Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2021 Ran by nlaun (15-08-2021 13:13:18) Running from C:\Users\nlaun\OneDrive\Bureau Windows 10 Home Version 21H1 19043.1165 (X64) (2021-08-11 06:44:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2547849061-2848747678-2711715184-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2547849061-2848747678-2711715184-503 - Limited - Disabled) Guest (S-1-5-21-2547849061-2848747678-2711715184-501 - Limited - Disabled) nlaun (S-1-5-21-2547849061-2848747678-2711715184-1001 - Administrator - Enabled) => C:\Users\nlaun WDAGUtilityAccount (S-1-5-21-2547849061-2848747678-2711715184-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.79 - ICEpower a/s) CrystalDiskInfo 8.11.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.11.2 - Crystal Dew World) Dashlane (HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Dashlane) (Version: 4.7.2.30899 - Dashlane, Inc.) Foxit PhantomPDF (HKLM-x32\...\{E40149BB-552F-44C8-A10F-4188ADC5AD70}) (Version: 7.0.510.429 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) IJ Network Device Setup Utility (HKLM-x32\...\IJ Network Device Setup Utility) (Version: 1.10.0 - Canon Inc.) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.73 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OpenOffice 4.1.8 (HKLM-x32\...\{963FD672-F116-4AE3-AE25-84B576E610A7}) (Version: 4.18.9803 - Apache Software Foundation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8564 - Realtek Semiconductor Corp.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS) Windows Video Editor 2021 (HKLM\...\{9CC29C6A-B5FE-497B-8F23-52A2557A92D9}}_is1) (Version: - VideoWin) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5178 - Kingsoft Corp.) Packages: ========= iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa [2021-08-10] (Apple Inc.) [Startup Task] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios) [MS Ad] Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-10-20] (MAGIX) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-10-20] (Netflix, Inc.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0 [2021-08-07] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-04-30] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-08-21] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-08-10 20:29 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2016-04-12 11:55 - 2015-10-02 21:22 - 001710568 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 02:24 - 2015-10-30 02:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\nlaun\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\P1170678.JPG DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: ASLDRService => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: ATKGFNEXSrv => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DevActSvc => 3 MSCONFIG\Services: esifsvc => 2 MSCONFIG\Services: GamesAppIntegrationService => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: GfExperienceService => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: ICEsoundService => 2 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) Security Assist => 3 MSCONFIG\Services: isaHelperSvc => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: NvNetworkService => 2 MSCONFIG\Services: NvStreamSvc => 2 MSCONFIG\Services: RichVideo64 => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: WinZip Compression Smart Monitor Service => 2 HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\StartupApproved\Run: => "DashlanePlugin" HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_26CF19BDFAD3D4D481529FAF475D70FF" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BC28AC88-FD3A-4D05-BF86-2DABB2851B0C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8D1159D7-36F8-4FAD-AFEA-02A8EAECA298}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3ACECB29-2124-417B-A6EB-581BEEEB7E6D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8FF20B0B-84CE-442F-91F2-E3DD11E62B81}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7E26316C-A4BC-4CEE-9923-F2C8F11222D7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{58635010-D898-4D11-AFC8-3E7EA7C018DD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B353AC2F-D4C0-4BBF-A8DB-451A4766DDAD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A51195DC-087E-4391-B6B1-90FC8DC443A6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12114.15.53119.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0294A15A-892A-4E67-9733-F78ECB242645}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4A8741C3-DE31-4AC3-A4EC-588D92E1754C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3F5A1119-F9CF-400B-A346-8970ED4D68DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{74F1ADEC-C22E-4C64-BA24-E2950BAC375A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{12BE6770-1F5F-46B6-B61E-CCB9AB5E1930}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{49875C29-69B9-494E-AEB8-C5AE6F434B33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{076C178E-1070-44FE-93D1-C3952CC32139}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9529A940-CCF6-4345-A003-C33B02CA2652}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C6F85FFD-F3BE-4F4E-9463-E77D924AAFE6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{52C26732-9104-4564-AE8A-2C7AD7939447}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CDB50FEC-1837-4153-9A7C-0BB53EC04509}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B309EF0D-AB9B-49BC-B96C-49558904AD9A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DBED508D-EDDA-4D78-9D24-8F0FDE42C779}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8A56CF3D-7AE2-4824-9C0B-CE281F94BBA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{18C190CC-142B-4992-A545-2071B66D926C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{747A3A69-70B1-42FD-823B-629291640160}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C7922B5B-D548-4FFD-B8D6-8773DD78BF2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File FirewallRules: [{113640D6-B4CF-429F-A217-0DC2EB4BD0D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File FirewallRules: [{72A580AE-BDA2-402B-858E-DB74E18B363E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C8B23C29-E828-4AD2-BE04-F36FBCE6F690}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) ==================== Restore Points ========================= 14-08-2021 17:01:59 ZHPcleaner 14-08-2021 17:23:04 AdwCleaner_BeforeCleaning_14/08/2021_17:23:03 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/15/2021 12:45:13 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 69580314 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/15/2021 12:45:13 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 69580313 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/15/2021 12:45:13 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 69580285 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/14/2021 05:26:01 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 28414 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/14/2021 05:26:01 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 28411 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/14/2021 05:26:01 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY) Description: ESIF(8.4.11000.6436) TYPE: ERROR MODULE: DPTF TIME 28410 ms DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\..\Sources\Policies\ConfigTdpPolicy\ConfigTdpPolicy.cpp @ line 206 Executing Function: ConfigTdpPolicy::onDomainPowerControlCapabilityChanged Message: DPTF Build Version: 8.4.11000.6436 DPTF Build Date: Apr 27 2018 16:54:10 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 539 Executing Function: EsifServices::primitiveExecuteSetAsTimeInMilliseconds Message: Error returned from ESIF services interface function call Participant: TCPU [0] Domain: PKG [0] ESIF Primitive: SET_RAPL_POWER_LIMIT_TIME_WINDOW [340] ESIF Instance: 0 ESIF Return Code: ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404] Participant: TCPU [0] Domain: PKG [0] Policy: ConfigTDP Policy [0] Error: (08/14/2021 05:24:53 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (08/14/2021 05:24:53 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] System errors: ============= Error: (08/14/2021 05:28:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee WebAdvisor service failed to start due to the following error: The system cannot find the file specified. Error: (08/14/2021 05:26:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The luminati_net_updater_win_hola_chrome_ext_hola_org service failed to start due to the following error: The system cannot find the file specified. Error: (08/14/2021 05:22:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Brightdata Service (win_hola.chrome.ext.hola.org) service failed to start due to the following error: The system cannot find the file specified. Error: (08/14/2021 05:21:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Brightdata Service (win_hola.chrome.ext.hola.org) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (08/14/2021 03:42:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee WebAdvisor service failed to start due to the following error: The system cannot find the file specified. Error: (08/14/2021 03:42:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service hung on starting. Error: (08/14/2021 03:34:38 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:51:18 PM on ‎8/‎13/‎2021 was unexpected. Error: (08/13/2021 05:13:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee WebAdvisor service failed to start due to the following error: The system cannot find the file specified. Windows Defender: ================ Date: 2021-08-14 18:43:29 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-14 18:33:33 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-14 18:28:30 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-14 16:56:08 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-14 16:17:22 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-08-14 15:54:37 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.345.478.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18400.4 Error code: 0x80070102 Error description: The wait operation timed out. ==================== Memory info =========================== BIOS: American Megatrends Inc. K501LX.206 09/16/2015 Motherboard: ASUSTeK COMPUTER INC. K501LX Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz Percentage of memory in use: 78% Total physical RAM: 3998.41 MB Available physical RAM: 850.31 MB Total Virtual: 9998.41 MB Available Virtual: 6246.68 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:371.39 GB) (Free:243.21 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:100.04 GB) NTFS \\?\Volume{83988915-d6f0-43c8-af84-c8feb94834c4}\ () (Fixed) (Total:0.95 GB) (Free:0.36 GB) NTFS \\?\Volume{b7d479d3-83fb-4410-88d2-c1593ab815b4}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E2EA090C) Partition: GPT. ==================== End of Addition.txt =======================