Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2021 Ran by User (19-08-2021 19:05:19) Running from C:\Users\User\Desktop Windows 10 Home Version 20H2 19042.1165 (X64) (2021-05-29 08:19:40) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-127966655-3041496052-59511839-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-127966655-3041496052-59511839-503 - Limited - Disabled) Guest (S-1-5-21-127966655-3041496052-59511839-501 - Limited - Disabled) User (S-1-5-21-127966655-3041496052-59511839-1001 - Administrator - Enabled) => C:\Users\User WDAGUtilityAccount (S-1-5-21-127966655-3041496052-59511839-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Abandoned: Chestnut Lodge Asylum (HKLM-x32\...\BFG-Abandoned - Chestnut Lodge Asylum) (Version: - ) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.6.2474 - Avast Software) Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.1.10 - ) f.lux (HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\Flux) (Version: - f.lux Software LLC) Intel(R) Chipset Device Software (HKLM-x32\...\{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel(R) Corporation) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.7.19.0 - Lenovo Group Ltd.) LibreOffice 7.1.5.2 (HKLM\...\{4F0D0C39-A2CD-4908-AA4C-A1CC9BDCD71A}) (Version: 7.1.5.2 - The Document Foundation) Logitech SetPoint 6.70 (HKLM\...\sp6) (Version: 6.70.55 - Logitech) Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14228.20250 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.73 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 91.0.1 (x64 en-US)) (Version: 91.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 89.0.2 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Smart Defrag 7 (HKLM-x32\...\Smart Defrag_is1) (Version: 7.0.0.62 - IObit) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Agency of Anomalies: Cinderstone Orphanage (HKLM-x32\...\BFG-The Agency of Anomalies - Cinderstone Orphanage) (Version: - ) The Agency of Anomalies: Mind Invasion (HKLM-x32\...\BFG-The Agency of Anomalies - Mind Invasion) (Version: - ) The Agency of Anomalies: Mystic Hospital (HKLM-x32\...\BFG-The Agency of Anomalies - Mystic Hospital) (Version: - ) The Agency of Anomalies: The Last Performance (HKLM-x32\...\BFG-The Agency of Anomalies - The Last Performance) (Version: - ) Zoom (HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\ZoomUMX) (Version: 5.6.7 (1016) - Zoom Video Communications, Inc.) Packages: ========= AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Corporation) Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20800.804.0_x64__rz1tebttyb220 [2021-03-04] (Dolby Laboratories) Elevoc Vocplus System -> C:\Program Files\WindowsApps\ElevocTechnologyCo.Ltd.ElevocVocplusSystem_1.0.29.0_x64__ttaqwwhyt5s6t [2021-07-01] (Elevoc Technology Co., Ltd.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-24] (HP Inc.) IntelĀ® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-24] (INTEL CORP) [Startup Task] Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.0.44.0_x64__5grkq8ppsgwt4 [2021-07-15] (LENOVO INC) [Startup Task] Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2105.16.0_x64__k1h2ywk1493x8 [2021-06-03] (LENOVO INC.) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-04] (Microsoft Studios) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-17] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.19.234.0_x64__dt26b99r8h8gj [2021-03-04] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0 [2021-08-19] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-08-04] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-03-04 23:36 - 2021-03-04 23:36 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2021-03-04 23:36 - 2021-03-04 23:36 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270] AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0 [430] AlternateDataStreams: C:\ProgramData\TEMP:45936E12 [486] AlternateDataStreams: C:\ProgramData\TEMP:4C1D9362 [196] AlternateDataStreams: C:\ProgramData\TEMP:5164A01F [496] AlternateDataStreams: C:\ProgramData\TEMP:51E66512 [227] AlternateDataStreams: C:\ProgramData\TEMP:551BED5F [203] AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 [446] AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72 [456] AlternateDataStreams: C:\ProgramData\TEMP:8732B03A [490] AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD [478] AlternateDataStreams: C:\ProgramData\TEMP:BF9D6105 [486] AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [478] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-127966655-3041496052-59511839-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=LCTE HKU\S-1-5-21-127966655-3041496052-59511839-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE HKU\S-1-5-21-127966655-3041496052-59511839-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/ BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2020-11-20] (Logitech Inc -> Logitech, Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-06-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2020-11-20] (Logitech Inc -> Logitech, Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-28] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-28] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-28] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-28] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7940 more sites. IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-127966655-3041496052-59511839-1001\...\123simsen.com -> www.123simsen.com There are 7940 more sites. ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 04:14 - 2021-08-17 17:44 - 000454574 ____R C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15603 more lines. ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-127966655-3041496052-59511839-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F1AE6852-83AF-41B4-A64F-E92D95291784}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{174B3D6C-8CF0-4509-8C3C-E200472F1A5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{DB772E2A-9548-4EC8-A5A7-4832A00CE34E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{057C7857-46BD-49DD-A1F7-F0B8C0C9D7CB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{3F30A360-49DE-4143-A938-275BD385C315}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{FC94C90E-BDC9-41BA-B59F-6F3C08BE0C82}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{05497EFE-1E85-46E6-88EB-1AFF1353D08A}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{F406400E-1821-465F-B85A-313216D7A2B9}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{2998401E-8E45-403D-B6EE-A157DA30B682}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{66715A2E-2AEC-4543-A438-95A0362FB095}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D09D6BD1-BFE5-4068-B10B-DD87A203EE69}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A649BD9F-D648-4A10-8027-69B5F67D1AAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8407649B-0406-434F-85BF-C67900C0E504}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5B1A6B49-A5CD-4097-8D42-847A42E64EFB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{FF2355A1-DD76-4C0F-B194-F05AFAE0CD35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A93B5401-44A7-44AA-9F6E-0103312E8392}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{86C98733-9E82-4A7B-98D5-D079F560D890}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{794DC057-0C39-4331-B595-4BFCD4A7CF3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{DFFC92BE-21E7-47FC-945F-7E1243C91575}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{83E850EB-5C36-40F5-8444-5C4A63B76EF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{13D49FDF-B374-46D0-83FB-7B15B39C8239}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service ==================== Restore Points ========================= 17-08-2021 14:43:30 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/19/2021 11:37:26 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-DDK31LC2$ via https://INTC-KeyId-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps Method: GET(625ms) Stage: GetCACaps The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (08/19/2021 01:50:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Lenovo.Modern.ImController.PluginHost.Device.exe, version: 1.1.20.2, time stamp: 0x6108c676 Faulting module name: SLSCore.dll_unloaded, version: 1.0.0.871, time stamp: 0x60d64b5d Exception code: 0xc0000005 Fault offset: 0x00169f20 Faulting process id: 0x29d4 Faulting application start time: 0x01d7946f2deff1a8 Faulting application path: C:\Windows\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe Faulting module path: SLSCore.dll Report Id: 17948827-14f5-404c-ac64-668cd24295d3 Faulting package full name: Faulting package-relative application ID: Error: (08/19/2021 01:50:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Lenovo.Modern.ImController.PluginHost.Device.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 63079F20 Error: (08/18/2021 03:22:52 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-DDK31LC2$ via https://INTC-KeyId-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"intc-keyid-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Wed, 18 Aug 2021 20:22:51 GMT Content-Length: 122 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: cc70d475-3910-48cd-8ad0-7cdb3e519c90 Method: GET(891ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/18/2021 01:31:29 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-DDK31LC2$ via https://INTC-KeyId-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"intc-keyid-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Wed, 18 Aug 2021 18:31:28 GMT Content-Length: 122 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 56de69da-969d-4474-a9da-7316fcff2902 Method: GET(2140ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/17/2021 08:15:49 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-DDK31LC2$ via https://INTC-KeyId-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"intc-keyid-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Wed, 18 Aug 2021 01:15:48 GMT Content-Length: 122 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: e86463fa-07c7-4d6a-8fc2-63284b7fd0cc Method: GET(1172ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/17/2021 12:35:44 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-DDK31LC2$ via https://INTC-KeyId-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"intc-keyid-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Tue, 17 Aug 2021 17:35:42 GMT Content-Length: 122 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 2aa1a370-f0b9-4905-9299-7d171a3b24bc Method: GET(1344ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (08/17/2021 12:10:47 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-DDK31LC2$ via https://INTC-KeyId-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"intc-keyid-6301daf571b821515a03d4689057201d9ca42c9d.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Tue, 17 Aug 2021 17:10:45 GMT Content-Length: 122 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 4a47617b-4182-4156-a41a-675074966f3a Method: GET(594ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) System errors: ============= Error: (08/19/2021 04:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (08/19/2021 04:46:30 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\User~1\AppData\Local\Temp\ehdrv.sys Error: (08/19/2021 04:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (08/19/2021 04:46:30 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\User~1\AppData\Local\Temp\ehdrv.sys Error: (08/19/2021 04:46:30 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\User~1\AppData\Local\Temp\ehdrv.sys Error: (08/19/2021 04:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (08/19/2021 04:46:30 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\User~1\AppData\Local\Temp\ehdrv.sys Error: (08/19/2021 04:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Windows Defender: ================ Date: 2021-05-28 16:12:10 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-19 11:37:44 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1577.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-08-19 11:37:44 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1577.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-08-19 11:37:44 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1577.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-08-19 11:37:44 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1577.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2021-08-19 11:37:44 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1577.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =============== Date: 2021-08-19 19:03:01 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: LENOVO GGCN26WW 04/25/2021 Motherboard: LENOVO LNVNB161216 Processor: 11th Gen Intel(R) Core(TM) i3-1115G4 @ 3.00GHz Percentage of memory in use: 64% Total physical RAM: 7991.3 MB Available physical RAM: 2807.56 MB Total Virtual: 9271.3 MB Available Virtual: 3735.52 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:870.46 GB) NTFS \\?\Volume{b1b0d02d-ecb6-4a60-9113-4c61d36af3f7}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS \\?\Volume{fe5c744e-612d-4c6c-8ec9-41104b32fc2c}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 28A6A6C6) Partition: GPT. ==================== End of Addition.txt =======================