CloseProcesses: CreateRestorePoint: EmptyTemp: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> GroupPolicy: Restriction ? <==== ATTENTION Task: {0219AC5C-B0ED-45FB-AF46-8850F781015B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {02F49418-B3A9-452A-BCBE-1AA7EB12FCE5} - \SONY\VAIO Gate\VAIO Gate -> No File <==== ATTENTION Task: {05DB183F-C721-4B6F-8F0C-87659E5C70D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {0B71105C-3270-4CBF-845C-88E4A355D89B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {0CB8FE39-535B-45AF-8B85-17FD4A7B7D91} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1E645D37-77CB-4557-9418-F9EA27251D99} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1F434C6C-9E5E-4C0B-8A71-D40255EA97FD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {2FAB8529-D615-443C-B84B-A1E93AC3BDE0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [126152 2020-04-03] (Mozilla Corporation -> Mozilla Foundation) Task: {31F56731-5718-41BA-82DB-27756712BC73} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3939808 2020-02-17] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION Task: {377745E9-F39A-4FFB-BD21-8D3A8EFC1A3D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3FC7F099-D23D-4084-BB49-0D3008E3B872} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4899A258-1C7F-45E9-B36E-4489E0B476FC} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {4A49469C-C781-4449-8F22-C80220DDE295} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4B266040-855A-4AF4-BC15-5CC8063AFC64} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {577ED758-0608-451A-9BCE-13F72D17EEAF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {5B2FFA78-692B-45C9-B04D-5C4ABEFE0F43} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {606DE82D-710B-4BC2-A9A9-0A11C9E81AAE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {75357ED9-28F8-4B17-B026-DDC9985D375E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {769788B7-BB7A-4D30-8AC3-7B246ADC2607} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {85509B6D-B93A-4B5A-9818-4417DD34CEE1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8759E6A5-A1AE-4C1B-8760-FD332C3A75FC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {8A5EF49E-B35C-4217-BBDE-465D8C3E1D8D} - System32\Tasks\Yahoo! Powered norel => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{2BB5EED6-A1F7-6410-2731-FA52BD73719C}\tofo.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b32424235454544362d413146372d363431302d323733312d4641353242443733373139437d5c66696c656661" "433a5c50726f6772616d446174615c7b32424235454544362d413146372d363431302d3237 (the data entry has 80 more characters). <==== ATTENTION Task: {9081B71D-FFEA-4FFF-A02F-71C6442ED2FF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {95C346C1-5879-4AE1-971A-42B814935049} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A15965F1-3D73-4527-AEDD-C9A07E5556BE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {A42671E7-69C2-4F73-B967-2245424E4483} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {A4B23938-4004-4694-89F7-E61243BB65DB} - \SONY\VAIO Gate\StartExecuteProxy -> No File <==== ATTENTION Task: {B50B7033-7B29-4D05-A575-5E8119742796} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {BB26D8E7-F4CA-4DD3-B841-D57F54CD391F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {C38B21A7-9410-42C9-BB35-84E86CAAAB3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {CC710CBA-DBAE-4476-BC02-0F4B91C479DB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {CE119A72-BF94-4E49-83FC-92F583E0E4E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {D1EFF40B-842A-41C0-9890-40157AD72B4E} - System32\Tasks\{C2BE6EEA-2151-49FA-B991-9DF0B78927B9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\zabol\AppData\Local\{42F774AB-665F-1813-0BC7-3DFB2FAFC163}\uninst.exe -c -P=/Uninstall /s /noun /DelSelfDir Task: {D321CDCE-7C9F-40BD-B9CF-C68F0BA0D380} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DBFF1597-4C7D-4E9D-ADAF-AF19CBCD52B3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E773AC1F-515F-4EA2-B982-A7C6C2AEBD96} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {E9BBD3E0-6993-41F2-ABDE-87A628D8DF1E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F4B84655-0ECE-46B3-9277-7D8DF47016CF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: C:\WINDOWS\Tasks\Yahoo! Powered norel.job => Wscript.exe C:\ProgramData\{2BB5EED6-A1F7-6410-2731-FA52BD73719C}\tofo.txt <==== ATTENTION Tcpip\..\Interfaces\{72c231dd-7624-4efc-ab06-689daaa0c895}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7c4b93f2-72eb-4fe0-830e-a9a788862a0c}: [DhcpNameServer] 192.168.0.1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/ HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.co.uk/ URLSearchHook: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> {9E2D726D-83A3-4DA3-84F9-2189EDE14402} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> {A642BFE8-A124-45B7-9619-05FE0DB1C4A7} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=hxxp://shop.ebay.co.uk/?oemInLn=ieSrch-Q311&_nkw={searchTerms} Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx S3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe" [X] S3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [X] S3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [X] S3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [X] S2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [X] U3 idsvc; no ImagePath 2020-04-26 14:36 - 2020-04-26 14:36 - 000000000 ____D C:\Users\zabol\AppData\Local\luminati Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основи Windows Live (HKLM-x32\...\{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотоколекція Windows Live (HKLM-x32\...\{C115A674-A398-49E5-9C6E-C0A541D3EA10}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers2: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => -> No File ContextMenuHandlers3: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers6: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => -> No File 2020-02-17 08:45 - 2020-02-17 08:45 - 000412160 _____ ( (Byte Technologies LLC) [File not signed]) [File is in use ] C:\Program Files\ByteFence\ByteFenceGUI.dll 2017-11-16 14:11 - 2017-11-16 14:11 - 000310784 _____ ( (GitHub Community) [File not signed]) [File is in use ] C:\Program Files\ByteFence\Microsoft.Win32.TaskScheduler.dll FirewallRules: [{D5B966A5-13C8-4FAD-9480-4F3FF099925B}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe No File FirewallRules: [{546ACE4F-AC1F-4F67-897A-9391249DA7B1}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe No File FirewallRules: [{21AB573F-2A97-4BA9-8346-3D913C5A53EC}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe No File FirewallRules: [{E9DC1E25-E1AF-4FE8-90EE-042E83AD7FE4}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe No File FirewallRules: [{64C14859-6FC7-4F25-B2F5-59862F9FCD3B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe No File FirewallRules: [{4826683F-725D-483F-AD1D-84CDC4CAE791}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe No File RemoveProxy: Hosts: