Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019 Ran by Jaspe (02-01-2020 13:13:24) Running from C:\Users\Jaspe\Downloads Windows 10 Home Version 1809 17763.914 (X64) (2019-03-03 12:05:09) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-814806283-1764009486-182463435-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-814806283-1764009486-182463435-503 - Limited - Disabled) Guest (S-1-5-21-814806283-1764009486-182463435-501 - Limited - Disabled) Jaspe (S-1-5-21-814806283-1764009486-182463435-1001 - Administrator - Enabled) => C:\Users\Jaspe WDAGUtilityAccount (S-1-5-21-814806283-1764009486-182463435-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-814806283-1764009486-182463435-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-814806283-1764009486-182463435-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla) NVIDIA Graphics Driver 441.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.12 - NVIDIA Corporation) RuneLite (HKU\S-1-5-21-814806283-1764009486-182463435-1001\...\RuneLite_is1) (Version: Launcher 1.6.0 - RuneLite) Spotify (HKU\S-1-5-21-814806283-1764009486-182463435-1001\...\Spotify) (Version: 1.1.6.113.gb388fe17 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.17.11 - Black Tree Gaming Ltd.) World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment) Packages: ========= Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-14] (king.com) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1661.1.0_x86__kgqvnymyfvs32 [2019-12-20] (king.com) Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_7.0.0.2_x86__m9bz608c1b9ra [2019-12-07] (Nordcurrent) Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-03-03] (Fitbit) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-03] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-03] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-14] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-10-01] (NVIDIA Corp.) Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.16.0_x64__nfy108tqq3p12 [2019-10-01] (Thumbmunkeys Ltd) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_86340b368c732efc\nvshext.dll [2019-11-05] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-12-20 10:54 - 2019-12-20 10:54 - 096131072 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\libcef.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000117760 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\libEGL.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 004342784 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\libGLESv2.dll 2019-03-03 16:31 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2019-12-20 10:54 - 2019-12-20 10:54 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\chrome_elf.dll 2019-12-20 10:54 - 2019-12-20 10:54 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\audio\qtaudio_windows.dll 2019-12-20 10:54 - 2019-12-20 10:54 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\imageformats\qgif.dll 2019-12-20 10:54 - 2019-12-20 10:54 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\imageformats\qico.dll 2019-12-20 10:54 - 2019-12-20 10:54 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\imageformats\qjpeg.dll 2019-12-20 10:54 - 2019-12-20 10:54 - 000223744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\imageformats\qmng.dll 2019-12-20 10:54 - 2019-12-20 10:54 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\imageformats\qsvg.dll 2019-12-20 10:54 - 2019-12-20 10:54 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\imageformats\qtiff.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 001140224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\platforms\qwindows.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000041984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtQml\Models.2\modelsplugin.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtQuick.2\qtquick2plugin.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000084480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000071680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000211456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\qml\QtQuick\Window.2\windowplugin.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 004943360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Core.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 005022208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Gui.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000626176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Multimedia.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000877056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Network.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 002908672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Qml.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 003078656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Quick.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000096256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5QuickControls2.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000681472 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5QuickTemplates2.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Svg.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 004718080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Widgets.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000439296 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5WinExtras.dll 2019-12-20 10:55 - 2019-12-20 10:55 - 000159232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.11740\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-814806283-1764009486-182463435-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jaspe\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop.jpg DNS Servers: 192.168.2.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-814806283-1764009486-182463435-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-814806283-1764009486-182463435-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-814806283-1764009486-182463435-1001\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D18537A1-C853-4F5E-B949-E9AB820D372B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{6DBDE018-E3D9-4073-89D6-E7745F0C021D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{80DD9E4F-E68F-49E3-A657-7993278B75F6}C:\users\jaspe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jaspe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{05FADDF2-945B-45FA-8BD7-CBE84AF45E42}C:\users\jaspe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jaspe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CF04A7D0-0B2A-4310-A510-45C4032AE32E}] => (Allow) C:\Users\Jaspe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{DFAADC85-C216-4597-8794-FBF037E833D1}] => (Allow) C:\Users\Jaspe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{B152C20C-FE06-4B46-AE17-B59AC98E1917}C:\users\jaspe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jaspe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{465E9C48-9924-469F-8E0B-89BECE1F77D5}C:\users\jaspe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jaspe\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{13D58A41-9FD8-4689-8CC3-B3D25E577909}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{DEED66BA-0EF6-4D3F-9568-F081D0518B38}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{C24B1D24-3FA2-4E0F-B83D-36052CB5BCA3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{45D8B9FC-BE22-41BE-A670-B1A3DFA37FC9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{EA9FF5AF-5940-4417-B4D5-FB2E2C768EFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe () [File not signed] FirewallRules: [{1C15B92C-2843-4BC6-A71B-E338F8B7CCAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Legend of Grimrock 2\grimrock2.exe () [File not signed] FirewallRules: [{927E457F-466B-48A7-875A-0B3340800E8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{E1995162-C8A2-42E8-B2EB-A554F9180C6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{B99BB6BA-77BF-41F5-88F1-8E568FDC574C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{95C25231-47B0-49E2-A357-93F99581563C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{DE0AB59F-0F7D-41B3-8357-F143FA466CFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe () [File not signed] FirewallRules: [{9F79C9C4-9FF0-44D1-B655-E971226A29D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe () [File not signed] FirewallRules: [{6FF8502F-81E6-4009-88C7-6DB924E86DAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed] FirewallRules: [{162DC6BA-F627-4221-8481-C25F4A55002D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed] FirewallRules: [{D620FF69-6449-4858-B4DD-DFDDA55E240E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File FirewallRules: [{3CF64471-2AFC-4D83-BCA5-9B9145535FE8}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File FirewallRules: [{2974F7CA-EBA4-4359-ACA3-8AE6C5159AFC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (ByELDI Certificate -> ) [File not signed] FirewallRules: [{D6096224-EFD1-4766-BC0A-BFC64C1DB16A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (ByELDI Certificate -> ) [File not signed] FirewallRules: [{FCBBC90B-3909-4235-B75B-4085C28414A4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{05A21FB3-15DF-4190-BAAF-262811AFF82D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{C05C8CC0-AA4D-4694-8BDB-C085D5C18CFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed] FirewallRules: [{BA30B272-D30F-4779-8D26-3A7DC1F04A92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed] ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/15/2019 03:42:14 PM) (Source: VSS) (EventID: 12305) (User: ) Description: Volume Shadow Copy Service error: Volume/disk not connected or not found. Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 000000000000023C,0x00530194,0000000000000000,0,0000014D83809500,4096,[0]). Operation: Delete Shadow Copies Execution Context Context: Volume Name: \\?\Volume{f5798673-0000-0000-0000-100000000000}\ Error: (12/07/2019 11:33:31 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WWAHost.exe version 10.0.17763.404 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1de4 Start Time: 01d5ace9a1152670 Termination Time: 4294967295 Application Path: C:\Windows\System32\WWAHost.exe Report Id: 73351d51-21ef-41f9-9c26-08e782e3b1a2 Faulting package full name: Microsoft.Windows.CloudExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Hang type: Activation Error: (12/07/2019 11:32:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wwahost.exe, version: 10.0.17763.404, time stamp: 0x5ca600dc Faulting module name: wwahost.exe, version: 10.0.17763.404, time stamp: 0x5ca600dc Exception code: 0xc0000409 Fault offset: 0x000000000002debc Faulting process id: 0x85c Faulting application start time: 0x01d5ace99bb0a8ad Faulting application path: C:\Windows\system32\wwahost.exe Faulting module path: C:\Windows\system32\wwahost.exe Report Id: c31b78c5-ca04-4541-b1c9-dee4f3cc2a50 Faulting package full name: Microsoft.MicrosoftOfficeHub_18.1910.1283.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub Error: (12/07/2019 11:20:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShellExperienceHost.exe version 10.0.17763.864 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 998 Start Time: 01d5ace7d2c89000 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 40471769-d716-4ae7-a30d-efd9897a1542 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Hang type: Quiesce Error: (11/21/2019 06:29:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/21/2019 06:28:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY) Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 4616, ProfSvc PID: 1508. Error: (11/21/2019 06:28:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=TimerEvent Error: (11/08/2019 11:10:33 AM) (Source: Wlclntfy) (EventID: 4005) (User: ) Description: The Windows logon process has unexpectedly terminated. System errors: ============= Error: (01/02/2020 12:31:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7AUP8L8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-7AUP8L8\Jaspe SID (S-1-5-21-814806283-1764009486-182463435-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/02/2020 12:31:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7AUP8L8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-7AUP8L8\Jaspe SID (S-1-5-21-814806283-1764009486-182463435-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/02/2020 12:28:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7AUP8L8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-7AUP8L8\Jaspe SID (S-1-5-21-814806283-1764009486-182463435-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/02/2020 12:28:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7AUP8L8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-7AUP8L8\Jaspe SID (S-1-5-21-814806283-1764009486-182463435-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/02/2020 12:27:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7AUP8L8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-7AUP8L8\Jaspe SID (S-1-5-21-814806283-1764009486-182463435-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/02/2020 12:27:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7AUP8L8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-7AUP8L8\Jaspe SID (S-1-5-21-814806283-1764009486-182463435-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/02/2020 12:24:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7AUP8L8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-7AUP8L8\Jaspe SID (S-1-5-21-814806283-1764009486-182463435-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/02/2020 12:24:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7AUP8L8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-7AUP8L8\Jaspe SID (S-1-5-21-814806283-1764009486-182463435-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2020-01-02 12:50:39.361 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {E83777E6-F11B-4EB2-BB4A-26606C2ADBCF} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-29 17:40:13.509 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C8BF314C-7507-42D7-BD48-B2269EB437AD} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-21 15:07:37.484 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C9A38844-20F5-49EF-BD95-5F98321C3FE6} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-21 13:10:05.914 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {1528AF66-39C0-4F3A-BE1C-D00EFD6F011A} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-15 22:43:25.556 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {89E26587-1166-4153-84F2-3C76F6E123BF} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-14 18:41:27.822 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.307.460.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-10-01 09:47:45.774 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.303.591.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16400.2 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-05-01 14:36:01.389 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.293.102.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15900.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2019-05-01 14:36:01.388 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.293.102.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15900.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2019-05-01 14:36:01.388 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.293.102.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15900.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved ==================== Memory info =========================== BIOS: American Megatrends Inc. P1.30 05/13/2014 Motherboard: ASRock Z97 Pro3 Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz Percentage of memory in use: 66% Total physical RAM: 8143.02 MB Available physical RAM: 2713.45 MB Total Virtual: 12495.02 MB Available Virtual: 3893.67 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:321.43 GB) NTFS Drive d: () (Fixed) (Total:465.66 GB) (Free:438.96 GB) NTFS Drive f: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS \\?\Volume{191669b1-0000-0000-0000-500600000000}\ () (Fixed) (Total:237.94 GB) (Free:237.81 GB) NTFS \\?\Volume{191669b1-0000-0000-0000-30823b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 191669B1) Partition 1: (Active) - (Size=237.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: F579866B) Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: F5798673) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================