Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2020 Ran by zabol (administrator) on ZABOL-VAIO (Sony Corporation VPCEJ2B1E) (27-04-2020 18:11:34) Running from C:\Users\zabol\Downloads Loaded Profiles: zabol (Available Profiles: zabol & DefaultAppPool) Platform: Windows 10 Home Version 1803 17134.1130 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., LTD. -> ALPS) C:\Program Files\Apoint\Apvfb.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Communications Inc. -> Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Ellora Assets Corp.) [File not signed] C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\zabol\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <3> (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Sony Corporation -> Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation -> Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01CAF3D4-8E43-4958-A768-E9FF0CF046EF} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe Task: {0200703F-7396-4242-86E4-58091A0392EE} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start] Task: {0C9A0B32-1DCA-4EDA-95D4-DD083424BA9F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {17065E3C-06AC-4751-B272-4B3019DB890E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [1449472 2018-09-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {19EECBB3-A85A-4A7B-B976-52B302333E5F} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe Task: {3EACF46F-CC6B-4D60-8AA0-8A32D5326A51} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {476EFF4C-5924-4961-A231-B04E0EF7AF9D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4D387907-789D-40A1-8843-A2E1D72EA37B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {5845B7D6-2F83-4D17-BD1F-577A43A2F626} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {66BF628C-693A-47F3-924C-89D76AC0073D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) Task: {8D5112D6-4C1C-4E51-A724-1BC87D0C7694} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe Task: {983E9318-AF05-451C-9A77-79D4D173EEAF} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {9CEFDE0B-B339-4DC1-B65D-CACA7E9309B4} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [208224 2011-01-20] (Sony Corporation -> Sony Corporation) Task: {A088520B-9B8F-48E8-AE86-47C3D4E809D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-27] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A1F74446-09AE-481F-9864-111BEC127F03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B6180FCB-9D42-4C94-9736-3101BACF1AE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-27] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C31999AF-9F75-45BA-820D-4ADA3918AA32} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {CA3CA04B-9C5A-4BE1-88F5-91351E8E6314} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {CD83250B-7F86-4DF6-B4C6-4709B4B5AF22} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {CE6B8B9D-DCD1-469D-A539-256F142D67FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {D978EF7A-7A03-4D53-A851-A731FDF11E26} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {E15179DC-C09D-4444-95D4-04D0389D08FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-27] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F22452D8-8424-4F7C-AD11-D5F6D193717D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-27] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{72c231dd-7624-4efc-ab06-689daaa0c895}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2016-03-21] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-03-21] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: s3btr4yb.default-1587910666053 FF ProfilePath: C:\Users\zabol\AppData\Roaming\Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053 [2020-04-27] FF Notifications: Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053 -> hxxps://forum.dobreprogramy.pl FF Extension: (Polski Language Pack) - C:\Users\zabol\AppData\Roaming\Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053\Extensions\langpack-pl@firefox.mozilla.org.xpi [2020-04-26] FF Extension: (Polish Spellchecker Dictionary) - C:\Users\zabol\AppData\Roaming\Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053\Extensions\pl@dictionaries.addons.mozilla.org.xpi [2020-04-26] FF Extension: (uBlock Origin) - C:\Users\zabol\AppData\Roaming\Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053\Extensions\uBlock0@raymondhill.net.xpi [2020-04-26] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-09-08] (Adobe Systems Incorporated -> ) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2016-03-21] (Sun Microsystems, Inc.) [File not signed] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-09-08] (Adobe Systems Incorporated -> ) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-03-21] (Sun Microsystems, Inc.) [File not signed] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default [2020-04-27] CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Extension: (Slides) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-26] CHR Extension: (Docs) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-26] CHR Extension: (Google Drive) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-26] CHR Extension: (YouTube) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-26] CHR Extension: (Sheets) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-26] CHR Extension: (McAfee® WebAdvisor) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-26] CHR Extension: (Google Docs Offline) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-26] CHR Extension: (Gmail) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-26] CHR Extension: (Chrome Media Router) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-26] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros Communications Inc. -> Atheros) [File not signed] S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-04-28] (Ellora Assets Corp.) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation -> Sony Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-04-27] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-04-27] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2020-04-27] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2020-04-27] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-04-27] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2020-04-27] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2020-04-27] (Malwarebytes Corporation -> Malwarebytes) R3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvszqwu.inf_amd64_a144391d0dbf02c6\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek ) R3 SFEP; C:\WINDOWS\System32\drivers\SFEP.sys [12032 2010-04-26] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-04-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-04-27] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-04-27] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-27 18:10 - 2020-04-27 18:10 - 000047019 _____ C:\Users\zabol\Downloads\malware.txt 2020-04-27 17:47 - 2020-04-27 17:47 - 000000000 ____D C:\Users\zabol\AppData\Local\mbam 2020-04-27 17:42 - 2020-04-27 17:42 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-04-27 17:42 - 2020-04-27 17:42 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2020-04-27 17:42 - 2020-04-27 17:42 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2020-04-27 17:42 - 2020-04-27 17:42 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2020-04-27 17:39 - 2020-04-27 17:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-04-27 17:39 - 2020-04-27 17:39 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-04-27 17:39 - 2020-04-27 17:39 - 000001912 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-04-27 17:39 - 2020-04-27 17:39 - 000000000 ____D C:\Users\zabol\AppData\Local\mbamtray 2020-04-27 17:39 - 2020-04-27 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2020-04-27 17:39 - 2020-04-27 17:39 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-04-27 17:39 - 2020-04-27 17:39 - 000000000 ____D C:\Program Files\Malwarebytes 2020-04-27 17:39 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-04-27 17:39 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-04-27 17:36 - 2020-04-27 17:37 - 064333800 _____ (Malwarebytes ) C:\Users\zabol\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe 2020-04-27 12:35 - 2020-04-27 12:35 - 000054647 _____ C:\Users\zabol\Downloads\Shortcut.txt 2020-04-27 12:32 - 2020-04-27 12:35 - 000040390 _____ C:\Users\zabol\Downloads\Addition.txt 2020-04-27 12:24 - 2020-04-27 12:17 - 000001739 _____ C:\Users\zabol\Downloads\AdwCleaner[C01].txt 2020-04-27 12:24 - 2020-04-27 12:16 - 000001646 _____ C:\Users\zabol\Downloads\AdwCleaner[S01].txt 2020-04-27 12:17 - 2020-04-27 12:17 - 000000000 ___HD C:\$GetCurrent 2020-04-27 12:11 - 2020-04-27 12:11 - 008196784 _____ (Malwarebytes) C:\Users\zabol\Downloads\AdwCleaner(1).exe 2020-04-27 12:02 - 2020-04-27 17:21 - 000009159 _____ C:\Users\zabol\Downloads\Fixlog.txt 2020-04-27 12:02 - 2020-04-27 17:20 - 000000000 ____D C:\Users\zabol\Downloads\FRST-OlderVersion 2020-04-27 11:36 - 2020-04-27 11:36 - 010651216 _____ (McAfee, LLC.) C:\Users\zabol\Downloads\MCPR.exe 2020-04-26 18:33 - 2020-04-26 18:39 - 000534612 _____ C:\WINDOWS\Minidump\042620-38140-01.dmp 2020-04-26 18:33 - 2020-04-26 18:33 - 266621722 _____ C:\WINDOWS\MEMORY.DMP 2020-04-26 17:34 - 2020-04-26 17:34 - 000055240 _____ C:\Users\zabol\Downloads\Shortcut1.txt 2020-04-26 17:29 - 2020-04-26 17:34 - 000043002 _____ C:\Users\zabol\Downloads\Addition1.txt 2020-04-26 17:25 - 2020-04-27 18:14 - 000022423 _____ C:\Users\zabol\Downloads\FRST.txt 2020-04-26 17:25 - 2020-04-26 17:34 - 000044482 _____ C:\Users\zabol\Downloads\FRST1.txt 2020-04-26 17:24 - 2020-04-27 18:12 - 000000000 ____D C:\FRST 2020-04-26 17:21 - 2020-04-27 12:02 - 002283008 _____ (Farbar) C:\Users\zabol\Downloads\FRST64.exe 2020-04-26 16:59 - 2020-04-26 17:05 - 000000000 ____D C:\AdwCleaner 2020-04-26 16:58 - 2020-04-26 16:58 - 008196784 _____ (Malwarebytes) C:\Users\zabol\Downloads\AdwCleaner.exe 2020-04-26 15:40 - 2020-04-26 15:40 - 000000000 ___HD C:\$WINDOWS.~BT 2020-04-26 15:17 - 2020-04-27 12:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2020-04-26 15:17 - 2020-04-26 15:17 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-04-26 15:17 - 2020-04-26 15:17 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk 2020-04-26 15:17 - 2020-04-26 15:17 - 000000993 _____ C:\ProgramData\Desktop\Firefox.lnk 2020-04-26 15:17 - 2020-04-26 15:17 - 000000000 ____D C:\Users\zabol\Desktop\Old Firefox Data 2020-04-26 15:17 - 2020-04-26 15:17 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-04-26 14:44 - 2020-04-26 14:44 - 000046807 _____ C:\Users\zabol\Desktop\bookmarks-2020-04-26.json 2020-04-26 14:37 - 2020-04-26 14:37 - 000132836 _____ C:\Users\zabol\Documents\cc_20200426_143719.reg 2020-04-26 12:51 - 2020-04-26 12:51 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2020-04-26 12:51 - 2020-04-26 12:51 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2020-04-26 12:51 - 2020-04-26 12:51 - 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk 2020-04-26 12:51 - 2020-04-26 12:51 - 000000000 ____D C:\Users\zabol\AppData\Local\Google 2020-04-26 12:50 - 2020-04-26 14:36 - 000000000 ____D C:\Program Files (x86)\Google 2020-04-26 12:49 - 2020-04-26 12:49 - 022267336 _____ (Piriform Software Ltd) C:\Users\zabol\Downloads\ccsetup565.exe 2020-04-20 22:31 - 2019-03-28 07:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll 2020-04-20 22:30 - 2019-03-28 10:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2020-04-20 22:30 - 2019-03-28 10:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll 2020-04-20 22:30 - 2019-03-28 10:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2020-04-20 22:30 - 2019-03-28 10:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-27 17:53 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-04-27 17:47 - 2016-11-27 10:05 - 000000000 ____D C:\Users\zabol\AppData\LocalLow\Mozilla 2020-04-27 17:41 - 2018-12-25 21:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-04-27 17:41 - 2017-08-22 15:23 - 000000000 ____D C:\ProgramData\NVIDIA 2020-04-27 17:40 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-04-27 17:39 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-04-27 17:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2020-04-27 17:21 - 2016-03-21 21:41 - 000000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care 2020-04-27 17:07 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-04-27 17:01 - 2018-12-25 21:08 - 000004158 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{75B4F929-F045-4013-B837-01B360456D94} 2020-04-27 16:57 - 2018-12-25 20:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-04-27 14:37 - 2018-10-12 22:01 - 000000000 ____D C:\Users\zabol\AppData\Roaming\vlc 2020-04-27 13:52 - 2016-03-22 21:19 - 000000000 ____D C:\zabol 2020-04-27 12:33 - 2018-10-12 19:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-04-27 12:17 - 2020-02-03 20:18 - 000000000 ____D C:\Windows10Upgrade 2020-04-27 12:12 - 2010-11-21 04:27 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2020-04-27 12:11 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2020-04-27 12:06 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2020-04-27 12:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2020-04-27 12:04 - 2009-07-14 04:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2020-04-26 18:33 - 2019-05-23 20:38 - 000000000 ____D C:\WINDOWS\Minidump 2020-04-26 17:49 - 2019-05-25 15:06 - 000000000 ____D C:\WINDOWS\Panther 2020-04-26 17:05 - 2018-12-25 21:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\SONY 2020-04-26 17:05 - 2016-09-28 17:56 - 000000000 ____D C:\ProgramData\BSD 2020-04-26 17:05 - 2016-03-21 21:11 - 000000000 ____D C:\Program Files\Common Files\Sony Shared 2020-04-26 17:05 - 2016-03-21 21:11 - 000000000 ____D C:\Program Files (x86)\Sony 2020-04-26 17:05 - 2016-03-21 20:51 - 000000000 ____D C:\Program Files\Sony 2020-04-26 16:46 - 2017-05-13 10:01 - 000000000 ____D C:\Users\zabol\Desktop\pulpit 2020-04-26 16:02 - 2019-01-12 23:28 - 000000000 ____D C:\Users\zabol\new torrent 2020-04-26 15:17 - 2016-03-22 20:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-04-26 14:30 - 2018-10-12 19:07 - 000000151 _____ C:\Users\zabol\AppData\Roaming\WB.CFG 2020-04-26 12:59 - 2016-03-23 13:19 - 000000000 ____D C:\Users\zabol\AppData\Roaming\uTorrent 2020-04-26 12:51 - 2016-10-28 10:04 - 000000000 ____D C:\Program Files\CCleaner 2020-04-26 12:35 - 2018-12-25 20:54 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-04-26 12:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-04-26 12:02 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2020-04-20 22:24 - 2016-03-24 01:32 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-04-20 22:18 - 2016-03-24 01:32 - 121542864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-04-20 22:16 - 2019-11-22 14:30 - 000002407 _____ C:\Users\zabol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-04-20 22:16 - 2018-12-25 21:08 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4079176776-4138653130-3161291867-1000 2020-04-20 22:16 - 2016-03-22 18:17 - 000000000 ___RD C:\Users\zabol\OneDrive 2020-04-20 20:25 - 2018-12-25 20:39 - 000000000 ____D C:\Users\zabol 2020-04-20 20:21 - 2015-10-30 07:28 - 000000000 ____D C:\Users\Default.migrated 2020-04-01 15:25 - 2019-12-10 14:55 - 000000000 ____D C:\Program Files\CUAssistant ==================== Files in the root of some directories ======== 2016-05-13 00:40 - 2016-05-13 00:40 - 006748160 _____ () C:\Program Files (x86)\GUT5E3E.tmp 2018-10-12 19:07 - 2020-04-26 14:30 - 000000151 _____ () C:\Users\zabol\AppData\Roaming\WB.CFG ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================