Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2022 Ran by user (11-03-2022 05:34:43) Running from C:\Users\user\Desktop Microsoft Windows 10 Home Version 21H1 19043.1526 (X64) (2021-12-21 07:00:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2564881613-3640244745-1839761148-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2564881613-3640244745-1839761148-503 - Limited - Disabled) Guest (S-1-5-21-2564881613-3640244745-1839761148-501 - Limited - Disabled) user (S-1-5-21-2564881613-3640244745-1839761148-1001 - Administrator - Enabled) => C:\Users\user WDAGUtilityAccount (S-1-5-21-2564881613-3640244745-1839761148-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Spybot - Search and Destroy (Disabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov) 7-Zip 21.07 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2107-000001000000}) (Version: 21.07.00.0 - Igor Pavlov) Alienware Command Center Suite (HKLM\...\{137517B1-977C-46A3-818E-7CB181462FA5}) (Version: 5.2.14.0 - Dell Inc) Hidden Alienware Command Center Suite (HKLM-x32\...\InstallShield_{137517B1-977C-46A3-818E-7CB181462FA5}) (Version: 5.2.14.0 - Dell Inc) Alienware Digital Delivery Services (HKLM-x32\...\{40B4F37A-DBE4-49AE-9B42-B4C49A81D2C9}) (Version: 4.0.41.0 - Dell Inc.) Alienware Mobile Connect Drivers (HKLM\...\{A5851DEA-C615-417B-A7FF-9C5469942D88}) (Version: 2.0.8402 - Screenovate Technologies Ltd.) Alienware OC Controls (HKLM-x32\...\{970eb1b1-1a83-406e-bcac-873fc8de5530}) (Version: 1.2.32.1210 - Dell Inc) Alienware OCControls Service Installer (HKLM\...\{8B80ECB7-13FC-46F5-8EA6-DA38D9FE5794}) (Version: 1.2.32.1210 - DELL Inc) Hidden Alienware SupportAssist Remediation (HKLM\...\{1906C253-4035-4CA5-A501-075E691CCEC9}) (Version: 5.0.0.10859 - Dell Inc.) Hidden Alienware SupportAssist Remediation (HKLM-x32\...\{96846915-505c-49a2-8aa0-63f90927de87}) (Version: 5.0.0.10859 - Dell Inc.) Alienware Update - SupportAssist Update Plugin (HKLM\...\{C559D0AB-2D9E-4B59-B2B8-0C2061B3F9BC}) (Version: 5.0.0.10859 - Dell Inc.) Hidden Alienware Update - SupportAssist Update Plugin (HKLM-x32\...\{3a267e2b-0948-4f12-a103-e2ac0461179d}) (Version: 5.0.0.10859 - Dell Inc.) Alienware Update for Windows Universal (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.4.0 - Dell Inc.) Arua (HKLM-x32\...\{459E7CC5-7047-49FF-B1B3-230CCB4CA1D3}_is1) (Version: 388 - Arua) Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 21.4.11361.5916 - Avast Software) Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 22.1.2504 - Avast Software) BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.5.100.1040 - BlueStack Systems, Inc.) BlueStacks X (HKU\S-1-5-21-2564881613-3640244745-1839761148-1001\...\BlueStacks X) (Version: 0.13.2.5 - BlueStack Systems, Inc.) Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft) CurseForge (HKU\S-1-5-21-2564881613-3640244745-1839761148-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.193.2.1 - Overwolf app) Dell SupportAssist (HKLM\...\{E0659C89-D276-4B77-A5EC-A8F2F042E78F}) (Version: 3.10.4.18 - Dell Inc.) Discord (HKU\S-1-5-21-2564881613-3640244745-1839761148-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.) Google Chrome (HKLM\...\{177B605A-B1E1-3197-B5D4-05F00C0174D1}) (Version: 99.0.4844.51 - Google LLC) Intel(R) Chipset Device Software (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1932.12.0.1298 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7262 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.56.87.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{05817e4d-5f15-49b4-afec-7edb31fc7dd6}) (Version: 1.56.87.0 - Intel Corporation) Hidden IPVanish (HKLM\...\{D1F1F020-6E24-4FCF-98B5-AF524ACF0BB9}) (Version: 3.7.5.7 - Mudhook Marketing, Inc) Hidden IPVanish (HKLM-x32\...\{f592db3f-c4b6-4112-901a-e4842af10a8a}) (Version: 3.7.5.7 - Mudhook Marketing, Inc) Killer Wireless Driver UWD (HKLM\...\{EF338787-6B3E-45C8-A32E-0F92567E8CEE}) (Version: 2.1.1359 - Rivet Networks) Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes) MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14827.20198 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.36 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.36 - Microsoft Corporation) Microsoft Office Home and Student 2019 - en-us (HKLM\...\HomeStudent2019Retail - en-us) (Version: 16.0.14827.20198 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) NVIDIA GeForce Experience 3.20.1.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.1.57 - NVIDIA Corporation) NVIDIA Graphics Driver 441.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.12 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20198 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20198 - Microsoft Corporation) Hidden Overwolf (HKLM-x32\...\Overwolf) (Version: 0.191.0.20 - Overwolf Ltd.) Pretty Good Solitaire version 21.0 (HKLM-x32\...\Pretty Good Solitaire_is1) (Version: 21.0.0 - Goodsol Development Inc.) Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: 2.17.1 - Rainy) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8642 - Realtek Semiconductor Corp.) Sandboxie-Plus v0.9.8.4 (HKLM\...\Sandboxie-Plus_is1) (Version: 0.9.8.4 - hxxp://xanasoft.com/) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) Windows Driver Package - STMicroelectronics (STTub30) USB (04/03/2017 3.0.6.0) (HKLM\...\BFD1FB244691FDF6328C70B79647C9046B65397A) (Version: 04/03/2017 3.0.6.0 - STMicroelectronics) Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) WinRAR 6.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.10.0 - win.rar GmbH) Packages: ========= Alienware Command Center -> C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.4.16.0_x64__htrsf667h5kn2 [2022-02-16] (Dell Inc) Alienware Customer Connect -> C:\Program Files\WindowsApps\DellInc.AlienwareCustomerConnect_5.3.5.0_x64__htrsf667h5kn2 [2021-12-27] (Dell Inc) Alienware Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.AlienwareMobileConnect_3.3.9810.0_x64__0vhbc3ng4wbp0 [2021-12-27] (Screenovate Technologies) [Startup Task] Alienware Update -> C:\Program Files\WindowsApps\DellInc.AlienwareUpdate_4.4.18.0_x86__htrsf667h5kn2 [2021-12-27] (Dell Inc) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2220.2.0_x64__kgqvnymyfvs32 [2022-03-05] (king.com) Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\dellinc.dellsupportassistforpcs_3.10.7.0_x64__htrsf667h5kn2 [2022-01-08] (Dell Inc) Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.23.4.0_x64__6rarf9sa4v8jt [2022-02-02] (Disney) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-01-29] (HP Inc.) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-27] (INTEL CORP) [Startup Task] Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1024.0_x64__8j3eq9eme6ctt [2022-02-12] (INTEL CORP) Killer Control Center -> C:\Program Files\WindowsApps\rivetnetworks.killercontrolcenter_3.1021.524.0_x64__rh07ty8m5nkag [2021-12-27] (Rivet Networks LLC) [Startup Task] Mahjong Solitaire: Classic -> C:\Program Files\WindowsApps\BitMango.MahjongSolitaireClassic_22.303.9.0_x64__2b8nme4t3zjry [2022-03-05] (BitMango, inc.) Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\db6ea5db.mediasuiteessentialsfordell_2.6.4028.0_x86__mcezb6ze687jp [2021-12-27] (CYBERLINK CORPORATION.) Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1420.6.106.0_x64__8xx8rvfyw5nnt [2022-03-01] (Facebook Inc) [Startup Task] Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_3.1.9160.0_x86__8wekyb3d8bbwe [2022-01-06] (Microsoft Studios) [MS Ad] Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1817.0_x64__8wekyb3d8bbwe [2021-12-27] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-02-25] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.18.1201.0_x64__8wekyb3d8bbwe [2022-02-16] (Microsoft Studios) Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.0.159.0_x64__8wekyb3d8bbwe [2022-03-09] (Microsoft Studios) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-12-27] (Microsoft Corporation) My Alienware -> C:\Program Files\WindowsApps\DellInc.MyAlienware_1.92.17.0_x64__htrsf667h5kn2 [2021-12-27] (Dell Inc) MyRadar -> C:\Program Files\WindowsApps\ACMEAtronOmaticLLC.MyRadar_5.17.0.0_x64__hgk1kwjkxrdv0 [2022-02-15] (ACME AtronOmatic LLC) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-19] (NVIDIA Corp.) Power Media Player for Dell -> C:\Program Files\WindowsApps\db6ea5db.powermediaplayerfordell_14.2.3708.0_x86__mcezb6ze687jp [2021-12-27] (CYBERLINK CORPORATION.) Power2Go for Dell -> C:\Program Files\WindowsApps\db6ea5db.power2gofordell_11.0.3920.0_x86__mcezb6ze687jp [2021-12-27] (CYBERLINK CORPORATION.) [Startup Task] PowerDirector for Dell -> C:\Program Files\WindowsApps\db6ea5db.powerdirectorfordell_15.0.4409.0_x64__mcezb6ze687jp [2021-12-27] (CYBERLINK CORPORATION.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.226.0_x64__dt26b99r8h8gj [2021-12-27] (Realtek Semiconductor Corp) Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.516.304.0_x86__55nm5eh3cm0pr [2022-03-05] (ROBLOX Corporation) Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2022-01-06] (Random Salad Games LLC) Simple Spider Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSpiderSolitaire_3.8.34.0_x64__kx24dqmazqk8j [2022-01-06] (Random Salad Games LLC) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0 [2022-03-05] (Spotify AB) [Startup Task] Survivalcraft -> C:\Program Files\WindowsApps\20961CandyRufusGames.Survivalcraft_1.29.46.0_neutral__c7jxg4av36ap6 [2022-01-06] (Candy Rufus Games) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-08] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-08] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-08] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-08] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> ) ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-03] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_21286f2484bb9003\nvshext.dll [2021-11-27] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-08] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2022-03-10 21:33 - 2022-03-10 21:33 - 001277952 ____H () [File not signed] [File is in use] C:\Program Files (x86)\Steam\steamapps\common\Dynomite Deluxe\popE430.tmp 2022-01-06 00:27 - 2022-01-27 16:05 - 126964224 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll 2022-01-06 00:27 - 2021-11-17 05:38 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll 2022-01-06 00:27 - 2021-11-17 05:38 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll 2022-01-06 01:15 - 2022-01-06 01:15 - 000102196 _____ () [File not signed] C:\Program Files (x86)\Steam\steamapps\common\Dynomite Deluxe\bass.dll 2017-08-02 05:24 - 2017-08-02 05:24 - 000017920 _____ () [File not signed] C:\Program Files\Rainlendar2\lfs.dll 2017-08-02 05:37 - 2017-08-02 05:37 - 000331776 _____ () [File not signed] C:\Program Files\Rainlendar2\libical.dll 2017-08-02 05:37 - 2017-08-02 05:37 - 000063488 _____ () [File not signed] C:\Program Files\Rainlendar2\libicalss.dll 2017-08-02 05:24 - 2017-08-02 05:24 - 000314880 _____ () [File not signed] C:\Program Files\Rainlendar2\lua53.dll 2021-10-08 01:41 - 2021-10-08 01:41 - 000130560 _____ () [File not signed] C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll 2022-02-16 11:27 - 2022-02-16 11:27 - 000484352 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.4.16.0_x64__htrsf667h5kn2\AWCC.RPC.Proxy.WinRT.dll 2022-02-16 11:27 - 2022-02-16 11:27 - 000178688 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.4.16.0_x64__htrsf667h5kn2\AWCCPlugin.dll 2022-02-16 11:27 - 2022-02-16 11:28 - 000316928 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.4.16.0_x64__htrsf667h5kn2\PM.UI.Controls.dll 2022-02-16 11:27 - 2022-02-16 11:27 - 031620096 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.4.16.0_x64__htrsf667h5kn2\AWCC.dll 2022-02-13 11:55 - 2020-07-19 19:00 - 000303104 _____ (Goodsol Development) [File not signed] C:\Program Files (x86)\goodsol\gdcard.dll 2021-12-26 19:00 - 2021-12-26 19:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2017-08-13 08:49 - 2017-08-13 08:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll 2020-04-01 17:07 - 2020-04-01 17:07 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2020-04-01 17:07 - 2020-04-01 17:07 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll 2022-01-05 23:06 - 2021-06-19 01:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2022-01-06 00:27 - 2022-01-27 16:05 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll 2019-10-10 08:13 - 2019-10-10 08:13 - 000422400 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\Rainlendar2\libcurl.dll 2022-01-05 23:06 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll 2022-01-05 23:06 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll 2018-11-16 06:48 - 2018-11-16 06:48 - 002720768 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Rainlendar2\libcrypto-1_1-x64.dll 2018-11-16 06:49 - 2018-11-16 06:49 - 000658944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Rainlendar2\libssl-1_1-x64.dll 2021-05-01 09:30 - 2021-05-01 09:30 - 002937344 _____ (wxWidgets development team) [File not signed] C:\Program Files\Rainlendar2\wxbase315u_vc_rny.dll 2021-05-01 09:34 - 2021-05-01 09:34 - 000181760 _____ (wxWidgets development team) [File not signed] C:\Program Files\Rainlendar2\wxbase315u_xml_vc_rny.dll 2021-05-01 09:33 - 2021-05-01 09:33 - 008469504 _____ (wxWidgets development team) [File not signed] C:\Program Files\Rainlendar2\wxmsw315u_core_vc_rny.dll 2021-05-01 09:34 - 2021-05-01 09:34 - 000781312 _____ (wxWidgets development team) [File not signed] C:\Program Files\Rainlendar2\wxmsw315u_html_vc_rny.dll 2021-05-01 09:36 - 2021-05-01 09:36 - 000880128 _____ (wxWidgets development team) [File not signed] C:\Program Files\Rainlendar2\wxmsw315u_propgrid_vc_rny.dll 2021-05-01 09:35 - 2021-05-01 09:35 - 000970240 _____ (wxWidgets development team) [File not signed] C:\Program Files\Rainlendar2\wxmsw315u_xrc_vc_rny.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-2564881613-3640244745-1839761148-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us SearchScopes: HKU\S-1-5-21-2564881613-3640244745-1839761148-1001 -> DefaultScope {7E7BDB52-3FDE-4427-BEFB-E0D7EFF06153} URL = SearchScopes: HKU\S-1-5-21-2564881613-3640244745-1839761148-1001 -> {7E7BDB52-3FDE-4427-BEFB-E0D7EFF06153} URL = BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-12-22] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-18 22:49 - 2019-03-18 22:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2564881613-3640244745-1839761148-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\AW_EclipseHead_Final_2016.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AlienwareMobileConnectWelcome" HKLM\...\StartupApproved\Run: => "Classic Start Menu" HKU\S-1-5-21-2564881613-3640244745-1839761148-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2564881613-3640244745-1839761148-1001\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{398EB98F-FCA5-4642-A15E-1FD2F666708B}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.AlienwareMobileConnect_3.3.9810.0_x64__0vhbc3ng4wbp0\app\AlienwareMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed] FirewallRules: [{23EDBC3C-744C-4956-BF7E-EC2F30134581}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.AlienwareMobileConnect_3.3.9810.0_x64__0vhbc3ng4wbp0\app\AlienwareMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed] FirewallRules: [{BFEF05BA-10F8-43A8-B911-604BDD8672CD}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.AlienwareMobileConnect_2.0.7812.0_x64__0vhbc3ng4wbp0\app\AlienwareMobileConnectClient.exe => No File FirewallRules: [{C5D00D6A-FE5C-4217-9B9B-D1D1EB7A8776}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.AlienwareMobileConnect_2.0.7812.0_x64__0vhbc3ng4wbp0\app\AlienwareMobileConnectClient.exe => No File FirewallRules: [{EBFBED37-BE73-4E8A-A291-FDD734C661BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{FAD3A269-26A5-44A8-92B2-36D4347BF9B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6AAA5A22-8A26-424F-81EE-1388021A9CFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{1ABBD52C-4DA5-44A4-96D1-373BA76FA753}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{5D1FA9DD-64B7-43EA-9206-E462D846484E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E6F2951F-B81A-4F09-AB84-903D354AD4B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{48F27ABE-A331-45AE-9CA0-22B8F9A22890}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{6C146CDB-5C2C-4836-AB83-223A5181BB63}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{4B201FD2-01FD-4EB2-99FC-115F791975F2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{64EC1ED3-568B-47D5-BC55-B2BB8435EEA7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{885A3E07-5C7E-4E64-85D6-B2305B9E8216}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{7C737D02-0E5C-431B-AB94-F342E25356F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{BB8E25FC-F695-4B13-8857-8784DF9A3AB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dynomite Deluxe\Dynomite.exe () [File not signed] FirewallRules: [{60AF971B-9AF3-426A-9EF1-0B51CF3DB708}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dynomite Deluxe\Dynomite.exe () [File not signed] FirewallRules: [{4272BF4E-E05A-4271-8E81-624F43290ECA}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{C3E95666-5019-47F0-96F2-D04F8D9C4302}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{40AED067-3B0C-4015-8346-2F28B93B7069}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F77BF560-6625-4C69-9C8D-4A3BAC4D00F4}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.) FirewallRules: [{11F8A55D-7154-4CD2-AB43-7980EA843F9C}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.) FirewallRules: [{E6290DE1-DFEA-4F0C-8734-746551A51ED1}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems) FirewallRules: [{4A57256D-2025-4F42-9BD2-BE0A2E6E8814}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{E88098D1-3B5B-4077-8D9B-C56CB3D0C07C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{76D73C0D-3C1F-4431-AF2A-4FE618415637}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{76A48910-E60B-4E4A-9218-8ACE38CB393D}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{8C73B72E-4EA1-4A45-8EA0-F05E7CDF32E2}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{12053EE6-9483-4627-A70C-500AEE5AB2E7}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{F84F2EB5-6BF6-4F54-A81C-81B437760599}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3716E4B3-FF4F-49BF-93C5-821578254065}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B1B90130-1AAE-438A-B75A-74E4C33CB20F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{75938545-B0AB-465D-84A4-87585C023532}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B44E1197-09DA-4032-AE9D-871E8F9474B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BEYOND Two Souls\BeyondTwoSouls_Steam.exe () [File not signed] FirewallRules: [{035C63A2-F42B-45B9-9B63-FF63DE1FE755}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BEYOND Two Souls\BeyondTwoSouls_Steam.exe () [File not signed] FirewallRules: [{66829146-8A74-4A33-AA77-B326B99C9028}] => (Allow) C:\Program Files (x86)\Overwolf\0.191.0.19\OverwolfBrowser.exe => No File FirewallRules: [{C449E5CE-F74C-47D6-9828-471AD5BC25F2}] => (Allow) C:\Program Files (x86)\Overwolf\0.191.0.19\OverwolfBrowser.exe => No File FirewallRules: [{56474B9F-FB8D-4405-918A-CE7B9580B188}] => (Block) C:\Program Files (x86)\Overwolf\0.191.0.19\OverwolfBrowser.exe => No File FirewallRules: [{A68E48E1-96EA-44D0-B124-F87841E03E46}] => (Block) C:\Program Files (x86)\Overwolf\0.191.0.19\OverwolfBrowser.exe => No File FirewallRules: [{1CE24F3D-65AA-4E63-9253-C9352C3C1879}] => (Allow) C:\Program Files (x86)\Overwolf\0.191.0.20\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{A58E244C-5B0A-4899-8B80-AEF671D31463}] => (Allow) C:\Program Files (x86)\Overwolf\0.191.0.20\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{7760BF03-0912-4D57-882A-8F6338587E9D}] => (Block) C:\Program Files (x86)\Overwolf\0.191.0.20\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{9C9E9524-5FE4-4BCB-90EE-CCAACE8E6220}] => (Block) C:\Program Files (x86)\Overwolf\0.191.0.20\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{3FDF7D45-4685-437B-B145-2D066A9D20F6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{89AF6B23-D862-48F5-989A-E37ADE186640}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4B419511-3F26-48BE-8D06-FF3CB050AFDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{71B68B85-C8CE-4F57-AFD8-BDD5ABFAE06A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{62A51481-EFF8-4218-955F-61802D1E2ED3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{233AD9A7-0C0A-43BD-9D30-248DE0E77CE2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{24264534-9CE8-478D-A02C-5CB2FB6B77B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5810D0A5-31C9-465D-A6CC-29AB253DC9A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{024F56ED-0331-49A4-BD16-DBE937111584}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.180.699.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{FCE238AD-B079-4ED6-AED9-7771A34841A5}C:\program files\windowsapps\facebook.317180b0bb486_1420.6.106.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_1420.6.106.0_x64__8xx8rvfyw5nnt\app\messenger.exe (Facebook, Inc. -> Facebook Inc.) FirewallRules: [UDP Query User{B66B37CF-7938-43C3-80F1-482BFD0876AE}C:\program files\windowsapps\facebook.317180b0bb486_1420.6.106.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_1420.6.106.0_x64__8xx8rvfyw5nnt\app\messenger.exe (Facebook, Inc. -> Facebook Inc.) FirewallRules: [{8CD655DA-8172-4E93-B4D1-CBC2D1689371}] => (Allow) C:\Users\user\AppData\Local\Arua\Launcher.exe (Arua) [File not signed] FirewallRules: [{36B0281C-FAD3-4F9E-AB20-080FBE0C4C8A}] => (Allow) C:\Users\user\AppData\Local\Arua\Update.exe (Arua) [File not signed] FirewallRules: [{9D17519D-818C-4735-88C7-E406ED2B9D3B}] => (Allow) C:\Users\user\AppData\Local\Arua\TRose.exe (Arua) [File not signed] FirewallRules: [{0C5E1B6B-E9A5-4886-990F-85ED8F19602D}] => (Allow) C:\Users\user\AppData\Local\Arua\TRose.exe (Arua) [File not signed] FirewallRules: [{C4CEBF2B-948F-45F2-8313-BF74B7C4532A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service ==================== Restore Points ========================= 09-03-2022 03:47:05 Scheduled Checkpoint 09-03-2022 04:59:34 Windows Modules Installer 09-03-2022 22:19:18 Removed OpenOffice 4.1.11 09-03-2022 22:22:14 Removed OpenOffice 4.1.11 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/11/2022 05:40:19 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Spybot - Search and Destroy status to SECURITY_PRODUCT_STATE_ON. Error: (03/11/2022 05:31:00 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Spybot - Search and Destroy status to SECURITY_PRODUCT_STATE_ON. Error: (03/11/2022 05:25:52 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Spybot - Search and Destroy status to SECURITY_PRODUCT_STATE_ON. Error: (03/11/2022 05:20:42 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Spybot - Search and Destroy status to SECURITY_PRODUCT_STATE_ON. Error: (03/11/2022 05:15:34 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Spybot - Search and Destroy status to SECURITY_PRODUCT_STATE_ON. Error: (03/11/2022 05:10:25 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Spybot - Search and Destroy status to SECURITY_PRODUCT_STATE_ON. Error: (03/11/2022 05:05:16 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Spybot - Search and Destroy status to SECURITY_PRODUCT_STATE_ON. Error: (03/11/2022 05:00:07 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Spybot - Search and Destroy status to SECURITY_PRODUCT_STATE_ON. System errors: ============= Error: (03/10/2022 09:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/10/2022 09:33:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (60000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (03/09/2022 10:57:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/09/2022 10:57:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (60000 milliseconds) while waiting for the Microsoft Account Sign-in Assistant service to connect. Error: (03/07/2022 06:54:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (03/07/2022 10:29:21 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9SBNT25) Description: The server {94269C4E-071A-4116-90E6-52E557067E4E} did not register with DCOM within the required timeout. Error: (03/07/2022 10:19:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9SBNT25) Description: The server {94269C4E-071A-4116-90E6-52E557067E4E} did not register with DCOM within the required timeout. Error: (03/07/2022 10:17:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Windows Defender: ================ Date: 2022-02-02 02:17:23 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-02-02 02:12:50 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-02-01 03:38:24 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-01-31 03:06:27 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0 Name: Misleading:Win32/Lodi Severity: Low Category: Potentially Unwanted Software Path: file:_C:\Users\user\Desktop\uTorrent.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.355.2778.0, AS: 1.355.2778.0, NIS: 1.355.2778.0 Engine Version: AM: 1.1.18800.4, NIS: 1.1.18800.4 Date: 2022-01-31 02:57:52 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2022-02-02 20:44:25 Description: Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version. Security intelligence Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Security intelligence version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 CodeIntegrity: =============== Date: 2022-03-10 21:48:15 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Alienware 1.0.17 09/06/2021 Motherboard: Alienware 02XRCM Processor: Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz Percentage of memory in use: 44% Total physical RAM: 32586.93 MB Available physical RAM: 18159.43 MB Total Virtual: 37450.93 MB Available Virtual: 18362.98 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:793.23 GB) (Free:488.36 GB) NTFS Drive d: (New Volume) (Fixed) (Total:894.25 GB) (Free:894.05 GB) NTFS \\?\Volume{8c0a728c-92b5-4aa5-a557-646a0c4ec0c9}\ (WINRETOOLS) (Fixed) (Total:7.4 GB) (Free:6.92 GB) NTFS \\?\Volume{8b0b7248-c297-4b59-9e92-5995867a86ce}\ (Image) (Fixed) (Total:118.37 GB) (Free:102.7 GB) NTFS \\?\Volume{33d7f8c9-f7e1-4312-bad6-d43fdc393933}\ (DELLSUPPORT) (Fixed) (Total:11.24 GB) (Free:10.38 GB) NTFS \\?\Volume{322d3815-67c9-c392-dea1-61e7c430f987}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS \\?\Volume{4fe9bb52-615d-4fef-b7cc-1b226cd06616}\ (ESP) (Fixed) (Total:1.14 GB) (Free:1.04 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 75587E6B) Partition: GPT. ========================================================== Disk: 1 (Size: 894.3 GB) (Disk ID: B9A58AEF) Partition 1: (Not Active) - (Size=894.3 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. ==================== End of Addition.txt =======================