PakseFrustration
Posts: 16 +0
Hello,
My laptop is not staying connected to the internet ans when I try to do a malware scan, it overheats & shuts down. Here are the logs generated from Farbar.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-07-2020
Ran by SONY (administrator) on SONY-PC (Sony Corporation VGN-NW125J) (23-07-2020 12:27:56)
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Eltima Software -> Eltima Software) C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
(KeepSolid Inc.) [File not signed] C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-07-2020
Ran by SONY (23-07-2020 12:31:40)
Running from C:\Users\SONY\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2019-06-15 12:02:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1738186064-958222864-1310178189-500 - Administrator - Disabled)
Guest (S-1-5-21-1738186064-958222864-1310178189-501 - Limited - Disabled)
SONY (S-1-5-21-1738186064-958222864-1310178189-1000 - Administrator - Enabled) => C:\Users\SONY
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Security Cloud (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Security Cloud (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Cloud (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader 4.7 (HKLM\...\{AC1A4B11-192E-45F2-A205-D3BF4CC8D938}) (Version: 4.7.2.2732 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20074 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.371 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.54 - NCH Software)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.0.0.35798 - Foxit Software Inc.)
Google Chrome (HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
IDM Crack 6.32 build 6 (HKLM-x32\...\IDM Crack 6.32 build 6) (Version: 6.32 build 6 - Crackingpatching.com Team)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky)
Kaspersky Security Cloud (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
K-Lite Mega Codec Pack 14.3.7 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.7 - KLCP)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 78.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 78.0.2 (x64 en-US)) (Version: 78.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.2 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Recover PDF Password 4.0.238 (HKLM-x32\...\Recover PDF Password_is1) (Version: - Eltima Software, Inc.)
Skype version 8.53 (HKLM-x32\...\Skype_is1) (Version: 8.53 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\slack) (Version: 4.7.0 - Slack Technologies Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TunSetupVPNU (HKLM\...\{3E4BC5B7-104F-40B3-BEC4-9CEF0BCD0EF8}) (Version: 1.0.0 - Keepsolid Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 7.25 - NCH Software)
VPN Unlimited 7.4 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 7.4 - KeepSolid Inc.)
Web Companion (HKLM-x32\...\{1697e2a7-87f9-452f-ac1d-cb3b50a8e2d4}) (Version: 6.0.2270.4122 - Lavasoft)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\SONY\AppData\Local\Google\Chrome\Application\83.0.4103.116\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SYSTEM32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SYSTEM32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SYSTEM32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SYSTEM32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SYSTEM32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2019-06-20 15:56 - 2020-06-29 11:47 - 001876992 _____ () [File not signed] C:\Program Files (x86)\VPN Unlimited\vpnu_private_sdk.dll
2019-05-16 08:52 - 2019-05-16 08:52 - 002651648 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000058880 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\VPN Unlimited\cares.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000361984 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libcurl.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 002516480 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libcrypto-1_1.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libssl-1_1.dll
2019-06-20 15:56 - 2018-02-16 17:17 - 004628480 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\VPN Unlimited\Qt5Core.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:02B2B479 [125]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 09:34 - 2019-08-06 12:15 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 183.182.100.1 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Discord => C:\Users\SONY\AppData\Local\Discord\app-0.0.305\Discord.exe
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: utweb => "C:\Users\SONY\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9CAC9CCD-66DB-4E10-836B-FEDDFD51A6D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{88E3DD29-BED4-4DD3-85F5-A0A1057B0444}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B9C073C2-4CC3-438C-B5A9-B8038BF4562D}C:\users\sony\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{51480E15-3BF6-4C29-AAE7-06C565097C58}C:\users\sony\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [TCP Query User{696C76F7-C8CC-4667-BA57-9FCD706E79E3}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{F8CEDD9F-6717-499A-B45A-DA9884EDF62A}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{43F64A85-4742-4520-B5D7-9941AB7185E5}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{C4292981-0980-4FEF-86DE-F7514AC651C2}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{031BFEBD-391A-439D-A78A-368EE7E21E60}C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe] => (Allow) C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe (Eltima Software -> Eltima Software)
FirewallRules: [UDP Query User{1E25E491-558C-4B1E-B453-3AF1AC634CB1}C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe] => (Allow) C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe (Eltima Software -> Eltima Software)
FirewallRules: [{32272219-F654-40D5-90FF-4337DCF3464F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B0D4F3C-588A-4859-8956-0E90C027F87B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C39F0991-0730-4163-B59E-76007F4FF45B}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2DE7216F-A98B-44F1-B830-87FA161A3B97}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{7A75122F-5F52-461F-BDD9-A1267E9B0999}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [{24809C58-4ADA-4854-B5A2-891A723D92BF}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [TCP Query User{3FAA61BB-4314-4F34-9EC5-26F5F20E45C2}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [UDP Query User{20445883-975E-47C9-ACE9-2A3E5CD1C202}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
==================== Restore Points =========================
22-07-2020 18:56:51 Scheduled Checkpoint
23-07-2020 12:06:39 Removed WebCam Companion
==================== Faulty Device Manager Devices ============
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (07/23/2020 12:27:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 12:10:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 12:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 11:35:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 11:34:12 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={CC894C53-EE9B-4E4E-9C06-775530B463BF}: The user SONY-PC\SONY dialed a connection named VPN Unlimited IKEv2 which has failed. The error code returned on failure is 809.
Error: (07/23/2020 10:47:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 09:34:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 09:20:28 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A4A3C487-7165-4C18-BCB9-ECFE0D906683}: The user SONY-PC\SONY dialed a connection named VPN Unlimited IKEv2 which has failed. The error code returned on failure is 809.
System errors:
=============
Error: (07/23/2020 12:01:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:00:17 PM on 7/23/2020 was unexpected.
Error: (07/23/2020 11:36:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.
Error: (07/23/2020 11:35:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VPNU WireGuard Tunnel Client: VPNUWireguard service terminated unexpectedly. It has done this 1 time(s).
Error: (07/23/2020 11:35:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error:
An instance of the service is already running.
Error: (07/23/2020 11:34:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/23/2020 11:34:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (07/23/2020 11:34:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/23/2020 11:34:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Windows Defender:
===================================
Date: 2020-06-27 14:32:02.078
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2020-06-27 10:37:25.159
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2020-06-26 15:39:16.661
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
==================== Memory info ===========================
BIOS: American Megatrends Inc. R0170Y4 05/22/2009
Motherboard: Sony Corporation VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 70%
Total physical RAM: 3935.02 MB
Available physical RAM: 1152.1 MB
Total Virtual: 7868.18 MB
Available Virtual: 4323.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.17 GB) (Free:12.45 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:18.35 GB) NTFS
\\?\Volume{d6230fd6-8fd9-11e9-b262-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 82D76217)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
My laptop is not staying connected to the internet ans when I try to do a malware scan, it overheats & shuts down. Here are the logs generated from Farbar.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-07-2020
Ran by SONY (administrator) on SONY-PC (Sony Corporation VGN-NW125J) (23-07-2020 12:27:56)
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Eltima Software -> Eltima Software) C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
(KeepSolid Inc.) [File not signed] C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-07-2020
Ran by SONY (23-07-2020 12:31:40)
Running from C:\Users\SONY\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2019-06-15 12:02:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1738186064-958222864-1310178189-500 - Administrator - Disabled)
Guest (S-1-5-21-1738186064-958222864-1310178189-501 - Limited - Disabled)
SONY (S-1-5-21-1738186064-958222864-1310178189-1000 - Administrator - Enabled) => C:\Users\SONY
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Security Cloud (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Security Cloud (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Cloud (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader 4.7 (HKLM\...\{AC1A4B11-192E-45F2-A205-D3BF4CC8D938}) (Version: 4.7.2.2732 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20074 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.371 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.54 - NCH Software)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.0.0.35798 - Foxit Software Inc.)
Google Chrome (HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
IDM Crack 6.32 build 6 (HKLM-x32\...\IDM Crack 6.32 build 6) (Version: 6.32 build 6 - Crackingpatching.com Team)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky)
Kaspersky Security Cloud (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
K-Lite Mega Codec Pack 14.3.7 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.7 - KLCP)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 78.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 78.0.2 (x64 en-US)) (Version: 78.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.2 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Recover PDF Password 4.0.238 (HKLM-x32\...\Recover PDF Password_is1) (Version: - Eltima Software, Inc.)
Skype version 8.53 (HKLM-x32\...\Skype_is1) (Version: 8.53 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\slack) (Version: 4.7.0 - Slack Technologies Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TunSetupVPNU (HKLM\...\{3E4BC5B7-104F-40B3-BEC4-9CEF0BCD0EF8}) (Version: 1.0.0 - Keepsolid Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 7.25 - NCH Software)
VPN Unlimited 7.4 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 7.4 - KeepSolid Inc.)
Web Companion (HKLM-x32\...\{1697e2a7-87f9-452f-ac1d-cb3b50a8e2d4}) (Version: 6.0.2270.4122 - Lavasoft)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\SONY\AppData\Local\Google\Chrome\Application\83.0.4103.116\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SYSTEM32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SYSTEM32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SYSTEM32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SYSTEM32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SYSTEM32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2019-06-20 15:56 - 2020-06-29 11:47 - 001876992 _____ () [File not signed] C:\Program Files (x86)\VPN Unlimited\vpnu_private_sdk.dll
2019-05-16 08:52 - 2019-05-16 08:52 - 002651648 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000058880 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\VPN Unlimited\cares.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000361984 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libcurl.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 002516480 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libcrypto-1_1.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libssl-1_1.dll
2019-06-20 15:56 - 2018-02-16 17:17 - 004628480 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\VPN Unlimited\Qt5Core.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:02B2B479 [125]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 09:34 - 2019-08-06 12:15 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 183.182.100.1 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Discord => C:\Users\SONY\AppData\Local\Discord\app-0.0.305\Discord.exe
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: utweb => "C:\Users\SONY\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9CAC9CCD-66DB-4E10-836B-FEDDFD51A6D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{88E3DD29-BED4-4DD3-85F5-A0A1057B0444}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B9C073C2-4CC3-438C-B5A9-B8038BF4562D}C:\users\sony\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{51480E15-3BF6-4C29-AAE7-06C565097C58}C:\users\sony\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [TCP Query User{696C76F7-C8CC-4667-BA57-9FCD706E79E3}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{F8CEDD9F-6717-499A-B45A-DA9884EDF62A}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{43F64A85-4742-4520-B5D7-9941AB7185E5}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{C4292981-0980-4FEF-86DE-F7514AC651C2}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{031BFEBD-391A-439D-A78A-368EE7E21E60}C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe] => (Allow) C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe (Eltima Software -> Eltima Software)
FirewallRules: [UDP Query User{1E25E491-558C-4B1E-B453-3AF1AC634CB1}C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe] => (Allow) C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe (Eltima Software -> Eltima Software)
FirewallRules: [{32272219-F654-40D5-90FF-4337DCF3464F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B0D4F3C-588A-4859-8956-0E90C027F87B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C39F0991-0730-4163-B59E-76007F4FF45B}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2DE7216F-A98B-44F1-B830-87FA161A3B97}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{7A75122F-5F52-461F-BDD9-A1267E9B0999}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [{24809C58-4ADA-4854-B5A2-891A723D92BF}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [TCP Query User{3FAA61BB-4314-4F34-9EC5-26F5F20E45C2}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [UDP Query User{20445883-975E-47C9-ACE9-2A3E5CD1C202}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
==================== Restore Points =========================
22-07-2020 18:56:51 Scheduled Checkpoint
23-07-2020 12:06:39 Removed WebCam Companion
==================== Faulty Device Manager Devices ============
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (07/23/2020 12:27:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 12:10:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 12:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 11:35:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 11:34:12 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={CC894C53-EE9B-4E4E-9C06-775530B463BF}: The user SONY-PC\SONY dialed a connection named VPN Unlimited IKEv2 which has failed. The error code returned on failure is 809.
Error: (07/23/2020 10:47:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 09:34:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (07/23/2020 09:20:28 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={A4A3C487-7165-4C18-BCB9-ECFE0D906683}: The user SONY-PC\SONY dialed a connection named VPN Unlimited IKEv2 which has failed. The error code returned on failure is 809.
System errors:
=============
Error: (07/23/2020 12:01:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:00:17 PM on 7/23/2020 was unexpected.
Error: (07/23/2020 11:36:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.
Error: (07/23/2020 11:35:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VPNU WireGuard Tunnel Client: VPNUWireguard service terminated unexpectedly. It has done this 1 time(s).
Error: (07/23/2020 11:35:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error:
An instance of the service is already running.
Error: (07/23/2020 11:34:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/23/2020 11:34:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (07/23/2020 11:34:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/23/2020 11:34:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Windows Defender:
===================================
Date: 2020-06-27 14:32:02.078
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2020-06-27 10:37:25.159
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2020-06-26 15:39:16.661
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
==================== Memory info ===========================
BIOS: American Megatrends Inc. R0170Y4 05/22/2009
Motherboard: Sony Corporation VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 70%
Total physical RAM: 3935.02 MB
Available physical RAM: 1152.1 MB
Total Virtual: 7868.18 MB
Available Virtual: 4323.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.17 GB) (Free:12.45 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:18.35 GB) NTFS
\\?\Volume{d6230fd6-8fd9-11e9-b262-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 82D76217)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
