Fix result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by User (16-07-2021 15:17:11) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
createrestorepoint:
AV: ESET Security (Enabled - Out of date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
FW: ESET Firewall (Disabled) {B066057A-E576-007C-D591-56C163D3B33B}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
C:\Program Files (x86)\Lavasoft
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-25] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Homepage: Mozilla\Firefox\Profiles\aq9k7zhw.default -> hxxps://poshukach.com?fr=ps&gp=496724&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\aq9k7zhw.default -> hxxps://poshukach.com?fr=ps&gp=496724&altserp=1
CHR DefaultSearchURL: Default -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496724&altserp=1
CHR DefaultSearchKeyword: Default -> poshukach engin search
CHR DefaultSuggestURL: Default -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-02-25] (LAVASOFT SOFTWARE CANADA INC -> )
2021-07-14 23:25 - 2021-07-15 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-07-14 23:25 - 2021-07-14 23:25 - 000000000 ____D C:\ProgramData\GridinSoft
2021-07-14 15:41 - 2021-07-14 15:41 - 000000000 ____D C:\Users\User\AppData\Local\Zemana
2021-07-14 15:41 - 2021-07-14 15:41 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-07-15 14:14 - 2018-08-01 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2021-07-15 14:14 - 2018-08-01 13:56 - 000000000 ____D C:\Program Files\KMSpico
2019-10-28 20:35 - 2019-10-28 20:35 - 000021066 _____ () C:\Users\User\AppData\Local\kritacrash.log
2020-05-14 01:04 - 2020-05-14 01:04 - 000000039 _____ () C:\Users\User\AppData\Local\kritadisplayrc
2019-03-22 16:39 - 2020-05-14 01:04 - 000014999 _____ () C:\Users\User\AppData\Local\kritarc
cmd: cscript %windir%\System32\slmgr.vbs /dli
cmd: netsh advfirewall reset
emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"AV: ESET Security (Enabled - Out of date) {885D845F-AF19-0124-FECE-FFF49D00F440}" => removed successfully
"AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}" => removed successfully
"FW: ESET Firewall (Disabled) {B066057A-E576-007C-D591-56C163D3B33B}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\McAfeeSafeConnect" => removed successfully
"HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\McAfeeSafeConnect" => not found
"C:\Program Files (x86)\Lavasoft" => not found
"HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
WCAssistantService => service not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware => moved successfully
C:\ProgramData\GridinSoft => moved successfully
C:\Users\User\AppData\Local\Zemana => moved successfully
C:\Program Files (x86)\Zemana => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico => moved successfully
C:\Program Files\KMSpico => moved successfully
C:\Users\User\AppData\Local\kritacrash.log => moved successfully
C:\Users\User\AppData\Local\kritadisplayrc => moved successfully
C:\Users\User\AppData\Local\kritarc => moved successfully

========= cscript %windir%\System32\slmgr.vbs /dli =========

Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.


Name: Windows(R), Professional edition
Description: Windows(R) Operating System, VOLUME_KMSCLIENT channel
Partial Product Key: T83GX
License Status: Notification
Notification Reason: 0xC004F056.
Configured Activation Type: All
Please use slmgr.vbs /ato to activate and update KMS client information in order to update values.



========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10659537 B
Java, Flash, Steam htmlcache => 104790694 B
Windows/system/drivers => 0 B
Edge => 33358 B
Chrome => 5273224 B
Firefox => 59973116 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 1087640 B
NetworkService => 1102954 B
User => 76055672 B

RecycleBin => 1385362530 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:29:20 ====