Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2020 Ran by zabol (26-04-2020 17:29:33) Running from C:\Users\zabol\Downloads Windows 10 Home Version 1803 17134.1130 (X64) (2018-12-25 20:09:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4079176776-4138653130-3161291867-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4079176776-4138653130-3161291867-503 - Limited - Disabled) Guest (S-1-5-21-4079176776-4138653130-3161291867-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4079176776-4138653130-3161291867-1002 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-4079176776-4138653130-3161291867-504 - Limited - Disabled) zabol (S-1-5-21-4079176776-4138653130-3161291867-1000 - Administrator - Enabled) => C:\Users\zabol ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09} AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\...\uTorrent) (Version: 3.5.5.45395 - BitTorrent Inc.) ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 6.1.0 - Atomi Systems, Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}) (Version: 10.2.152.26 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.100 - Atheros Communications) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 5.5.0.6 - Byte Technologies LLC) <==== ATTENTION CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6139 - CDBurnerXP) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation) Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (HKLM-x32\...\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (HKLM-x32\...\{CB66242D-12B1-4494-82D2-6F53A7E024A3}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.) Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R24 - McAfee, LLC.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.92 - McAfee, LLC.) Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 75.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 75.0 (x64 en-GB)) (Version: 75.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation) Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden PMB VAIO Edition Guide (HKLM-x32\...\{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation) Hidden PMB VAIO Edition Plug-in (HKLM-x32\...\{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.00.06140 - Sony Corporation) Hidden PMB VAIO Edition Plug-in (HKLM-x32\...\{8356CB97-A48F-44CB-837A-A12838DC4669}) (Version: 1.6.00.06010 - Sony Corporation) Hidden Poczta usługi Windows Live (HKLM-x32\...\{64376910-1860-4CEF-8B34-AA5D205FC5F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\{7A9D47BA-6D50-4087-866F-0800D8B89383}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Rejestrator Ekranu Apowersoft V2.2.2 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.2.2 - APOWERSOFT LIMITED) Remote Keyboard (HKLM-x32\...\{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}) (Version: 1.1.1.03020 - Sony Corporation) Hidden Remote Play with PlayStation 3 (HKLM-x32\...\{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}) (Version: 1.1.0.15070 - Sony Corporation) Hidden Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.) Sony Corporation (HKLM\...\{4F31AC31-0A28-4F5A-8416-513972DA1F79}) (Version: 1.0.0 - Default Company Name) Hidden SSLx64 (HKLM\...\{312395BC-7CC2-434C-A660-30250276A926}) (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (HKLM-x32\...\{63C43435-F428-42BA-8E7B-5848749D9262}) (Version: 1.0.0 - Sony Corporation ) Hidden Update for Skype for Business 2016 (KB4484245) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{69A69F88-A5E4-4019-A9A5-28A23D3CDC2A}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4484245) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{69A69F88-A5E4-4019-A9A5-28A23D3CDC2A}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4484245) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{69A69F88-A5E4-4019-A9A5-28A23D3CDC2A}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation) VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.00.06140 - Sony Corporation) VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.0.1.03020 - Sony Corporation) VAIO - Remote Play with PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15070 - Sony Corporation) VAIO Care (HKLM-x32\...\{91989CE7-EE83-4A53-8E06-D97887928119}) (Version: 6.4.0.15030 - Sony Corporation) Hidden VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.6.0.13140 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{70EED410-697B-4193-A2CB-2F790F82B420}) (Version: 1.6.0.13140 - Sony Corporation) Hidden VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.0.0.03050 - Sony Corporation) VAIO Hardware Diagnostics (HKLM-x32\...\{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}) (Version: 4.2.0.14280 - Sony Corporation) Hidden VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation) VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation) VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation) VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation) VCCx86 (HKLM-x32\...\{9B088046-8A01-4355-99DD-8530C022F682}) (Version: 1.0.0 - Sony Corporation) Hidden VESx64 (HKLM\...\{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}) (Version: 1.0.0 - Sony Corporation) Hidden VESx86 (HKLM-x32\...\{3A94F54D-A8A4-4B82-B346-92B4D56A2708}) (Version: 1.0.0 - Sony Corporation) Hidden VIx64 (HKLM\...\{D55EAC07-7207-44BD-B524-0F063F327743}) (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (HKLM-x32\...\{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}) (Version: 1.0.0 - Sony Corporation) Hidden VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN) VSNx64 (HKLM\...\{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}) (Version: 1.0.0 - Sony Corporation) Hidden VWSTx86 (HKLM-x32\...\{B8991D99-88FD-41F2-8C32-DB70278D5C30}) (Version: 1.0.0 - Sony Corporation) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Movie Maker 2017 (HKLM-x32\...\{3CC29C1A-B5FE-123B-4321-32A2557A92C7}}_is1) (Version: - WindowsMovieMaker) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основи Windows Live (HKLM-x32\...\{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (HKLM-x32\...\{E83DC314-C926-4214-AD58-147691D6FE9F}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (HKLM-x32\...\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}) (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (HKLM-x32\...\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (HKLM-x32\...\{4444F27C-B1A8-464E-9486-4C37BAB39A09}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотоколекція Windows Live (HKLM-x32\...\{C115A674-A398-49E5-9C6E-C0A541D3EA10}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Packages: ========= HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-26] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-26] (Microsoft Corporation) [MS Ad] Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation) Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-16] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-20] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-26] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-26] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-20] (Microsoft Corporation) [MS Ad] WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-03-24] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => -> No File ContextMenuHandlers3: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AddtoVAIOGate] -> {6988D6F2-F24F-4732-8855-A39DB1AA1346} => -> No File ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============= 2020-02-17 08:45 - 2020-02-17 08:45 - 000412160 _____ ( (Byte Technologies LLC) [File not signed]) [File is in use ] C:\Program Files\ByteFence\ByteFenceGUI.dll 2017-11-16 14:11 - 2017-11-16 14:11 - 000310784 _____ ( (GitHub Community) [File not signed]) [File is in use ] C:\Program Files\ByteFence\Microsoft.Win32.TaskScheduler.dll 2020-04-26 15:17 - 2020-04-03 21:14 - 104710344 _____ ( (Mozilla Corporation -> Mozilla Foundation) [File not signed]) [File is in use ] C:\Program Files\Mozilla Firefox\xul.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000013824 _____ () [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll 2016-03-21 21:08 - 2011-02-01 13:57 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll 2011-04-29 18:19 - 2011-04-29 18:19 - 000061088 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll 2011-04-29 18:19 - 2011-04-29 18:19 - 000019104 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\athr_debug.dll 2011-04-29 18:19 - 2011-04-29 18:19 - 000109728 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\GOEP.DLL 2011-04-29 18:19 - 2011-04-29 18:19 - 000122528 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\L2capLib.dll 2011-04-29 18:20 - 2011-04-29 18:20 - 002235040 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\OutLookLib.dll 2011-04-29 18:20 - 2011-04-29 18:20 - 000076448 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\PhoneBook.DLL 2011-04-29 18:20 - 2011-04-29 18:20 - 000080544 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\RfcommLib.dll 2011-04-29 18:20 - 2011-04-29 18:20 - 000130720 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\sesmgr.dll 2011-04-29 18:20 - 2011-04-29 18:20 - 000029856 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\utils.DLL 2016-03-21 21:08 - 2011-02-01 13:53 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll 2018-12-25 20:44 - 2018-12-25 20:44 - 001655296 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL 2018-12-25 20:44 - 2018-12-25 20:44 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_bc1d1e5b0be08790\MFC80ENU.DLL 2016-03-21 21:09 - 2011-03-29 07:13 - 000160256 _____ (Realsil Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll 2016-03-21 21:11 - 2011-01-22 16:15 - 000096768 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll 2016-03-21 21:11 - 2011-01-22 16:15 - 000018432 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SonyInfo.dll 2016-03-21 21:11 - 2011-01-22 16:15 - 000109568 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Common Files\Sony Shared\Sony Utilities\SSLProxyCOM.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000089600 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESAppMon.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000301568 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESCommonUI.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000225280 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESPerform.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000084992 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESRemoteKey.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000079360 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESStorageProtect.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000062464 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESSuEvent.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000108032 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESTransform.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000056832 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESUSBKeyboard.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000071168 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESWndMsg.dll 2016-03-21 21:14 - 2011-03-05 17:42 - 000035840 _____ (Sony Corporation) [File not signed] C:\Program Files (x86)\Sony\VAIO Event Service\VESWndMsgHook.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2020-04-26 17:09 - 000003305 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Sony\VAIO Startup Setting Tool;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM\...\StartupApproved\Run: => "cAudioFilterAgent" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "mcui_exe" HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\...\StartupApproved\Run: => "SMSetup" HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\...\StartupApproved\Run: => "ALLUpdate" HKU\S-1-5-21-4079176776-4138653130-3161291867-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{411E564E-548A-47C9-9E59-8749288F85CE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{29633AE0-9949-4777-8842-A60E80992A1C}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{CEB1CC38-1772-4FE7-AA72-619366DBDA21}] => (Allow) C:\Users\zabol\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{DD01DB6C-48A6-4678-8416-EE7E6DF21661}] => (Allow) C:\Users\zabol\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{6A627BC0-047D-4A5E-98F1-93BC49A5812D}] => (Allow) C:\Users\zabol\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{DD959C1F-9F9A-4FCF-BE8B-5C97C472B36F}] => (Allow) C:\Users\zabol\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C85981FF-B687-4395-B632-5F3CCA180FF7}] => (Allow) C:\Users\zabol\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{513F3B9D-9A16-46DF-81A7-EBD3D90E84F3}] => (Allow) C:\Users\zabol\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{79CD31DE-B808-46A0-AA3C-A03484010D04}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.) FirewallRules: [{8AB9DA62-3A9D-4526-B2D3-2D63E0CD9BFB}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.) FirewallRules: [{BFFF1F6B-0678-4359-96F6-6F00EEE9264C}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.) FirewallRules: [{0D47AA1D-DC0E-4458-84BB-D420CC5D496E}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.) FirewallRules: [{B0F74BD7-5727-4B0C-AD10-52390C73832A}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.) FirewallRules: [{77F033CE-DB44-4678-B697-9ED61292A67F}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.) FirewallRules: [{EFCE8934-61E5-44CB-B015-B7FE12D177D9}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{C3341120-EA20-43FF-A559-7DA981784F72}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{D6FB08CD-D827-4EEB-8989-5935697E46B6}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{37F3FE5F-B6A1-4902-9372-57D8414BAF24}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{38B6B5DD-637B-4473-96BE-22E59D70C7B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B1212BA9-E376-4A96-995D-1185BB0F18B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{79F897A2-B5CA-44EB-ADFC-9C049E65AF87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D5B966A5-13C8-4FAD-9480-4F3FF099925B}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe No File FirewallRules: [{546ACE4F-AC1F-4F67-897A-9391249DA7B1}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOCareMain.exe No File FirewallRules: [{21AB573F-2A97-4BA9-8346-3D913C5A53EC}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe No File FirewallRules: [{E9DC1E25-E1AF-4FE8-90EE-042E83AD7FE4}] => (Allow) C:\Program Files\Sony\VAIO Care\SelfHealUpdate.exe No File FirewallRules: [{64C14859-6FC7-4F25-B2F5-59862F9FCD3B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe No File FirewallRules: [{4826683F-725D-483F-AD1D-84CDC4CAE791}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe No File FirewallRules: [{CCEDA122-1302-4BDE-9A7B-F542C7E905DB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{667663F7-774A-4431-9B13-DAEDD4FFF986}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{23EDC281-8912-43E3-B66C-4D3E88937CF9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{B3070EC1-F08E-44D5-BF69-2E10AE040FCB}C:\users\zabol\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\zabol\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{EFD7181A-0B28-4D7A-B5CB-99E17754434E}C:\users\zabol\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\zabol\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C87C2D8F-82B9-48D1-A11F-B7BB77DD9E7B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.) FirewallRules: [{26B4D6AC-B8BB-4C09-92A1-1BF1C5962EF4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.) FirewallRules: [{D6F96F03-B7D8-4D77-8202-F9712E751859}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F9F108EB-1EFA-4C49-8E80-B877EB99298E}] => (Allow) LPort=2869 FirewallRules: [{38ED357F-33C0-4B78-A300-6A56F7C2C55F}] => (Allow) LPort=1900 FirewallRules: [{756EC370-B0A6-406F-AB05-E54C5B9BD3B5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.) FirewallRules: [{353637FE-6ED6-491B-B95E-2CBF58A7385A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1D1D71B5-8E1D-4756-8228-D82E1EF0EE7E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) ==================== Restore Points ========================= 20-04-2020 22:01:46 Windows Update 26-04-2020 12:36:08 Windows Update 26-04-2020 17:03:18 AdwCleaner_BeforeCleaning_26/04/2020_17:03:15 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/26/2020 04:38:20 PM) (Source: ESENT) (EventID: 489) (User: ) Description: CCleaner64 (6128,G,0) An attempt to open the file "C:\Users\zabol\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (04/26/2020 02:45:13 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: zabol-VAIO) Description: httphttp-2147467263 Error: (04/26/2020 01:26:43 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: ) Description: The rules engine failed to perform one or more scheduled actions. Error Code:0x80070020 Path:SERIALIZE_INTERNAL Arguments: Error: (04/26/2020 01:17:10 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 2020.19111.24110.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2920 Start Time: 01d61bc46ef3af3b Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 3975f20f-00d6-44f0-9010-3267ac43fd0b Faulting package full name: Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (04/26/2020 11:46:17 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (04/26/2020 11:43:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 10.0.17134.112, time stamp: 0x2a3c4e62 Faulting module name: msxml6.dll, version: 6.30.17134.1067, time stamp: 0x0b345439 Exception code: 0xc0000005 Fault offset: 0x0000000000078ee8 Faulting process id: 0x179c Faulting application start time: 0x01d61bb78f32cdfe Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Faulting module path: C:\Windows\System32\msxml6.dll Report Id: 5e0484ab-5a88-4618-987a-40aa8accfbd0 Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (04/20/2020 11:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 25547 Error: (04/20/2020 11:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 25547 System errors: ============= Error: (04/26/2020 05:13:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/26/2020 05:13:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VSNService service failed to start due to the following error: The system cannot find the file specified. Error: (04/26/2020 05:13:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VAIO Care Performance Service service failed to start due to the following error: The system cannot find the file specified. Error: (04/26/2020 05:10:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Net.Pipe Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/26/2020 05:10:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect. Error: (04/26/2020 05:10:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetMsmqActivator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/26/2020 05:10:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect. Error: (04/26/2020 05:10:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. ==================== Memory info =========================== BIOS: INSYDE R0180Z9 04/28/2011 Motherboard: Sony Corporation VAIO Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Percentage of memory in use: 55% Total physical RAM: 6125.86 MB Available physical RAM: 2753.75 MB Total Virtual: 12269.86 MB Available Virtual: 8100.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:451.21 GB) (Free:134.08 GB) NTFS \\?\Volume{6b13d045-ef9e-11e5-8456-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{6b13d044-ef9e-11e5-8456-806e6f6e6963}\ (Recovery) (Fixed) (Total:13.61 GB) (Free:1.11 GB) NTFS \\?\Volume{d672f023-0000-0000-0000-a03a74000000}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D672F023) Partition 1: (Not Active) - (Size=13.6 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=865 MB) - (Type=27) ==================== End of Addition.txt =======================