Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by mibut (09-06-2020 14:43:09)
Running from C:\Users\mibut\Downloads
Windows 10 Home Version 1909 18363.836 (X64) (2020-02-22 07:57:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2417424753-1909548177-4206843061-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2417424753-1909548177-4206843061-503 - Limited - Disabled)
Guest (S-1-5-21-2417424753-1909548177-4206843061-501 - Limited - Disabled)
mibut (S-1-5-21-2417424753-1909548177-4206843061-1001 - Administrator - Enabled) => C:\Users\mibut
WDAGUtilityAccount (S-1-5-21-2417424753-1909548177-4206843061-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.4.2410 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 81.1.4223.139 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.7.915.0 - AVAST Software) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-01b6d92e-5029-4c59-9ab2-2e7a9005dc9d) (Version: 3.0.2.48 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC)
GTarcade (HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\...\gtarcade) (Version: 2.1.0.3045 - YOOZOO Games)
GTarcade (HKU-x32\S-1-5-21-2417424753-1909548177-4206843061-1001\...\gtarcade) (Version: 2.0.0.1075 - YOOZOO Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.18 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Ready Mode Technology (HKLM\...\{CC3C017C-876D-4A31-A128-593FF92A1FE7}) (Version: 1.1.70.528 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version: 120.7.3.55 - Apple Inc.)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-92e34ed3-e3bb-4594-909c-23535f7c1c8e) (Version: 3.0.2.118 - WildTangent) Hidden
LINE (HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\...\LINE) (Version: 5.11.4.1836 - LINE Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R7 - McAfee, Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12827.20268 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft OneDrive (HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\...\OneDriveSetup.exe) (Version: 20.064.0329.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
MTG Arena (HKLM-x32\...\{F62E5477-A813-448F-AD6C-34FB7C31E360}) (Version: 0.1.1790 - Wizards of the Coast)
Mystika 2 (HKLM-x32\...\WTA-6bcc19ce-71db-4d4c-b7d3-a663afda0bd4) (Version: 1.1.2.4 - WildTangent) Hidden
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0516 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0516 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20268 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.)
RogueKiller version 14.5.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.5.0.0 - Adlice Software)
Runefall (HKLM-x32\...\WTA-6127a291-0ce8-4972-8927-8b48dad7eb90) (Version: 3.0.2.126 - WildTangent) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Sparkle 2 (HKLM-x32\...\WTA-d3f11148-db3c-4e0d-b42d-86cbc038bc40) (Version: 3.0.2.51 - WildTangent) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Twitch (HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Unity Web Player (HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Warcraft II (HKLM-x32\...\1418669891_is1) (Version: 2.02 v4 - GOG.com)
WinZip 24.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24125}) (Version: 24.0.13650 - Corel Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.8.5.0_x86__kgqvnymyfvs32 [2020-04-08] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.169.300.0_x86__kgqvnymyfvs32 [2020-06-02] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.1.0.10_x86__h6adky7gbf63m [2020-06-02] (Gameloft SE)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2017-08-24] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-27] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa [2020-05-21] (Apple Inc.) [Startup Task]
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-29] (Keeper Security Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.40.21551.0_x64__8wekyb3d8bbwe [2020-06-09] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-01] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.6005.0_x64__8wekyb3d8bbwe [2020-04-15] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-11] (Netflix, Inc.)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-11-30] (Plex)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.19.82.0_x64__kx24dqmazqk8j [2020-06-09] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0 [2020-05-28] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\mibut\AppData\Local\Google\Chrome\Application\83.0.4103.97\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\mibut\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-12-21] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-12] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-12] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-06-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-12-21] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-12] (Corel Corporation -> WinZip Computing)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\mibut\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\mibut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\mibut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f1f36ebe66fce5e5\Google Chrome.lnk -> C:\Users\mibut\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=*&locale=en_us&pf=cndt&s=VUDU_URL&tp=startmenu
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\mibut\Downloads\AdwCleaner.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\mibut\Downloads\avast_free_antivirus_setup_online.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\mibut\Downloads\DSOne.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\mibut\Downloads\MBSetup.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\mibut\Downloads\RogueKiller_setup_ref3.exe:SmartScreen [7]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 15:03 - 2019-01-04 04:14 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mibut\OneDrive\Pictures\Rey.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKU\S-1-5-21-2417424753-1909548177-4206843061-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A1BDD902-943B-4334-938C-BD2E3939DED1}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [UDP Query User{20AD8E14-F84C-457B-A9ED-EB8177204DA0}C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{22ED328F-38BA-48E6-9121-59ED1685ED3F}C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{941DD0F1-E9FF-470D-83CF-F73E081DBDD1}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [TCP Query User{68484261-70BF-4194-9555-8E3600B3D1B0}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{3B5FFFE6-2548-4A43-99BE-D35C29A067C5}C:\users\mibut\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\mibut\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{16C97EF7-A1C1-4A07-BE92-4B9B9707AE24}C:\users\mibut\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\mibut\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A241F580-3C98-415D-9D1F-CFD7FDF665D6}] => (Allow) C:\Program Files (x86)\GOG Galaxy\Games\Warcraft II BNE\Warcraft II BNE_dx.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{00F7EAB0-B76E-483F-8DB9-A1D99EAEC277}] => (Allow) C:\Program Files (x86)\GOG Galaxy\Games\Warcraft II BNE\Warcraft II BNE.exe (GOG Sp. z o.o. -> Blizzard Entertainment)
FirewallRules: [{5C39094F-4A83-4391-AAB7-44BC59F0FB1D}] => (Allow) C:\Users\mibut\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{E219C1F5-7987-44DB-9538-8001090434FD}] => (Allow) C:\Users\mibut\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{4D30C7AA-CD2C-4C84-BB71-0A46313939C5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [UDP Query User{2C2A1A83-9220-493B-A9BB-1FFC1841DCDF}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{98EDA17C-6463-4EFD-8096-E4CB012B69DF}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{A2F38A76-AAC8-439E-9B6E-1C972676A64E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{213A9662-B0C6-43E6-857D-88590AB874DE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{3CA61BB5-16C7-473B-8BD5-64D8B1FC7DA6}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{26CEEBA7-9D5F-46F2-9A74-1E3CD1D91C34}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{61BCF1EA-B8B0-4266-AFEC-222448FD4CC5}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{2B7D4DBC-ADE7-4927-9C3C-73DE196C93F9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [UDP Query User{9B865DC6-DDFE-4863-997B-2FAC3FB3BF3C}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe => No File
FirewallRules: [TCP Query User{1C13A94C-A1A7-4F42-80F7-9F907F06B58C}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe => No File
FirewallRules: [{14EAAEE9-E424-44ED-AF33-C7822D5331F6}] => (Allow) LPort=13148
FirewallRules: [{66E9426F-4FA7-4429-8BC9-5EB3D7EA4D3A}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe => No File
FirewallRules: [UDP Query User{C32EBFD4-4743-43BF-9B77-526B8D99EDC5}C:\program files (x86)\star trek online_en\star trek online\live\x86\gameclient.exe] => (Allow) C:\program files (x86)\star trek online_en\star trek online\live\x86\gameclient.exe => No File
FirewallRules: [TCP Query User{683262DC-65EB-4DB7-AEE8-432192F643C5}C:\program files (x86)\star trek online_en\star trek online\live\x86\gameclient.exe] => (Allow) C:\program files (x86)\star trek online_en\star trek online\live\x86\gameclient.exe => No File
FirewallRules: [{4BA9337E-58C0-4933-9E77-A4E58FCC6CCF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2C69E28-0B0C-4D85-A026-2DC95CEFBFB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EC69B604-027F-46A9-9419-716AE4F13163}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{63C44D8F-A26D-4B88-A2B1-725B75A2F274}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4F1A8874-6324-4D4F-A6D4-4A93E75597AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A3915C98-52C8-42E6-87B9-DE347D9C7DB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{26FE87DE-ABF6-4D09-B561-FA440ACD1ADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{1C6722D5-E121-4A0C-9182-9E1A9DAC9FC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9AB01026-20E3-4605-BDAA-2ED134C6C247}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5F84BC97-434A-4960-8E3B-E31359033C18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E3742839-AB11-4CC0-8B72-D30C86FE9245}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{E5070A02-CD25-4605-817D-BE69868264A2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{3BB1B2E4-B5F5-4EC1-BDB8-6E34ACA5AD3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{ADB1D5E5-340B-45BA-B4ED-6A9D08DB9E9F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{0F3FB5F8-04C6-4405-9C62-9041CE4D19C4}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{4987065C-6824-4D6F-9183-374793EC5432}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{9DC24332-1FC8-4F27-BF9D-4F28E6FD225B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AC02C539-60BF-4E06-B0E2-FC388E8D1273}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9BDA92F3-78DD-4904-BFF8-3E01347ED7EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3891EF37-229D-4302-85A3-E6E0A8F7C415}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4DDE4EE5-45ED-4636-910E-72B809856C11}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{FCA31944-D8C6-459B-A267-1C030AE466A1}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{903566A7-00BB-428C-9761-7D67B5938A34}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{61A9AE27-E321-49C0-A98B-FA6EADF01B63}] => (Allow) C:\Users\mibut\AppData\Local\LINE\bin\5.9.2.1760\LINE.exe => No File
FirewallRules: [{8CF81C17-98CB-4500-9444-5F82E05D8AA7}] => (Allow) C:\Users\mibut\AppData\Local\LINE\bin\5.9.2.1760\LINE.exe => No File
FirewallRules: [{2F972916-D2C3-4AC8-8C4F-D61EE5B8EC66}] => (Allow) C:\Users\mibut\AppData\Local\LINE\bin\5.9.2.1760\LineUpdater.exe => No File
FirewallRules: [{5305DBC0-1093-4BD7-992C-6B020036A459}] => (Allow) C:\Users\mibut\AppData\Local\LINE\bin\5.9.2.1760\LineUpdater.exe => No File
FirewallRules: [{8E0A84EF-9192-480E-8F22-C612A0053911}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B7BBD75-3059-456E-9E37-29D3D3BEC2A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{540E65B3-6DFA-4D28-98DF-542F97C66F9E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B99BCB9A-D1EA-4B1B-A0BE-2B5ACAB43F21}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{0386BBB5-3EE2-4EB9-88DD-EECFC473A63F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{D2C3EB02-8037-41ED-86D8-6E3E29DFB972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe () [File not signed]
FirewallRules: [{2057DCFF-2714-4190-9E50-80E1FCE4C9F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe () [File not signed]
FirewallRules: [{B17A1752-0C36-482B-879B-FA103E9DE500}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DD4410CB-FF48-444B-A151-E5CC12C137A3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1BCE4ACB-F4F4-46CF-A0A9-282B9F4F5F52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{E849A941-BE1D-48A0-83F0-99E0529A4207}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{5AFC80DA-D1D0-4826-8255-A16B2B5ABC29}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4E628A41-0381-4AAC-8C65-38FACD0B4CBA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{99B15575-3EC9-486D-A37A-0AB0DCDF5A79}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{827A1F88-CEC0-40A6-A4A2-D96E54902C8E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ABFA7D04-B6DF-4E58-96A1-5AD4F667D8B4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E9D73447-87A7-40D6-9BB8-6784B7D828A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{684F81EA-0169-41C0-8F05-DEBABBBB0F6B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E561FBDB-B919-4CAD-85AC-4EF3192F248D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1BB98C3D-E74E-47D7-9127-A244D9EDA9E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0188FC53-6831-4C66-A5CA-11FEAB7E3E67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6A356EDF-33E2-46AB-8154-3D5F919A93E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{663685C7-3243-4870-A4E4-10D14835F442}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D0480C9-76B0-4689-A113-D91EA5993841}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C62AACAD-7738-44D4-B71B-52767FE27D31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC5485B5-AC82-42F3-8A2A-7C1E49671DB7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BF6E8F30-48F7-4466-AD1B-31745A5B63BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{51F065FB-FE08-4ABA-B1B2-F3161C8CB177}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF4DFAAE-42C3-4176-93A6-1B53CBA42A0B}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
==================== Restore Points =========================
19-05-2020 15:01:21 Installed MTGA Launcher
31-05-2020 02:10:33 Scheduled Checkpoint
09-06-2020 13:39:22 AdwCleaner_BeforeCleaning_09/06/2020_13:39:20
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/09/2020 02:43:42 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8464,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (06/09/2020 02:05:01 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3216,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (06/09/2020 01:49:07 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (06/09/2020 01:47:06 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (06/09/2020 01:39:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service WC Assistant since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (06/09/2020 01:39:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0271111589481137) since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (06/09/2020 01:35:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.680, time stamp: 0x5ecfd2a3
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5e8272e4
Exception code: 0xc0000005
Fault offset: 0x0000000000232860
Faulting process id: 0x3218
Faulting application start time: 0x01d63e93be944aec
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 8d78e345-fad8-45dc-aa33-c8787fba20db
Faulting package full name:
Faulting package-relative application ID:
Error: (06/09/2020 01:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.680, time stamp: 0x5ecfd2a3
Faulting module name: mbam.exe, version: 4.0.0.680, time stamp: 0x5ecfd2a3
Exception code: 0xc0000005
Fault offset: 0x0000000000071a19
Faulting process id: 0x3218
Faulting application start time: 0x01d63e93be944aec
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Report Id: 5406f159-2c8b-4b81-a040-e00840f75790
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (06/09/2020 01:49:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/09/2020 01:49:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (06/09/2020 01:46:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Comm Recovery service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/09/2020 01:46:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GamesAppIntegrationService service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/09/2020 01:44:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Orbit Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/09/2020 01:42:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ModuleCoreService service.
Error: (06/09/2020 01:42:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfemms service.
Error: (06/09/2020 01:42:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\system32\IntelIHVRouter04.dll
Windows Defender:
===================================
Date: 2020-06-02 14:43:45.060
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:HTML/FakeAlert!MSR
ID: 2147744081
Severity: Severe
Category: Trojan
Path: file:_C:\Users\mibut\Downloads\This computer is BLOCKED.html; webfile:_C:\Users\mibut\Downloads\This computer is BLOCKED.html|
http://138.68.251.107/xxxwinchrome0...html|pid:4752,ProcessStart:132356042235305004
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.317.467.0, AS: 1.317.467.0, NIS: 1.317.467.0
Engine Version: AM: 1.1.17100.2, NIS: 1.1.17100.2
Date: 2020-05-27 17:59:15.788
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.54.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x80070102
Error description: The wait operation timed out.
CodeIntegrity:
===================================
Date: 2020-06-09 14:35:59.768
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-06-09 14:35:59.343
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-06-09 14:35:58.928
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-06-09 14:35:58.598
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-06-09 14:35:58.106
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-06-09 14:35:57.793
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-06-09 14:35:57.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-06-09 14:35:57.234
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.10 03/30/2017
Motherboard: HP 82F1
Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 55%
Total physical RAM: 8127.92 MB
Available physical RAM: 3637.24 MB
Total Virtual: 13759.92 MB
Available Virtual: 7092.23 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:918.43 GB) (Free:705.45 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.85 GB) (Free:1.44 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{151c66e5-c7c5-4043-8f99-d10811ddbea8}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.49 GB) NTFS
\\?\Volume{890f18f1-083f-49a7-9053-645d8de06a3c}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7E10C852)
Partition: GPT.
==================== End of Addition.txt =======================