Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2021 Ran by ndsky (10-08-2021 11:16:05) Running from C:\Users\ndsky\Desktop Windows 10 Home Version 21H1 19043.1110 (X64) (2021-08-10 13:16:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1019089769-636335406-1104063552-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1019089769-636335406-1104063552-503 - Limited - Disabled) Guest (S-1-5-21-1019089769-636335406-1104063552-501 - Limited - Disabled) ndsky (S-1-5-21-1019089769-636335406-1104063552-1001 - Administrator - Enabled) => C:\Users\ndsky WDAGUtilityAccount (S-1-5-21-1019089769-636335406-1104063552-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.) BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - ) Corporate Clash Launcher (HKLM-x32\...\CorporateClashPySide2) (Version: 1.2.0 - Corporate Clash) Discord (HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.67 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.34.24 - Quicken) Toontown Multicontroller (HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\59876efede3557f0) (Version: 1.2.1.0 - DF Software) Packages: ========= Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosSpeakerSystem_3.20800.804.0_x64__rz1tebttyb220 [2021-03-04] (Dolby Laboratories) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-25] (HP Inc.) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-25] (INTEL CORP) [Startup Task] iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-07-12] (Apple Inc.) [Startup Task] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Studios) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.16.228.0_x64__dt26b99r8h8gj [2021-03-04] (Realtek Semiconductor Corp) Samsung Flow -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy [2021-08-07] (Samsung Electronics Co, Ltd.) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0 [2021-08-07] (Spotify AB) [Startup Task] Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.34.0_x64__8j3eq9eme6ctt [2021-08-07] (INTEL CORP) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-08-10 07:13 - 2021-08-10 07:13 - 000114176 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\_ctypes.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000172544 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\_elementtree.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 002255872 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\_hashlib.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000032256 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\_multiprocessing.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000046080 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\_psutil_windows.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000047616 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\_socket.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 002825216 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\_ssl.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000026112 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\_yappi.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000080896 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\bz2.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000015872 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\common.time34.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000007680 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\hashobjs_ext.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000301568 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\PIL._imaging.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000168448 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\pyexpat.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 001084416 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\pysqlite2._sqlite.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000548864 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\pythoncom27.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 000137728 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\pywintypes27.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 000010752 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\select.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000020992 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\thumbnails_ext.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000689664 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\unicodedata.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000119808 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\usb_ext.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000128512 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32api.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000438784 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32com.shell.shell.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000011776 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32crypt.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000023040 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32event.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000149504 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32file.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000223232 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32gui.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000048128 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32inet.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000029696 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32pdh.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000027648 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32pipe.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000044032 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32process.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000020480 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32profile.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000136192 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32security.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000026624 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\win32ts.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000034304 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\windows.conditional.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000037888 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\windows.connectivity.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000071680 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\windows.device_monitor.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000103936 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\windows.volumes.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000019968 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\windows.winwrap.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 001325056 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wx._controls_.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 001489408 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wx._core_.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 001007104 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wx._gdi_.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000103424 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wx._html2.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 000916992 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wx._misc_.pyd 2021-08-10 07:13 - 2021-08-10 07:13 - 001039872 _____ () [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wx._windows_.pyd 2021-02-24 23:00 - 2021-02-24 23:00 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2021-02-24 23:00 - 2021-02-24 23:00 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\python27.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wxbase30u_net_vc90_x64.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wxbase30u_vc90_x64.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wxmsw30u_adv_vc90_x64.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wxmsw30u_core_vc90_x64.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wxmsw30u_html_vc90_x64.dll 2021-08-10 07:13 - 2021-08-10 07:13 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\ndsky\AppData\Local\Temp\_MEI102962\wxmsw30u_webview_vc90_x64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1019089769-636335406-1104063552-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-1019089769-636335406-1104063552-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-25] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-08-03] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1019089769-636335406-1104063552-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ndsky\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\whatsapp image 2020-10-19 at 9.25.39 am.jpeg DNS Servers: 192.168.131.30 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{EF8CE845-99ED-444F-923A-7AAAF24E38EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{420F4E73-5D5F-48FB-BAD4-84DC3F75FB4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8BB99BB3-DC3F-4D66-BC26-E3E7982E9488}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E143C75F-532A-4F8E-9B15-BC32A52DA994}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{98E85061-4814-4600-A6B9-38C3E5C60ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{378B2698-BA30-49CE-9100-AE222EAB7051}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{30730EB7-9ADB-47BD-97D2-D7FE0B158C99}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5F6F33B2-4847-4BB5-9749-CC85C21F33D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{BBC3712C-A1B4-48C7-8F96-31C945FBD891}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{5131F590-648B-456C-8984-74F173A190B4}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{810CDBC6-131E-42E4-885D-E89F0CC381E7}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{268AF377-9E01-4BCF-96F4-7CEA14C986A1}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{B991F064-F2FC-4352-B216-96F09063F72E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DDD879FD-53A7-40E9-86B4-091CDF04F992}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{6A1A1805-0502-4E46-8746-7E1C90EEC7F3}C:\windows\system32\sihost.exe] => (Block) C:\windows\system32\sihost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{4980C4D8-DBA7-4A55-BE1B-2FFF66214ADB}C:\windows\system32\sihost.exe] => (Block) C:\windows\system32\sihost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{78E92EB3-E1C4-4552-AF36-5417F6FD08FE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F65F81B3-4241-469F-BC7B-59010B2434BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D04A932E-C54F-432F-B6E9-39392BC0D738}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2567381B-10E6-49ED-9D2F-165BEAF59FED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CCE7341A-15B4-4525-858C-C392C310237F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{672CE734-8D1B-4C66-9F0C-BAFFE7183C3B}C:\windows\system32\taskhostw.exe] => (Block) C:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{F57E3153-56E1-4979-A677-20D7D60FEA97}C:\windows\system32\taskhostw.exe] => (Block) C:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C91B1792-8DFD-47DE-938A-B64AA1CD0F7D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{BBEE801D-F17B-44EA-A5D3-EACCD57648CE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CB5AA38C-E50F-4ECE-AD64-B63C572680E9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F8A9E306-2F58-411F-B33F-BECD24620CD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4914F44C-5E35-47C9-9DD4-ABF03E2823E0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F627F99C-D3C0-4F33-BAD0-66628D7F5E69}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C15942E3-D948-4D10-BF06-4FF4DE28218D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{40E1E192-49A3-488E-941C-BAC62B15A1E2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:464.82 GB) (Free:339.26 GB) (73%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/10/2021 06:16:05 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-NPCRNS2$ via https://INTC-KeyId-edda5baa4c4f5d5d3a73ab1a98584538c8cf85c5.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"intc-keyid-edda5baa4c4f5d5d3a73ab1a98584538c8cf85c5.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Tue, 10 Aug 2021 13:16:04 GMT Content-Length: 122 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 3fd6eef6-9d12-4dd3-8836-cc42f31698d6 Method: GET(609ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/10/2021 06:13:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409. System errors: ============= Error: (08/10/2021 06:13:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout. Error: (08/10/2021 06:13:23 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Intel(R) Audio Service service terminated with the following service-specific error: The operation completed successfully. Error: (08/10/2021 06:13:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service depends on the IP Helper service which failed to start because of the following error: The operation completed successfully. Error: (08/10/2021 06:13:22 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/10/2021 06:13:18 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Intel(R) Audio Service service terminated with the following service-specific error: The operation completed successfully. Error: (08/10/2021 06:13:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Network List Service service terminated with the following error: The device is not ready. ==================== Memory info =========================== BIOS: LENOVO F5CN38WW 10/26/2020 Motherboard: LENOVO LNVNB161216 Processor: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz Percentage of memory in use: 86% Total physical RAM: 7991.3 MB Available physical RAM: 1050.43 MB Total Virtual: 30519.3 MB Available Virtual: 20056.71 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.82 GB) (Free:339.26 GB) (Protected) NTFS \\?\Volume{471b01f9-f85a-4782-80e6-d102d08e9fae}\ () (Fixed) (Total:0.82 GB) (Free:0.08 GB) NTFS \\?\Volume{3b9f7110-6b35-42b0-9a51-93794aa7d4e3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================