Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-06-2021
Ran by El phenomeno (10-06-2021 06:41:21)
Running from C:\Users\user\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2021-05-04 22:40:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4079815856-2642852288-1539777573-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4079815856-2642852288-1539777573-503 - Limited - Disabled)
El phenomeno (S-1-5-21-4079815856-2642852288-1539777573-1001 - Administrator - Enabled) => C:\Users\user
Guest (S-1-5-21-4079815856-2642852288-1539777573-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4079815856-2642852288-1539777573-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Out of date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Out of date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\uTorrent) (Version: 3.5.5.46010 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Android Data Recovery (HKLM-x32\...\Android Data Recovery) (Version: - Tenorshare, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Artlantis Studio 4.0 (HKLM\...\Artlantis Studio 4) (Version: 4.0.13 - Abvent R&D)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.4.2464 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 91.0.9927.78 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.5.510 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.81 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0492 - Disc Soft Ltd)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dragon Ball FighterZ (HKLM-x32\...\Dragon Ball FighterZ_is1) (Version: - )
DriverPack Notifier (HKLM-x32\...\DriverPack Notifier) (Version: 2.2.1 - DriverPack Solution)
Dropbox (HKLM-x32\...\Dropbox) (Version: 123.4.4832 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
FormatFactory 3.00 (HKLM-x32\...\FormatFactory) (Version: 3.00 - Free Time)
God of War - Collection v1.0 (HKLM-x32\...\{FFF02674-5DE9-4A78-A6D1-68E5B9ACF012}_is1) (Version: 1.0 - Santa Monica Studio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.101 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 48.0.13.0 - Google LLC)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IDM Crack 6.30 build 7 (HKLM-x32\...\IDM Crack 6.30 build 7) (Version: 6.30 build 7 - Crackingpatching.com Team)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.16 - Lenovo) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
Mafia 3 (HKLM-x32\...\Mafia 3_is1) (Version: - )
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.3.138.1 - McAfee, LLC)
Micro Application - 38 Dictionnaires et Recueils de Correspondance (HKLM-x32\...\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}) (Version: 1.0.0.0 - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.41 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2016 - fr-fr (HKLM\...\ProPlusRetail - fr-fr) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.00.03 - Huawei Technologies Co.,Ltd)
NBA 2K18 (HKLM-x32\...\NBA 2K18_is1) (Version: - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
PS3-Driver (HKLM-x32\...\{DFA3EE9E-CC54-48F7-ABC0-50ADB60CDE0B}) (Version: 1.00.0000 - My-power)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Mouse version 3.008 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.008 - Remote Mouse)
Resident Evil 4 1.10 (HKLM-x32\...\Resident Evil 4_is1) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RomStation (HKLM-x32\...\{223B62A8-F6FF-4BEB-BC17-230D12723CD0}_is1) (Version: - RomStation)
Ruban 38 Dictionnaires et Recueils de Correspondance (HKLM-x32\...\{3A7FEC18-9888-4DA6-95EB-9B59D2C90DB4}) (Version: 1.0.0 - L'Aventure)
TEKKEN 7 (HKLM-x32\...\TEKKEN 7_is1) (Version: - )
Telegram Desktop version 1.7.14 (HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.7.14 - Telegram Messenger LLP)
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
Ultimate Marvel vs. Capcom 3 (HKLM-x32\...\Ultimate Marvel vs. Capcom 3_is1) (Version: - )
Ultra Video Splitter 6.4.1208 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Web Companion (HKLM-x32\...\{b1ebc0ad-0e76-458d-b903-b50c19f789fe}) (Version: 7.0.2417.4248 - Lavasoft)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
Youtube Downloader HD v. 2.9.9.42 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-07-24] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.192.300.0_x86__kgqvnymyfvs32 [2021-05-04] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-05-04] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-05-04] (Microsoft Studios) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-07-25] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.1.0_x64__nfy108tqq3p12 [2021-03-22] (Thumbmunkeys Ltd)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-29] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4079815856-2642852288-1539777573-1001_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\25.1.63.1725\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-4079815856-2642852288-1539777573-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-4079815856-2642852288-1539777573-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\user\Dropbox [2017-10-26 00:11]
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\48.0.13.0\drivefsext.dll [2021-05-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\48.0.13.0\drivefsext.dll [2021-05-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\48.0.13.0\drivefsext.dll [2021-05-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\48.0.13.0\drivefsext.dll [2021-05-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\48.0.13.0\drivefsext.dll [2021-05-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-21] (Corel Corporation -> WinZip Computing, S.L.)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-03] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\48.0.13.0\drivefsext.dll [2021-05-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-03] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-21] (Corel Corporation -> WinZip Computing, S.L.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\48.0.13.0\drivefsext.dll [2021-05-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-22] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-03] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-21] (Corel Corporation -> WinZip Computing, S.L.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [25640 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [70200 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [70712 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [23080 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [66104 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [66104 2013-08-05] (Bandisoft -> )

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-02-20 00:21 - 2003-07-17 22:53 - 000217152 _____ () [File not signed] C:\Program Files (x86)\Micro Application\38 Dictionnaires et Recueils de Correspondance\SoundDll.DLL
2017-02-20 00:22 - 2007-07-07 05:27 - 003160576 _____ (L'Aventure Multimedia) [File not signed] C:\WINDOWS\MediaDico38Dll.Dll
2017-02-20 00:22 - 2006-05-09 05:02 - 000208992 _____ (L'Aventure MultiMedia) [File not signed] C:\WINDOWS\RACHook38.DLL
2019-03-06 21:24 - 2018-12-18 21:58 - 001404416 _____ (Remote Mouse) [File not signed] C:\Program Files (x86)\Remote Mouse\windows_api.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-4079815856-2642852288-1539777573-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180527__yaie&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-07-26 16:44 - 2019-07-26 16:47 - 000000908 _____ C:\WINDOWS\system32\drivers\etc\hosts
208.77.22.203 us-east-033.whiskergalaxy.com #added by Windscribe, do not modify.

2017-07-21 20:13 - 2021-05-11 13:50 - 000000575 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
40 13 546
8.137.1 lenovo.mshome.net # 2022 8 5 19 6 51 50 537
01
773

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4079815856-2642852288-1539777573-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.43.105
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D364725B-DC07-4F48-8CF7-8A3E80B060C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46DF8C96-E448-4EAA-9798-9C2CC849879B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17CFC178-E5BB-4FED-BF9B-35DC2259A6F3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{739AC42D-8E22-4302-95C5-758344705256}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{265FECBD-972A-4361-8A21-916FF90D04A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14E628ED-E4FF-4E32-A65F-7B6E83C081B9}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6C3A35E6-2B87-4248-A199-5E049A7A8CF5}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B6AC6A49-8089-458E-B4CE-CBA17838172D}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F2934610-DDCA-44E7-8D2F-F8D0B5027F00}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{005CD8E5-2A61-467E-BD31-E909FE0AD34E}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{9497878A-A8A3-4332-A900-6EE4419EEBD0}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{E82E8C09-F814-4042-8BAD-BEDF527FE656}C:\program files (x86)\dzrepack games\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\dzrepack games\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{B5BCAA4F-9CE5-4DD2-BDC0-1D8B684296F4}C:\program files (x86)\dzrepack games\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\dzrepack games\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{8A1FD010-E2BD-4E47-B825-3F9BA3F01560}C:\program files (x86)\r.g. mechanics\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe => No File
FirewallRules: [TCP Query User{22FBA987-0DDB-4CC7-9B09-57C2BFBE83FF}C:\program files (x86)\r.g. mechanics\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dmc - devil may cry\binaries\win32\dmc-devilmaycry.exe => No File
FirewallRules: [{19040405-5867-4945-B252-E18436906577}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DA9BE194-5EED-4D48-A79B-6DFE167DB7E0}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{92C336E3-2FD8-4378-B689-9BD723D35039}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{22A28A73-F9AE-4835-93B7-43EB5DB60C26}C:\program files\fifa 17\fifa17.exe] => (Allow) C:\program files\fifa 17\fifa17.exe => No File
FirewallRules: [UDP Query User{2E527AA1-7435-4DFE-99A1-686BD2D6A108}C:\program files\fifa 17\fifa17.exe] => (Allow) C:\program files\fifa 17\fifa17.exe => No File
FirewallRules: [TCP Query User{6DE96639-D44C-4B19-BDD4-ED29BD5BACD3}F:\games\killer instinct\killerinstinctx64_r.exe] => (Allow) F:\games\killer instinct\killerinstinctx64_r.exe => No File
FirewallRules: [UDP Query User{8B6F3A66-FD67-48AC-84E8-5B2B0E2A6399}F:\games\killer instinct\killerinstinctx64_r.exe] => (Allow) F:\games\killer instinct\killerinstinctx64_r.exe => No File
FirewallRules: [TCP Query User{0BDAC01F-F7F4-4E8B-9D13-767AE792996E}C:\program files (x86)\activision\blur(tm)\blur.exe] => (Allow) C:\program files (x86)\activision\blur(tm)\blur.exe => No File
FirewallRules: [UDP Query User{4D9DDA4C-FC9E-4291-82EE-7B6AA4B173ED}C:\program files (x86)\activision\blur(tm)\blur.exe] => (Allow) C:\program files (x86)\activision\blur(tm)\blur.exe => No File
FirewallRules: [{FE53797C-F975-4341-8044-B080423A94EC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A80D05B8-C341-49FC-9471-B8C4058665D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{093DA68A-4762-44DD-9484-E82D3971E47B}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{FDDF230B-D4E2-417E-A96B-A548A302C595}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{2A42C117-CE0C-4967-ADDC-EE5666B2D9AD}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{6CF6DF68-B4BB-44B5-9C58-21EC7CC4F878}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{579B36E0-3B99-4F3E-BB1C-C56CE46B7D61}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A0B1A38-C664-4DC4-8354-AA327D535264}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9F2E8B66-FE9F-4EC3-A176-DCB8D305FAB7}C:\program files\artlantis studio 4\qtsocketserver.exe] => (Allow) C:\program files\artlantis studio 4\qtsocketserver.exe () [File not signed]
FirewallRules: [UDP Query User{E8A9129F-CD86-4867-804A-E1CDC5DE2665}C:\program files\artlantis studio 4\qtsocketserver.exe] => (Allow) C:\program files\artlantis studio 4\qtsocketserver.exe () [File not signed]
FirewallRules: [{05D0BA64-7E38-4DAD-95AC-2C109378190A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{CB35CA9B-296B-4BBC-9F8C-D20A32993E2D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{1D3CCF0B-A059-4CDC-AE7F-F72715834FDE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{77C1DDA5-CD0D-4496-A93D-213A6232B7FB}C:\program files\artlantis studio 4\artlantisstudio.exe] => (Allow) C:\program files\artlantis studio 4\artlantisstudio.exe (Abvent) [File not signed]
FirewallRules: [UDP Query User{824965B3-2270-43A3-ACFE-9E9AFD81A977}C:\program files\artlantis studio 4\artlantisstudio.exe] => (Allow) C:\program files\artlantis studio 4\artlantisstudio.exe (Abvent) [File not signed]
FirewallRules: [TCP Query User{AFE8E70A-F322-4564-8A27-C30D98E79FA3}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{5D0BE99A-C034-4F74-9A12-9B1FEB5460D5}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [{3DB9E26E-7F22-4395-A62A-728EF023DDE0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9CE097B1-0B09-400A-9300-0FBB193F19AE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E673E9FA-A038-4855-820B-2471D3897135}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

08-06-2021 20:56:57 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/10/2021 06:25:35 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (06/10/2021 06:23:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/10/2021 06:22:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {dd438dbf-3d0a-4d6a-9520-08901658ba99}

Error: (06/09/2021 11:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msedge.exe, version: 90.0.818.56, time stamp: 0x60934f68
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xe0000008
Fault offset: 0x0000000000034b59
Faulting process id: 0x112d0
Faulting application start time: 0x01d75d76e047aaa0
Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f4f3cc2e-3365-45f4-bc4f-4a467fda6551
Faulting package full name:
Faulting package-relative application ID:

Error: (06/09/2021 11:17:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msedge.exe, version: 90.0.818.56, time stamp: 0x60934f68
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xc06d007e
Fault offset: 0x0000000000034b59
Faulting process id: 0x2479c
Faulting application start time: 0x01d75d7841ba1a81
Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5f0232eb-53d2-4efb-ac2d-dd128dc23b63
Faulting package full name:
Faulting package-relative application ID:

Error: (06/09/2021 11:17:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msedge.exe, version: 90.0.818.56, time stamp: 0x60934f68
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xc06d007e
Fault offset: 0x0000000000034b59
Faulting process id: 0x2500
Faulting application start time: 0x01d75d78369deb85
Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: dbd9c6f4-37e8-46c6-aff5-7adea2cb7da5
Faulting package full name:
Faulting package-relative application ID:

Error: (06/09/2021 11:17:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msedge.exe, version: 90.0.818.56, time stamp: 0x60934f68
Faulting module name: ntdll.dll, version: 10.0.19041.928, time stamp: 0x9bed63d6
Exception code: 0xc00000fd
Fault offset: 0x000000000002ab06
Faulting process id: 0x21030
Faulting application start time: 0x01d75d7814026f35
Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 003daa9d-b8ac-4b46-b8ad-ef305e1b4c3d
Faulting package full name:
Faulting package-relative application ID:

Error: (06/09/2021 11:16:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msedge.exe, version: 90.0.818.56, time stamp: 0x60934f68
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xe0000008
Fault offset: 0x0000000000034b59
Faulting process id: 0x91bc
Faulting application start time: 0x01d75d763f26f4d0
Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5831251a-62e8-4289-8a64-761192fb2c5b
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (06/10/2021 06:38:59 AM) (Source: Schannel) (EventID: 4113) (User: NT AUTHORITY)
Description: The certificate received from the remote server has either expired or is not yet valid. The TLS connection request has failed. The attached data contains the server certificate.

Error: (06/10/2021 06:27:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/10/2021 06:26:55 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (06/10/2021 06:26:55 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (06/10/2021 06:26:55 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (06/10/2021 06:25:32 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/10/2021 06:25:32 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/10/2021 06:25:19 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.


Windows Defender:
================
Date: 2021-06-08 22:31:54
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/CandyOpen&threatid=213956&enterprise=0
Name: PUA:Win32/CandyOpen
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\user\Downloads\Programs\sETUPS\uTorrent.exe; file:_C:\Users\user\Downloads\Programs\sETUPS\uTorrent.exe->(UPX)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.498.0, AS: 1.339.498.0, NIS: 1.339.498.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-06-08 22:31:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/PiriformBundler&threatid=277517&enterprise=0
Name: PUA:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\user\Downloads\ccsetup556.exe; file:_C:\Users\user\Downloads\ccsetup556.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.339.498.0, AS: 1.339.498.0, NIS: 1.339.498.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-06-08 22:31:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patcher&threatid=2147659947&enterprise=0
Name: HackTool:Win32/Patcher
Severity: High
Category: Tool
Path: file:_C:\Users\user\Downloads\Programs\IDM 6.30 Build 7 incl Patch [32bit + 64bit] Fake Serial Fixed [CrackingPatching]\Patch [Fake Serial Fixed]\64bit Patch build 7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Security intelligence Version: AV: 1.339.498.0, AS: 1.339.498.0, NIS: 1.339.498.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-06-08 22:31:33
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Skeeyah.A!MTB&threatid=2147729042&enterprise=0
Name: Trojan:Win32/Skeeyah.A!MTB
Severity: Severe
Category: Trojan
Path: file:_C:\Users\user\Downloads\Programs\Activation\Windows 10\Windows10PRO.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Security intelligence Version: AV: 1.339.498.0, AS: 1.339.498.0, NIS: 1.339.498.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-06-08 22:31:33
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:BAT/AutoKMS!MSR&threatid=2147754451&enterprise=0
Name: HackTool:BAT/AutoKMS!MSR
Severity: High
Category: Tool
Path: file:_C:\Users\user\Downloads\Programs\Activation\Office 2019\Test2.cmd; file:_C:\Users\user\Downloads\Programs\Activation\Windows 10\Test2.cmd
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Security intelligence Version: AV: 1.339.498.0, AS: 1.339.498.0, NIS: 1.339.498.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-06-10 06:28:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.498.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-06-10 06:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.498.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-06-10 06:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.498.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-06-10 06:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.498.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80072f8f
Error description: A security error occurred

Date: 2021-06-10 06:25:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.498.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80072f8f
Error description: A security error occurred

CodeIntegrity:
===============
Date: 2021-06-10 06:30:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 06:29:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.10-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO J9ET93WW (2.13 ) 08/29/2014
Motherboard: LENOVO 20C600HDZA
Processor: Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz
Percentage of memory in use: 55%
Total physical RAM: 7906.47 MB
Available physical RAM: 3509.32 MB
Total Virtual: 17649.2 MB
Available Virtual: 13319.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:269.2 GB) (Free:27.89 GB) NTFS
Drive f: (El Phenomeno) (Fixed) (Total:195.31 GB) (Free:30.72 GB) NTFS

\\?\Volume{8b19359d-9fc3-11e6-be66-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
\\?\Volume{37ae93ca-0000-0000-0000-d06243000000}\ () (Fixed) (Total:0.9 GB) (Free:0.39 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 37AE93CA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=269.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=926 MB) - (Type=27)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================