Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2024
Ran by Ripple (15-09-2024 12:14:15)
Running from C:\Users\Ripple\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.4037 (X64) (2024-07-28 22:16:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-321866159-774951516-752708211-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-321866159-774951516-752708211-503 - Limited - Disabled)
Guest (S-1-5-21-321866159-774951516-752708211-501 - Limited - Disabled)
Ripple (S-1-5-21-321866159-774951516-752708211-1001 - Administrator - Enabled) => C:\Users\Ripple
WDAGUtilityAccount (S-1-5-21-321866159-774951516-752708211-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.07 (x64) (HKLM\...\7-Zip) (Version: 24.07 - Igor Pavlov)
Control Center Service (HKLM\...\{6ea3ce12-b991-4b65-9f8d-b148eaaecd87}_is1) (Version: 4.1.47.11 - OEM)
Core Temp 1.18.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU)
Discord (HKU\S-1-5-21-321866159-774951516-752708211-1001\...\Discord) (Version: 1.0.9011 - Discord Inc.)
FTMO MetaTrader 5 (HKLM\...\FTMO MetaTrader 5) (Version: 5.00 - MetaQuotes Ltd.)
Geeks3D FurMark 2.3.0.0 x64 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 2.3.0.0 - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 128.0.6613.138 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{BB1E910B-7D2D-4FC8-A87C-5A53CAC2D5A8}) (Version: 10.1.19159.8331 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a8ed3a4b-8ec2-4b7d-b0f6-0f4db00ea2ce}) (Version: 10.1.19159.8331 - Intel(R) Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.42.18 - Tonec Inc.)
Malwarebytes version 5.1.10.127 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.10.127 - Malwarebytes)
MetaTrader 4 EXNESS (HKLM-x32\...\MetaTrader 4 EXNESS) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.17928.20156 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 130.0 (x64 en-US)) (Version: 130.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 128.0.3 - Mozilla)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.28.0.417 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.417 - NVIDIA Corporation)
NVIDIA Graphics Driver 560.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.94 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.0.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
NVIDIA USBC Driver 1.52.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.52.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.2.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17928.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17928.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
OmegaT version 5.7.1_Beta (HKLM\...\org.omegat_is1) (Version: 5.7.1_Beta - OmegaT)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.5 - The qBittorrent project)
Spotify (HKU\S-1-5-21-321866159-774951516-752708211-1001\...\Spotify) (Version: 1.2.13.661.ga588f749 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop (HKU\S-1-5-21-321866159-774951516-752708211-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.5.5 - Telegram FZ-LLC)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5587.0_x64__8j3eq9eme6ctt [2024-08-21] (INTEL CORP) [Startup Task]
GamingCenter3_Cross -> C:\Program Files\WindowsApps\ControlCenter3_4.1.47.11_x64__h329z55cwnj8g [2024-07-29] (STD) [Startup Task]
MicrosoftWindows.LKG.DesktopSpotlight -> C:\Windows\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-08-18] (Microsoft Windows)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-08-24] (NVIDIA Corp.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-08-07] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_x64__dt26b99r8h8gj [2024-07-29] (Realtek Semiconductor Corp)
Widgets Platform Runtime -> C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe [2024-09-12] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-09-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_06515397070a8096\nvshext.dll [2024-08-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-06-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-09-15] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2024-09-15 10:47 - 2024-09-15 10:47 - 000457216 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] \\?\C:\Users\Ripple\AppData\Local\Temp\JNA361~1.DLL
2024-07-29 07:46 - 2024-06-19 12:45 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2024-09-15 10:47 - 2024-09-15 10:47 - 000198144 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\Ripple\AppData\Local\Temp\jna--1846959536\jna6908979106209212219.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-30] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-07 11:09 - 2022-05-07 11:07 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-321866159-774951516-752708211-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ripple\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 110.44.112.245 - 110.44.113.245
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek Gaming 2.5GbE Family Controller -> rt25cx21x64.sys
Wi-Fi: Intel(R) Wi-Fi 6 AX201 160MHz -> Netwtw14.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{02431F45-E9AC-43E8-A3A8-37D096806592}] => (Allow) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe (Uniwill Technology Inc. -> )
FirewallRules: [{694497C3-87AA-421F-B299-6BBE35B700A4}] => (Allow) C:\Program Files\OEM\Control Center\UniwillService\GCUBridge.exe (Uniwill Technology Inc. -> )
FirewallRules: [{EF694CD0-163C-4988-ACE1-48722886C00D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B031D41E-9847-42A2-BFB7-912655A44A09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4213CCC7-B110-417D-867E-3AB97DE6D547}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{20311AB3-F824-4165-9454-67E3AFBF8B8D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AEE6511B-5730-4C56-AF45-37EF5B2D6961}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{C30935AC-052B-4490-8C0B-324053BE5D7F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{5AB4FD8C-F165-4485-A3DB-B0516121795E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{FB24A1C2-65C4-40D8-8FD5-B429B851797B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{17C2401D-3DAA-49EB-AB2D-7608C5020E9C}C:\users\ripple\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ripple\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) [File not signed]
FirewallRules: [UDP Query User{28A08DED-D679-432F-92BA-0BAC5B822B91}C:\users\ripple\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ripple\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) [File not signed]
FirewallRules: [{9C163EDD-58ED-46AD-98DB-FF457C64BDC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{10D85514-C343-400A-B1CA-47A24B764B79}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{80B032A4-81CC-4032-97B8-E35E7455E883}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4667A03D-ED91-46C5-8B5B-184E13AEE9FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{930D53A9-59A7-4237-BBB7-7175DA9337FB}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{469B242C-701A-44AE-830B-9ACBD43FDC6B}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{74E2B35A-573A-4D75-8BFF-C4D6279218CC}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{2DC30722-E022-4A41-B25C-A984DAF7099D}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{2002B01F-A0E4-4EC4-9EAA-A147AD2C1ADE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F3EC1F4F-F233-45A1-A502-C8C6EFCC27E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0FDEB5CA-1916-450E-B1FC-D1BDE93F9673}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B0ED0ED8-3AA3-447A-AE01-08E0543F5029}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{86B976B6-29B9-4FDF-9BB2-120C197A2948}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PokerLegends\PokerLegends.exe () [File not signed]
FirewallRules: [{5EA9C06F-A505-4868-93F5-5557D2E0E3AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PokerLegends\PokerLegends.exe () [File not signed]
FirewallRules: [TCP Query User{83805201-4313-4F94-A4DB-F199F2AC40AA}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe => No File
FirewallRules: [UDP Query User{CE6D0CD7-D07E-45C4-86F7-4E61A2416491}C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9157\discord.exe => No File
FirewallRules: [{BC530A5C-B941-46E6-B13A-91B141BA4AD8}] => (Allow) C:\Program Files\FTMO MetaTrader 5\metatester64.exe (MetaQuotes Ltd -> MetaQuotes Ltd.)
FirewallRules: [TCP Query User{E4A2FAA8-D117-4F90-BF43-216FEC732FBA}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe => No File
FirewallRules: [UDP Query User{4219C3AD-CB60-4B4C-BB41-A83AD2AD51AE}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe => No File
FirewallRules: [TCP Query User{1A17A0D5-15CB-4506-B26B-4FADCB533E0E}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe => No File
FirewallRules: [UDP Query User{753DFF81-ECEB-4F1D-943E-B1849141290A}C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe] => (Allow) C:\users\ripple\appdata\local\discord\app-1.0.9159\discord.exe => No File
FirewallRules: [{A03F0984-CA23-421E-99D7-3C658D0F1A98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. -> Blue Mammoth Games)
FirewallRules: [{F4058A20-94A1-481C-B788-4C2876AE8D81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. -> Blue Mammoth Games)
FirewallRules: [{F76E9603-C274-4992-BD26-492077E27F71}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{266F160B-8A77-4611-B772-5E102C8AA168}D:\games\soulstone.survivors.v2024.08.07.hotfix.4\soulstone.survivors.v2024.08.07.hotfix.4\soulstone survivors.exe] => (Allow) D:\games\soulstone.survivors.v2024.08.07.hotfix.4\soulstone.survivors.v2024.08.07.hotfix.4\soulstone survivors.exe () [File not signed]
FirewallRules: [UDP Query User{90508C2E-3BEF-4BC2-A2E2-6FACF0F179A1}D:\games\soulstone.survivors.v2024.08.07.hotfix.4\soulstone.survivors.v2024.08.07.hotfix.4\soulstone survivors.exe] => (Allow) D:\games\soulstone.survivors.v2024.08.07.hotfix.4\soulstone.survivors.v2024.08.07.hotfix.4\soulstone survivors.exe () [File not signed]
FirewallRules: [{E29341C1-B664-4F15-B0ED-113BFAF609D8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:930.66 GB) (Free:816.58 GB) (88%)
==================== Faulty Device Manager Devices ============
Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvvad_WaveExtensible
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (09/08/2024 10:53:29 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HVT1NAR)
Description: Faulting application name: IDMan.exe, version: 6.42.17.3, time stamp: 0x66a18766
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000040
Faulting process id: 0x0x2d48
Faulting application start time: 0x0x1db018f708cbae7
Faulting application path: C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Faulting module path: unknown
Report Id: 62143fed-cc8c-4329-907d-57b005e128a4
Faulting package full name:
Faulting package-relative application ID:
Error: (09/05/2024 11:59:29 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HVT1NAR)
Description: Faulting application name: smartscreen.exe, version: 10.0.22621.3672, time stamp: 0xae0f1a45
Faulting module name: SmartScreen.DLL, version: 1.0.0.79, time stamp: 0x6606ec67
Exception code: 0xc0000409
Fault offset: 0x00000000001d8255
Faulting process id: 0x0x5f5c
Faulting application start time: 0x0x1daffbf5a7bbd98
Faulting application path: C:\Windows\System32\smartscreen.exe
Faulting module path: C:\Windows\System32\SmartScreen.DLL
Report Id: b6f33e8b-28c3-4771-a6e1-983d141eab54
Faulting package full name:
Faulting package-relative application ID:
Error: (09/05/2024 11:48:22 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HVT1NAR)
Description: Faulting application name: IDMan.exe, version: 6.42.17.3, time stamp: 0x66a18766
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfff2ebe8
Faulting process id: 0x0x33e4
Faulting application start time: 0x0x1daff4fc691863c
Faulting application path: C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Faulting module path: unknown
Report Id: b8118f98-28ca-448b-8371-0ca83eed43a7
Faulting package full name:
Faulting package-relative application ID:
Error: (09/05/2024 08:30:12 AM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5
Error: (08/30/2024 06:51:03 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: GCUService.exe, version: 1.0.2.70, time stamp: 0x640579b1
Faulting module name: KERNELBASE.dll, version: 10.0.22621.3958, time stamp: 0xfbc3a4f6
Exception code: 0xe0434352
Fault offset: 0x000000000005fabc
Faulting process id: 0x0x5188
Faulting application start time: 0x0x1dafa3fe09d31eb
Faulting application path: C:\Program Files\OEM\Control Center\UniwillService\MyControlCenter\GCUService.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: db2970c3-3e30-4174-ada7-b46eea3da9ce
Faulting package full name:
Faulting package-relative application ID:
Error: (08/30/2024 06:51:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GCUService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at System.Management.ManagementObjectCollection+ManagementObjectEnumerator.MoveNext()
at MyControlCenter.HardwareInfoCollect.getGraphicInfo()
at MyControlCenter.GPUInfo..ctor()
at MyControlCenter.MySystemManager..ctor()
at MyControlCenter.MySystemCtrl..ctor()
at MyControlCenter.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at MyControlCenter.App.Main()
Error: (08/28/2024 11:21:49 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-HVT1NAR)
Description: Faulting application name: ipf_helper.exe, version: 1.0.10900.26658, time stamp: 0x623def6c
Faulting module name: MMDevApi.dll, version: 10.0.22621.3672, time stamp: 0xaed02870
Exception code: 0xc0000005
Fault offset: 0x000000000001389d
Faulting process id: 0x0x28b0
Faulting application start time: 0x0x1daf8eb22a49948
Faulting application path: C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2dc21f242486f9\ipf_helper.exe
Faulting module path: C:\Windows\System32\MMDevApi.dll
Report Id: 5e802481-f1d1-43a4-acef-6784ae898c73
Faulting package full name:
Faulting package-relative application ID:
Error: (08/25/2024 08:21:40 AM) (Source: Software Protection Platform Service) (EventID: 8228) (User: )
Description: The rules engine failed to evaluate the rules.
Reason:0x80070057
Stage:BUILD_FULL_MACHINE_STATE
Additional Data:
<none>
System errors:
=============
Error: (09/15/2024 10:56:20 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.101.2 with the system
having network hardware address 74-40-BB-7E-89-88. Network operations on this system may
be disrupted as a result.
Error: (09/15/2024 10:44:23 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {12f1ea6e-1cc3-4b42-945b-a76da2a8f13c}, had event 74
Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/15/2024 12:39:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HVT1NAR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2024-09-15 12:00:02
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Kmsactivator&threatid=2147750885&enterprise=0
Name: HackTool:Win32/Kmsactivator
Severity: High
Category: Tool
Path: file:_D:\Downloads\Microsoft Office 2019 Pro Plus v2010 Build 13328.20292 x64 [FileCR]\Microsoft Activation Scripts 1.4\Separate-Files-Version\Activators\Online_KMS_Activation\Activate.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Ripple\AppData\Local\Temp\{7e46bbcd-bf24-4560-9f44-a1393678d63c}\b7129dc5.exe
Security intelligence Version: AV: 1.417.707.0, AS: 1.417.707.0, NIS: 1.417.707.0
Engine Version: AM: 1.1.24070.3, NIS: 1.1.24070.3
Date: 2024-09-15 10:44:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-09-14 10:04:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-09-12 09:32:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-09-11 10:12:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2024-09-15 12:09:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2024-09-15 12:08:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
Date: 2024-09-15 12:08:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends International, LLC. N.1.14STD00 09/15/2022
Motherboard: Standard Standard
Processor: 12th Gen Intel(R) Core(TM) i7-12700H
Percentage of memory in use: 40%
Total physical RAM: 32508.54 MB
Available physical RAM: 19188.43 MB
Total Virtual: 34556.54 MB
Available Virtual: 18297.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.66 GB) (Free:816.58 GB) (Model: CT1000P3PSSD8) NTFS
Drive d: (PortableSSD) (Fixed) (Total:931.51 GB) (Free:157.26 GB) (Model: SanDisk Portable SSD SCSI Disk Device) NTFS
Drive e: (portable movies & games) (Fixed) (Total:953.85 GB) (Free:448.53 GB) (Model: JMicron Tech SCSI Disk Device) NTFS
\\?\Volume{5491c0a9-bfef-4b8a-9018-be1ebcfc7203}\ () (Fixed) (Total:0.74 GB) (Free:0.06 GB) NTFS
\\?\Volume{af972d02-d4b6-4ecb-aa91-ebcf7f919406}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================