Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021
Ran by User (15-07-2021 23:21:00)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 2004 19041.1052 (X64) (2020-10-24 16:20:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3736682232-2262673394-1125935760-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3736682232-2262673394-1125935760-503 - Limited - Disabled)
Guest (S-1-5-21-3736682232-2262673394-1125935760-501 - Limited - Disabled)
User (S-1-5-21-3736682232-2262673394-1125935760-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-3736682232-2262673394-1125935760-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: ESET Security (Enabled - Out of date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Disabled) {B066057A-E576-007C-D591-56C163D3B33B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\uTorrent) (Version: 3.5.5.45966 - BitTorrent Inc.)
3D Youtube Downloader (x64) (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\3D Youtube Downloader (x64)) (Version: 1.16.3 - 3DYD Soft)
Adobe Acrobat X Professional - Middle Eastern, North African, Greek (HKLM-x32\...\{AC76BA86-1025-0000-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_0) (Version: 24.0 - Adobe Systems Incorporated)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_0) (Version: 16.0 - Adobe Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
All My Books 5.0 (HKLM-x32\...\{3A9FE5C3-799E-4E41-AF4E-943F9BC4C4BD}_is1) (Version: 5.0 - Bolide Software)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2018.0112.18.513 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Ashampoo Burning Studio 16 (HKLM-x32\...\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1) (Version: 16.0.2 - Ashampoo GmbH & Co. KG)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blender (HKLM\...\{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 - Blender Foundation)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.34.1574 - BlueStack Systems, Inc.)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.240.30.1002 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Core Installer (HKLM-x32\...\{f2d036eb-fb40-4025-9a5a-1a313d0ce5f8}) (Version: 1.2.0.0 - Manticore Games) Hidden
CORE Launcher Install (HKLM\...\{C8B82193-C53B-4856-A7F4-D21BA0436B63}) (Version: 1.2.0.0 - Manticore Games.)
Discord (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{8738A898-221B-4279-BC87-FEF7938022C1}) (Version: 0.8.8.87 - Dolby Laboratories, Inc.)
Epic Games Launcher (HKLM-x32\...\{38032CA4-BABE-44FB-813F-E152455B8FED}) (Version: 1.1.291.0 - Epic Games, Inc.)
Evernote v. 6.20.2 (HKLM-x32\...\{0D94350E-B007-11E9-A691-005056951CAD}) (Version: 6.20.2.8626 - Evernote Corp.)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
HearthArena Companion (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.2 - Overwolf app)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Inkscape 0.92.3 (HKLM-x32\...\Inkscape) (Version: 0.92.3 - Inkscape Project)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Krita (x64) 4.1.7 (HKLM\...\Krita_x64) (Version: 4.1.7.100 - Krita Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\OneDriveSetup.exe) (Version: 21.109.0530.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monopoly Here & Now Edition (HKLM-x32\...\Monopoly Here & Now Edition) (Version: 1.0.18.272 - GameHouse, Inc.)
Mozilla Firefox 89.0 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0 (x64 en-US)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
osu! (HKLM-x32\...\{8dbb6eb0-d086-4f0b-bfd1-e2e0841c6635}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.173.0.16 - Overwolf Ltd.)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PureRef (HKLM-x32\...\PureRef) (Version: 1.9.2 - Idyllic Pixel)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype version 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SURVEY_PROGRAM (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\SURVEY_PROGRAM) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Telegram Desktop version 2.5.8 (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.8 - Telegram FZ-LLC)
Trove Europe (HKLM-x32\...\Glyph Trove Europe) (Version: - Trion Worlds, Inc.)
UE4 Prerequisites (x64) (HKLM\...\{4EA298C9-B404-4790-87A6-8B7A34075C3F}) (Version: 1.0.12.0 - Epic Games, Inc.) Hidden
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{b9c85bd6-2171-4d4d-82ca-a438eeb2a311}) (Version: 7.0.2417.4248 - Lavasoft)
WinBiblio (HKLM-x32\...\WinBiblio) (Version: 25.5 - Robert Zamberlan)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WordPress.com 6.0.3 (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\ed4e3354-70d4-58f5-8f6d-7420253356e2) (Version: 6.0.3 - Automattic Inc.)
Zoom (HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.)

Packages:
=========
Inkscape -> C:\Program Files\WindowsApps\25415Inkscape.Inkscape_1.1.0.0_x64__9waqn51p1ttv2 [2021-07-15] (Inkscape)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-15] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.17.201.0_x64__8wekyb3d8bbwe [2021-07-15] (Microsoft Studios)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-03] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-01-12] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\igfxDTCM.dll [2018-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-01-12 00:16 - 2018-01-12 00:16 - 001368064 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\CNext\CNext\atiacm64.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2018-01-12 00:16 - 2018-01-12 00:16 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2017-06-05 05:13 - 2017-06-05 05:13 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2019-07-26] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-12-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 16:46 - 2018-10-02 00:58 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\notre dame du liban.jpeg
DNS Servers: 185.86.160.5 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3736682232-2262673394-1125935760-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{42BF1757-AF0D-4961-948E-2F15288FB41C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8527318B-1EB5-4B24-B265-5DD304557D13}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{65FAD26A-BB7F-4D98-9413-12A7AF7F4AFC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8D727C42-A4DA-4650-89E4-EC5543B81F64}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{61EC1CB5-39CF-4AFA-A618-55D854F337C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\We Were Here\We Were Here.exe () [File not signed]
FirewallRules: [{615E77AA-A141-4A81-91B4-2ED8CC9616D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\We Were Here\We Were Here.exe () [File not signed]
FirewallRules: [{32C7AE02-41BB-4BC5-B831-1F2E17BDA188}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{6B50F0C1-99E9-4B6E-8E9D-CDFDE8A8CE16}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{471A854B-F365-4418-8CB0-76EE39DE6AB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{AAAA7122-FEB8-4B42-B696-CA649DD5F044}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{EA47905E-E872-4518-B1A3-DAE0B491A770}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\eac_launcher.exe => No File
FirewallRules: [{E84B6B07-29E4-45B4-8CAF-8EAEE26DD1B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\eac_launcher.exe => No File
FirewallRules: [{A3B99302-9931-41AC-BEC9-573A32A148FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\win32\cuisine_royale.exe => No File
FirewallRules: [{04D741AF-6887-4D16-8568-D942F6B8FFED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\win32\cuisine_royale.exe => No File
FirewallRules: [{8F3C48A3-FC19-4648-9401-A56C5C66CC1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\win64\cuisine_royale.exe => No File
FirewallRules: [{A4696B07-4F06-45B5-A4D5-A177B4890306}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\win64\cuisine_royale.exe => No File
FirewallRules: [{D4FC205B-3BB7-481E-986D-328E177888F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\gaijin_downloader.exe => No File
FirewallRules: [{05CFBD12-6C2C-4FFA-8C9F-FF6FA3FA7A10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\gaijin_downloader.exe => No File
FirewallRules: [{F85C54CC-8A78-4580-AF2F-6589FBB25D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\win32\bpreport.exe => No File
FirewallRules: [{1BEC0579-377F-4A31-B0FE-FA8F403DA3C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\win32\bpreport.exe => No File
FirewallRules: [{1B143B87-5477-4E33-A4B4-C1363F4D89A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\bpreport.exe => No File
FirewallRules: [{B8098F68-B4B3-4D15-BFF9-83D7A9D62989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\bpreport.exe => No File
FirewallRules: [{56B73294-B38B-4309-93AF-519D30A9BD41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\launcher.exe => No File
FirewallRules: [{F005419E-E7B0-4369-984A-554973929B2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuisine Royale\launcher.exe => No File
FirewallRules: [{506A9BC0-EEDF-47D0-8BF5-CDD540A55F4A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5E23AA89-0850-4B6E-A4F9-1A04DF35E556}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{09860D4A-393D-4D44-BFFC-F552FAAA59C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{61FF53E7-18A6-4383-AA4D-8F5F66C777ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B847A0D-0CA7-4F8A-9E17-B7F53358E82F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D01668F9-C5F9-4619-89D6-3534F2155DF1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{28E168EB-DE48-49D2-B5B8-7EFE33810D6D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3907A9A5-AB91-49C8-8FC6-DF8A2F03D649}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1E02563-C3FE-44C1-B36C-F9DF0034DE46}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36E1A157-31BB-4E18-92C7-30831718E1EC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B588D4FD-CFCB-4D26-83A0-BC97778C860A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [{582E88F1-4E9C-4A5E-902F-18EC52729E3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{74BA0D05-D686-43EE-83DE-E5500DE96031}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{652ABECF-EF4B-41DD-8F8B-E25E9A289183}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A09EED03-D9F0-4E67-99AA-6F3BCAEB71F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{73927EF7-1D80-48D6-B51C-64E94DC7F474}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DC553890-53B6-4F37-B577-11AA7FB7CF60}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D3CA4015-20F3-4358-B307-0A32CE3FDB06}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{C9F6EA8D-4887-47DB-881F-FAD3BA682FBE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{FF1D38EF-2856-4889-BA73-4408E2FB843A}] => (Allow) LPort=1688
FirewallRules: [{B67AABBB-B9A2-4DF8-9A0E-4DC12AC7C8CB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File
FirewallRules: [{3865BABA-8704-49E4-BC6C-2620A6F84057}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File
FirewallRules: [{8737B216-F5EC-46DE-A6BF-6B4D7B6C1221}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CCDF0AC5-C570-4389-95E7-ABC951D04356}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C5C06188-D275-43F4-9CCD-89B2973AE171}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{B3B0EA26-51AE-4B88-9C2A-D63F26AC3D5D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{0AE8B8EA-9F69-4B0D-B9E5-077B7AEB7E86}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F757BD99-7CD6-48FF-8CF2-380668F89032}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5209ABBD-3370-4627-A546-9FA7803F98F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe () [File not signed]
FirewallRules: [{BFB742EA-3F73-45DE-813D-F3951BA7F69B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe () [File not signed]
FirewallRules: [{6D3B2019-A029-4928-86A2-55B447AB91BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{48A05288-D75D-43D4-822E-1BDC00FCE767}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{2A533F6A-6406-4380-B55D-06F4299B178C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9D74FE68-369F-4685-BFDF-81DA48CC3DCA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{794107B4-0643-407A-9662-04F5E47573DD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BADC627B-89B1-4BC7-BD66-CEB1E55A1ABD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED28A407-3DA0-4D40-9570-048D00E09354}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{ECCFBABB-A112-4393-9BEE-FA52FD044863}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AE048AF9-25F1-4683-997A-199E6EC00CC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C8117FCC-B3E6-4A30-BBCC-8CED4375229C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A9449664-1BBF-4D21-99E1-4FD0176B022E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{02C23A6E-C2F5-4A02-9BA0-3275A07F0868}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{85E43A68-CF19-4696-A9E2-F34637958CE2}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7EB4ECB3-7249-4C97-B4DC-29137D8F817A}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9E9FF636-39DD-4403-89DE-DF436667AFF8}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{D587A853-C4DA-40D7-BC9D-FDCCDCDA2E25}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{864D0FA0-EAA8-403F-83DB-C02A2BCB240C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{C152381D-9274-416E-B7BB-40AA2EC53208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{C30B15E8-42DE-4306-AE4B-4684D8488A5D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6C4AF4E6-DD30-452D-A20A-26D07856FC1B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A534E5D3-3781-4CC4-9366-69F99B9F4E8E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{72E4078D-F97E-41BA-A49A-90A996D8CCB5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4F47017E-6597-44DA-8976-0751F9AABDF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ACB5B490-DDCE-4E05-8BE4-5DEAFE56D48E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B280406A-5AB7-4A58-81EB-45F639A59678}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.14\OverwolfBrowser.exe => No File
FirewallRules: [{B75929F1-5637-41E0-B440-07022B5FC86E}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.14\OverwolfBrowser.exe => No File
FirewallRules: [{7B594664-752D-4AB5-BB0C-06A281A72463}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F31F5F3D-5C3D-44EF-8720-99B9D724EB35}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{84CD36F1-3F26-43DC-AF8B-8EDF2795E393}] => (Allow) C:\Program Files (x86)\Overwolf\0.173.0.14\OverwolfBrowser.exe => No File
FirewallRules: [{0ADCA002-EFA0-4A42-A4A4-22FAAFA0AD39}] => (Allow) C:\Program Files (x86)\Overwolf\0.173.0.14\OverwolfBrowser.exe => No File
FirewallRules: [{AC41F446-0406-461F-9E6C-464B6F655FBF}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.14\OverwolfBrowser.exe => No File
FirewallRules: [{8BCC23B1-E559-449E-83E3-642175D59F1B}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.14\OverwolfBrowser.exe => No File
FirewallRules: [{5386C9D5-5305-47CC-9A74-C3058A032649}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.14\OverwolfBrowser.exe => No File
FirewallRules: [{68F52024-F410-479C-8293-7F460EF3319D}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.14\OverwolfBrowser.exe => No File
FirewallRules: [{D5F8ABAD-EE40-49FC-BE68-50136FE972C3}] => (Allow) C:\Program Files (x86)\Overwolf\0.173.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{383C1CA4-53FB-4D35-B2E0-866F951633E5}] => (Allow) C:\Program Files (x86)\Overwolf\0.173.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{6D530B17-4B3E-411F-AC5D-A6BDB321CA6C}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{D34A63FC-CB31-44E4-A03B-A7CD4BD63718}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{2A75B96C-994B-4B41-A87A-D21FD5CC25FF}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9CA47E79-A3E1-4E1B-A927-062835926AB2}] => (Block) C:\Program Files (x86)\Overwolf\0.173.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

==================== Restore Points =========================

15-07-2021 12:52:08 Restore Operation
15-07-2021 23:04:05 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/15/2021 11:11:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.19041.906, time stamp: 0x01b4b287
Faulting module name: ntdll.dll, version: 10.0.19041.1023, time stamp: 0x7977b9de
Exception code: 0xc0000005
Fault offset: 0x0000000000063416
Faulting process id: 0x2c54
Faulting application start time: 0x01d779b482d604c3
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 61289f0b-b306-44dc-94a1-27e71a7112ae
Faulting package full name:
Faulting package-relative application ID:

Error: (07/15/2021 02:31:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17032

Error: (07/15/2021 02:31:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17032

Error: (07/15/2021 02:31:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/15/2021 02:25:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YourPhone.exe, version: 1.21052.122.0, time stamp: 0x60dcb7fb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1023, time stamp: 0x924f9cdb
Exception code: 0xc000027b
Fault offset: 0x000000000010b39c
Faulting process id: 0x20c4
Faulting application start time: 0x01d7796c10f3dea5
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21052.122.0_x64__8wekyb3d8bbwe\YourPhone.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e57f85cc-8847-4a42-9097-a80e418a412f
Faulting package full name: Microsoft.YourPhone_1.21052.122.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (07/15/2021 02:25:28 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-V64D4NE)
Description: Microsoft.YourPhone_8wekyb3d8bbwe-2147024893

Error: (07/15/2021 02:25:28 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-V64D4NE)
Description: Microsoft.YourPhone_8wekyb3d8bbwe-2147024893

Error: (07/15/2021 02:25:28 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-V64D4NE)
Description: Microsoft.YourPhone_8wekyb3d8bbwe-2147024893


System errors:
=============
Error: (07/15/2021 11:15:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Device Setup Manager service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/15/2021 11:15:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Device Setup Manager service to connect.

Error: (07/15/2021 11:11:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 2021-07 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5004945).

Error: (07/15/2021 10:55:05 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (07/15/2021 03:30:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-V64D4NE)
Description: The server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} did not register with DCOM within the required timeout.

Error: (07/15/2021 02:58:39 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (07/15/2021 02:29:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-V64D4NE)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (07/15/2021 02:29:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-V64D4NE)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-07-15 12:48:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-15 11:50:08
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/PiriformBundler&threatid=277517&enterprise=0
Name: PUA:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\User\Downloads\ccsetup563.exe; file:_C:\Users\User\Downloads\ccsetup563.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.329.2639.0, AS: 1.329.2639.0, NIS: 1.329.2639.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-07-15 00:27:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-14 23:32:58
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/ICBundler&threatid=286849&enterprise=0
Name: PUA:Win32/ICBundler
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\User\Downloads\uTorrent.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Security intelligence Version: AV: 1.329.2639.0, AS: 1.329.2639.0, NIS: 1.329.2639.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-07-14 23:32:13
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/PiriformBundler&threatid=277517&enterprise=0
Name: PUA:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_C:\Users\User\Downloads\ccsetup563.exe; file:_C:\Users\User\Downloads\ccsetup563.exe->(nsis-instdata)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Security intelligence Version: AV: 1.329.2639.0, AS: 1.329.2639.0, NIS: 1.329.2639.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-07-15 15:01:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2639.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-07-15 15:01:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2639.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-07-15 15:01:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2639.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-07-15 15:01:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2639.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2021-07-15 15:01:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2639.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2021-07-15 22:58:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-07-15 15:06:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Avast Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-07-15 15:05:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-07-15 15:05:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 4WCN37WW 11/06/2017
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 87%
Total physical RAM: 3970.72 MB
Available physical RAM: 479.64 MB
Total Virtual: 9602.72 MB
Available Virtual: 6082.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.47 GB) (Free:749 GB) NTFS
Drive d: () (RAMDisk) (Total:930.47 GB) (Free:748.93 GB) NTFS

\\?\Volume{d9fa2484-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{d9fa2484-0000-0000-0000-50c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=518 MB) - (Type=27)

==================== End of Addition.txt =======================