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/10/2024 02:08:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The DevQuery Background Discovery Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. CodeIntegrity: =============== Date: 2024-10-11 18:58:10 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. Date: 2024-10-11 18:50:30 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 5103 09/19/2012 Motherboard: ASUSTeK COMPUTER INC. F2A85-M Processor: AMD A10-5800K APU with Radeon(tm) HD Graphics Percentage of memory in use: 33% Total physical RAM: 12078.23 MB Available physical RAM: 8060.75 MB Total Virtual: 13934.23 MB Available Virtual: 10166.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.85 GB) (Free:443.14 GB) (Model: WDC WD10EZEX-08WN4A0) NTFS \\?\Volume{2d4656dd-3f7a-4731-a3fb-7166dcc0a014}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS \\?\Volume{22800b9a-daa3-4194-a793-022140f7d324}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 7B309A69) Partition: GPT. ==================== End of Addition.txt =======================