Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2021 Ran by ndsky (09-08-2021 08:48:54) Running from C:\Users\ndsky\Desktop Windows 10 Home Version 20H2 19042.1110 (X64) (2021-02-23 13:02:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1019089769-636335406-1104063552-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1019089769-636335406-1104063552-503 - Limited - Disabled) Guest (S-1-5-21-1019089769-636335406-1104063552-501 - Limited - Disabled) ndsky (S-1-5-21-1019089769-636335406-1104063552-1001 - Administrator - Enabled) => C:\Users\ndsky WDAGUtilityAccount (S-1-5-21-1019089769-636335406-1104063552-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.) BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - ) Corporate Clash Launcher (HKLM-x32\...\CorporateClashPySide2) (Version: 1.2.0 - Corporate Clash) Discord (HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.67 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.34.24 - Quicken) Toontown Multicontroller (HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\59876efede3557f0) (Version: 1.2.1.0 - DF Software) Packages: ========= Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosSpeakerSystem_3.20800.804.0_x64__rz1tebttyb220 [2021-03-04] (Dolby Laboratories) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-25] (HP Inc.) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-25] (INTEL CORP) [Startup Task] iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-07-12] (Apple Inc.) [Startup Task] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Studios) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-03-04] (Realtek Semiconductor Corp) Samsung Flow -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy [2021-08-07] (Samsung Electronics Co, Ltd.) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0 [2021-08-07] (Spotify AB) [Startup Task] Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.34.0_x64__8j3eq9eme6ctt [2021-08-07] (INTEL CORP) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-08-08 11:11 - 2021-08-08 11:11 - 000114176 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\_ctypes.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000172544 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\_elementtree.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 002255872 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\_hashlib.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000032256 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\_multiprocessing.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000046080 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\_psutil_windows.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000047616 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\_socket.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 002825216 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\_ssl.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000026112 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\_yappi.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000080896 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\bz2.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000015872 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\common.time34.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000007680 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\hashobjs_ext.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000301568 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\PIL._imaging.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000168448 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\pyexpat.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 001084416 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\pysqlite2._sqlite.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000548864 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\pythoncom27.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 000137728 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\pywintypes27.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 000010752 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\select.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000020992 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\thumbnails_ext.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000689664 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\unicodedata.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000119808 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\usb_ext.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000128512 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32api.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000438784 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32com.shell.shell.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000011776 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32crypt.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000023040 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32event.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000149504 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32file.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000223232 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32gui.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000048128 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32inet.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000029696 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32pdh.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000027648 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32pipe.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000044032 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32process.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000020480 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32profile.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000136192 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32security.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000026624 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\win32ts.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000034304 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\windows.conditional.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000037888 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\windows.connectivity.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000071680 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\windows.device_monitor.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000103936 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\windows.volumes.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000019968 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\windows.winwrap.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 001325056 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wx._controls_.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 001489408 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wx._core_.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 001007104 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wx._gdi_.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000103424 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wx._html2.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 000916992 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wx._misc_.pyd 2021-08-08 11:11 - 2021-08-08 11:11 - 001039872 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wx._windows_.pyd 2021-02-24 23:00 - 2021-02-24 23:00 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2021-02-24 23:00 - 2021-02-24 23:00 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\python27.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wxbase30u_net_vc90_x64.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wxbase30u_vc90_x64.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wxmsw30u_adv_vc90_x64.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wxmsw30u_core_vc90_x64.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wxmsw30u_html_vc90_x64.dll 2021-08-08 11:11 - 2021-08-08 11:11 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI117842\wxmsw30u_webview_vc90_x64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1019089769-636335406-1104063552-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-1019089769-636335406-1104063552-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-25] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1019089769-636335406-1104063552-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ndsky\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\whatsapp image 2020-10-19 at 9.25.39 am.jpeg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{40E1E192-49A3-488E-941C-BAC62B15A1E2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C15942E3-D948-4D10-BF06-4FF4DE28218D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F627F99C-D3C0-4F33-BAD0-66628D7F5E69}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4914F44C-5E35-47C9-9DD4-ABF03E2823E0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F8A9E306-2F58-411F-B33F-BECD24620CD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CB5AA38C-E50F-4ECE-AD64-B63C572680E9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{BBEE801D-F17B-44EA-A5D3-EACCD57648CE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C91B1792-8DFD-47DE-938A-B64AA1CD0F7D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{F57E3153-56E1-4979-A677-20D7D60FEA97}C:\windows\system32\taskhostw.exe] => (Block) C:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{672CE734-8D1B-4C66-9F0C-BAFFE7183C3B}C:\windows\system32\taskhostw.exe] => (Block) C:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CCE7341A-15B4-4525-858C-C392C310237F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2567381B-10E6-49ED-9D2F-165BEAF59FED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D04A932E-C54F-432F-B6E9-39392BC0D738}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F65F81B3-4241-469F-BC7B-59010B2434BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{78E92EB3-E1C4-4552-AF36-5417F6FD08FE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{4980C4D8-DBA7-4A55-BE1B-2FFF66214ADB}C:\windows\system32\sihost.exe] => (Block) C:\windows\system32\sihost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{6A1A1805-0502-4E46-8746-7E1C90EEC7F3}C:\windows\system32\sihost.exe] => (Block) C:\windows\system32\sihost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DDD879FD-53A7-40E9-86B4-091CDF04F992}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{B991F064-F2FC-4352-B216-96F09063F72E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{268AF377-9E01-4BCF-96F4-7CEA14C986A1}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{810CDBC6-131E-42E4-885D-E89F0CC381E7}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{5131F590-648B-456C-8984-74F173A190B4}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{BBC3712C-A1B4-48C7-8F96-31C945FBD891}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{5F6F33B2-4847-4BB5-9749-CC85C21F33D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{30730EB7-9ADB-47BD-97D2-D7FE0B158C99}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{378B2698-BA30-49CE-9100-AE222EAB7051}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{98E85061-4814-4600-A6B9-38C3E5C60ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E143C75F-532A-4F8E-9B15-BC32A52DA994}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8BB99BB3-DC3F-4D66-BC26-E3E7982E9488}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{420F4E73-5D5F-48FB-BAD4-84DC3F75FB4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EF8CE845-99ED-444F-923A-7AAAF24E38EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) ==================== Restore Points ========================= 22-07-2021 09:25:40 Scheduled Checkpoint 31-07-2021 11:58:16 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/08/2021 11:11:15 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-NPCRNS2$ via https://INTC-KeyId-edda5baa4c4f5d5d3a73ab1a98584538c8cf85c5.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"intc-keyid-edda5baa4c4f5d5d3a73ab1a98584538c8cf85c5.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sun, 08 Aug 2021 18:11:14 GMT Content-Length: 122 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: dae85973-c1b6-496a-ad71-12dbfcf0f5c0 Method: GET(515ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/08/2021 11:10:44 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/08/2021 11:10:44 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/08/2021 11:10:44 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/08/2021 11:10:44 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/05/2021 03:45:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: GameBar.exe, version: 5.721.6282.0, time stamp: 0x60da0a09 Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2 Exception code: 0xc0000409 Fault offset: 0x000000000010bd3e Faulting process id: 0x18428 Faulting application start time: 0x01d787b7892e369e Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBar.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 00efe316-1629-4d9b-87e8-93f9bd2dae9a Faulting package full name: Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (08/04/2021 07:18:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.19041.1081, time stamp: 0xa9fbc825 Faulting module name: DolbyAPOvlldp.dll, version: 3.20801.826.0, time stamp: 0x5f880752 Exception code: 0xc0000005 Fault offset: 0x0000000000041ab6 Faulting process id: 0x128e0 Faulting application start time: 0x01d7899ede32d3f8 Faulting application path: C:\Windows\system32\AUDIODG.EXE Faulting module path: C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DolbyAPOvlldp.dll Report Id: c5ef74ec-be47-4cfe-a932-0cc6bc58f01b Faulting package full name: Faulting package-relative application ID: Error: (08/04/2021 05:02:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LogonUI.exe, version: 10.0.19041.1, time stamp: 0xc08a5452 Faulting module name: AuthExt.dll, version: 10.0.19041.746, time stamp: 0x3c29e64f Exception code: 0xc0000005 Fault offset: 0x000000000000170e Faulting process id: 0x11aa0 Faulting application start time: 0x01d7898276d167f1 Faulting application path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\system32\AuthExt.dll Report Id: a9b48794-fcf9-4a62-929d-dce66b1f21c6 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/09/2021 06:57:56 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NPCRNS2) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/09/2021 06:56:25 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NPCRNS2) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/09/2021 06:54:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NPCRNS2) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/09/2021 06:53:25 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NPCRNS2) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/09/2021 06:51:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout. Error: (08/09/2021 12:42:01 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout. Error: (08/08/2021 10:42:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout. Error: (08/08/2021 09:34:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout. Windows Defender: ================ Date: 2021-08-08 09:36:44 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-07 12:22:03 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-06 08:13:39 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-04 05:06:44 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-03 05:16:52 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-06-30 03:44:29 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.343.92.0 Previous security intelligence Version: 1.341.1541.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.18300.4 Previous Engine Version: 1.1.18200.4 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-30 03:44:29 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.343.92.0 Previous security intelligence Version: 1.341.1541.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.18300.4 Previous Engine Version: 1.1.18200.4 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-30 03:44:29 Description: Microsoft Defender Antivirus has encountered an error trying to update the engine. New Engine Version: 1.1.18300.4 Previous Engine Version: 1.1.18200.4 Error Code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-29 21:32:40 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.343.92.0 Previous security intelligence Version: 1.341.1541.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.18300.4 Previous Engine Version: 1.1.18200.4 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-06-29 21:32:40 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.343.92.0 Previous security intelligence Version: 1.341.1541.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.18300.4 Previous Engine Version: 1.1.18200.4 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. CodeIntegrity: =============== Date: 2021-04-10 04:13:42 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: LENOVO F5CN38WW 10/26/2020 Motherboard: LENOVO LNVNB161216 Processor: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz Percentage of memory in use: 85% Total physical RAM: 7991.3 MB Available physical RAM: 1173.71 MB Total Virtual: 30519.3 MB Available Virtual: 19576.25 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.16 GB) (Free:348.15 GB) (Protected) NTFS \\?\Volume{71321a82-9a9b-479f-9899-5b3e9d1712d9}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS \\?\Volume{3b9f7110-6b35-42b0-9a51-93794aa7d4e3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================