Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2021 Ran by nlaun (09-08-2021 18:44:46) Running from C:\Users\nlaun\OneDrive\Bureau Windows 10 Home Version 20H2 19042.985 (X64) (2020-11-09 06:22:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2547849061-2848747678-2711715184-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2547849061-2848747678-2711715184-503 - Limited - Disabled) Guest (S-1-5-21-2547849061-2848747678-2711715184-501 - Limited - Disabled) nlaun (S-1-5-21-2547849061-2848747678-2711715184-1001 - Administrator - Enabled) => C:\Users\nlaun WDAGUtilityAccount (S-1-5-21-2547849061-2848747678-2711715184-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.79 - ICEpower a/s) CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) Hidden CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Dashlane (HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Dashlane) (Version: 4.7.2.30899 - Dashlane, Inc.) Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.) Driver Easy 5.6.15 (HKLM\...\DriverEasy_is1) (Version: 5.6.15 - Easeware) Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.485.1 - Dropbox, Inc.) Hidden Foxit PhantomPDF (HKLM-x32\...\{E40149BB-552F-44C8-A10F-4188ADC5AD70}) (Version: 7.0.510.429 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.61 - Janos Mathe) IJ Network Device Setup Utility (HKLM-x32\...\IJ Network Device Setup Utility) (Version: 1.10.0 - Canon Inc.) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation) IntelĀ® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.67 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8564 - Realtek Semiconductor Corp.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.609 - McAfee, LLC) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS) Windows Video Editor 2021 (HKLM\...\{9CC29C6A-B5FE-497B-8F23-52A2557A92D9}}_is1) (Version: - VideoWin) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115}) (Version: 22.0.12670 - Corel Corporation) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5178 - Kingsoft Corp.) Packages: ========= iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-05-23] (Apple Inc.) [Startup Task] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios) [MS Ad] Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-10-20] (MAGIX) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-10-20] (Netflix, Inc.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0 [2021-08-07] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-04-30] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-11-02] (Corel Corporation -> WinZip Computing, S.L.) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-11-02] (Corel Corporation -> WinZip Computing, S.L.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-11-02] (Corel Corporation -> WinZip Computing, S.L.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-08-03 14:22 - 2021-08-03 14:22 - 000352000 _____ (Corel Corporation -> ) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\Plugins\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.5.1.6\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.5.1.6.dll 2017-09-01 06:15 - 2017-09-01 06:15 - 002227456 _____ (Corel Corporation -> WinZip) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\SystemInfo-vc100-mt.dll 2016-04-12 11:54 - 2015-10-02 21:23 - 001439184 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll 2016-04-12 11:55 - 2015-10-02 21:22 - 001710568 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-08-03] (McAfee, LLC -> McAfee, LLC) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-08-03] (McAfee, LLC -> McAfee, LLC) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2015-10-30 02:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\nlaun\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\P1170678.JPG DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\StartupApproved\Run: => "DashlanePlugin" HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_26CF19BDFAD3D4D481529FAF475D70FF" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BE2092D4-3426-4DDD-9104-7DFA30737556}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{69DF8972-A769-4705-B234-08EEE2BA1593}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{06A20EE4-AB32-4CDE-93DB-B8D23CF0B8EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{EC1E69B5-684C-460E-8D2E-9041B9BF477B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH) FirewallRules: [{C8B23C29-E828-4AD2-BE04-F36FBCE6F690}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{72A580AE-BDA2-402B-858E-DB74E18B363E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{113640D6-B4CF-429F-A217-0DC2EB4BD0D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C7922B5B-D548-4FFD-B8D6-8773DD78BF2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{747A3A69-70B1-42FD-823B-629291640160}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{18C190CC-142B-4992-A545-2071B66D926C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{8A56CF3D-7AE2-4824-9C0B-CE281F94BBA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A554A4B9-D823-470C-ADF9-0E501E232BD4}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File FirewallRules: [{DBED508D-EDDA-4D78-9D24-8F0FDE42C779}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B309EF0D-AB9B-49BC-B96C-49558904AD9A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CDB50FEC-1837-4153-9A7C-0BB53EC04509}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{52C26732-9104-4564-AE8A-2C7AD7939447}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5696A33F-D044-4953-AC42-749F7060DB36}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware) FirewallRules: [{7DEE35A4-397C-4A20-A1BC-06A0DF8365C4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D3ABB292-4852-4C05-8A2E-4EE2E109DB43}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FA197DAD-7D1E-45D1-A9B9-7D46A38B8B1D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{9C79EEF6-177B-4F01-B75E-58A27A38EA4B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{879406A6-D731-4891-AB44-B5B73B43A827}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{40160E98-E7D9-44F3-84E6-2F7811F7B879}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3A3DC85C-A954-4A1B-805B-4FAA6E1ADB39}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{AA66CD6D-1636-4471-BF00-987B11D1A9D0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C6F85FFD-F3BE-4F4E-9463-E77D924AAFE6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{9529A940-CCF6-4345-A003-C33B02CA2652}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{076C178E-1070-44FE-93D1-C3952CC32139}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{49875C29-69B9-494E-AEB8-C5AE6F434B33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{12BE6770-1F5F-46B6-B61E-CCB9AB5E1930}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{74F1ADEC-C22E-4C64-BA24-E2950BAC375A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3F5A1119-F9CF-400B-A346-8970ED4D68DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4A8741C3-DE31-4AC3-A4EC-588D92E1754C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0294A15A-892A-4E67-9733-F78ECB242645}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) ==================== Restore Points ========================= 02-06-2021 20:46:42 Scheduled Checkpoint 06-08-2021 21:17:33 Scheduled Checkpoint 06-08-2021 21:30:19 Removed Evernote v. 5.9.1 09-08-2021 18:18:48 Windows Modules Installer 09-08-2021 18:27:16 Windows Modules Installer 09-08-2021 18:32:54 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/09/2021 05:59:06 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 117867584 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/09/2021 05:59:06 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 117867583 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/09/2021 05:59:06 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 117867582 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/08/2021 04:12:08 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 25037233 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/08/2021 04:12:08 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 25037232 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/08/2021 04:12:08 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 25037232 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/08/2021 09:15:30 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 39748 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/08/2021 09:15:30 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 39746 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] System errors: ============= Error: (08/08/2021 09:17:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/08/2021 09:17:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect. Error: (08/08/2021 09:15:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/08/2021 09:15:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect. Error: (08/08/2021 09:13:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ET78V9H) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/08/2021 09:13:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ET78V9H) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/08/2021 09:13:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ET78V9H) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/07/2021 10:06:43 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-ET78V9H) Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error: "2147942405" Happened while starting this command: C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} Windows Defender: ================ Date: 2020-11-09 19:43:16 Description: Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version. Security intelligence Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Security intelligence version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 CodeIntegrity: =============== Date: 2021-08-08 09:00:59 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-08-08 08:58:48 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. K501LX.206 09/16/2015 Motherboard: ASUSTeK COMPUTER INC. K501LX Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz Percentage of memory in use: 87% Total physical RAM: 3998.41 MB Available physical RAM: 507.9 MB Total Virtual: 9998.41 MB Available Virtual: 4315.31 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:371.39 GB) (Free:258.97 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:93.91 GB) NTFS \\?\Volume{83988915-d6f0-43c8-af84-c8feb94834c4}\ () (Fixed) (Total:0.95 GB) (Free:0.39 GB) NTFS \\?\Volume{b7d479d3-83fb-4410-88d2-c1593ab815b4}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E2EA090C) Partition: GPT. ==================== End of Addition.txt =======================