Inactive-A Sony Vaio overheats/shuts down during scan

Status
Not open for further replies.

PakseFrustration

Posts: 16   +0
Hello,
This is an ongoing issue. Any assistance is appreciated. Here is the FRST log & I will add the other log in a response to this post.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2020
Ran by SONY (administrator) on SONY-PC (Sony Corporation VGN-NW125J) (02-09-2020 15:40:21)
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Eltima Software -> Eltima Software) C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avpui.exe
(KeepSolid Inc.) [File not signed] C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (Sennheiser) <==== ATTENTION
HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (DarkMatter CA) <==== ATTENTION
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Run: [Google Update] => C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\SYSTEM32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15CC6238-46AF-4196-A3A6-1C01E25DBFFD} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1738186064-958222864-1310178189-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2019-05-15] (Microsoft Windows -> Microsoft Corporation)
Task: {26F6D983-E8F8-4457-B38B-592893136DAA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-08-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {3297F8F9-9C2F-443D-8F38-B5E161CA62C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-08] (Adobe Inc. -> Adobe)
Task: {46B59945-5228-40B4-BF53-FB0DDB36BFB1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1738186064-958222864-1310178189-1000Core => C:\Users\SONY\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-06-18] (Google Inc -> Google LLC)
Task: {5B85198A-9CDE-4E46-B35C-DCE34FCC286C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1738186064-958222864-1310178189-1000UA => C:\Users\SONY\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-06-18] (Google Inc -> Google LLC)
Task: {655D59EF-6E6B-42E5-8A7D-72294F360D6C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)
Task: {7D277012-2A2B-4AA0-A999-42D676AF6D99} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {886452C0-6EAB-4A3E-839E-EE48C828B265} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
Task: {E447FBFF-FB27-477B-B95F-7FB5C5BECE4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [491320 2020-06-23] (Bitdefender SRL -> Bitdefender)
Task: {E71BADFF-7089-4E55-A27A-E2C8F4E50416} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-06-08] (Adobe Inc. -> Adobe)
Task: {FE3A9D98-5056-4B9B-A05F-8A5B56C80858} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 183.182.100.1 8.8.4.4
Tcpip\..\Interfaces\{310A450C-2256-4579-ACF9-3D29393C4556}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E57A67F-2F45-4C15-9AA6-EAE31389E3C6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E57A67F-2F45-4C15-9AA6-EAE31389E3C6}: [DhcpNameServer] 183.182.100.1 8.8.4.4
Tcpip\..\Interfaces\{CD144B2F-7574-4F66-A738-3DB8C758D9BA}: [NameServer] 10.100.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1738186064-958222864-1310178189-1000 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1738186064-958222864-1310178189-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: ytww0b7u.default
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ytww0b7u.default [2020-06-25]
FF Homepage: Mozilla\Firefox\Profiles\ytww0b7u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF NewTab: Mozilla\Firefox\Profiles\ytww0b7u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF Extension: (Avast Online Security) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ytww0b7u.default\Extensions\wrc@avast.com.xpi [2020-02-08]
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release [2020-09-01]
FF NewTab: Mozilla\Firefox\Profiles\i4fl49ei.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF Extension: (Privacy Badger) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-08-27]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\sp@avast.com.xpi [2020-07-04]
FF Extension: (LastPass: Free Password Manager) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\support@lastpass.com.xpi [2020-08-28]
FF Extension: (uBlock Origin) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-08-23]
FF Extension: (Avast Online Security) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\wrc@avast.com.xpi [2020-06-17]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-06-08] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-06-08] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-08-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-07-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-07-23] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default [2020-09-02]
CHR DownloadDir: C:\Users\SONY\Desktop
CHR Notifications: Default -> hxxps://166716742877603.webpush.freshchat.com; hxxps://app.slack.com; hxxps://voice.google.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-15]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-15]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-08-08]
CHR Extension: (MozBar) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2019-11-03]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-06]
CHR Extension: (Kaspersky Protection) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-17]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2019-06-18]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2020-08-24]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2020-05-21]
CHR Extension: (Evernote Web) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-02]
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-01]
CHR Extension: (Slides) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-18]
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-18]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-18]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-10]
CHR Extension: (Sheets) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-05]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-01]
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-19]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
StartMenuInternet: Google Chrome.OZ6TULZGLO2PJGYLWWOESANBQM - C:\Users\SONY\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-08] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1356792 2020-06-23] (Bitdefender SRL -> Bitdefender)
R2 RppClientService; C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe [687104 2012-04-20] (Eltima Software -> Eltima Software)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [49664 2020-06-29] (KeepSolid Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2019-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuardTunnel$VPNUWireguard; C:\Program Files (x86)\VPN Unlimited\WireVPNUImpl.exe [17920 2020-05-21] () [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651648 2019-05-16] (Microsoft Corporation) [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [531584 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [79768 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [145504 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [251800 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [643840 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1277704 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998808 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [79760 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [211048 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [233368 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
R2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2009-06-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [11392 2007-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2018-09-07] (ProtonVPN AG -> The OpenVPN Project)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\Windows\System32\DRIVERS\wintun.sys [29576 2019-12-30] (WireGuard LLC -> WireGuard LLC)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [398112 2011-09-14] (Marvell Semiconductor -> Marvell)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
U1 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-02 15:40 - 2020-09-02 15:43 - 000027424 _____ C:\Users\SONY\Desktop\FRST.txt
2020-09-02 15:31 - 2020-09-02 15:31 - 000372656 _____ C:\Users\SONY\Desktop\Nathaniel Julius.zip
2020-09-02 14:39 - 2020-09-02 14:39 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2020-09-02 14:39 - 2020-09-02 14:39 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2020-09-02 10:52 - 2020-09-02 10:52 - 000034974 _____ C:\Users\SONY\Desktop\drive-download-20200902T035150Z-001.zip
2020-09-01 15:52 - 2020-09-01 15:52 - 000019469 _____ C:\Users\SONY\Desktop\US List 062020.csv
2020-08-28 20:24 - 2020-08-28 20:24 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-08-28 15:41 - 2020-08-29 08:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-08-26 14:29 - 2020-08-26 14:29 - 000084072 _____ C:\ProgramData\agent.update.1598426935.bdinstall.v2.bin
2020-08-22 18:49 - 2020-08-29 17:11 - 000000263 _____ C:\Users\SONY\Desktop\Tour Title Layout.txt
2020-08-13 17:34 - 2020-08-13 17:34 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-08-13 17:34 - 2020-08-13 17:34 - 000012288 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb
2020-08-13 17:34 - 2020-08-13 17:34 - 000000000 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-08-13 17:33 - 2020-08-13 17:33 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-08-13 17:33 - 2020-08-13 17:33 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-08-13 17:33 - 2020-08-13 17:33 - 000012288 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb
2020-08-13 17:33 - 2020-08-13 17:33 - 000012288 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb
2020-08-13 17:33 - 2020-08-13 17:33 - 000000000 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-08-13 17:33 - 2020-08-13 17:33 - 000000000 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-wal
2020-08-04 13:01 - 2020-08-17 11:46 - 002296320 _____ (Farbar) C:\Users\SONY\Desktop\FRST64.exe
2020-08-04 12:31 - 2020-08-04 12:33 - 137740614 _____ C:\Users\SONY\Desktop\The Art of War - Sun Tzu Unabridged Full Audiobook HQ.mp4
2020-08-03 16:56 - 2020-09-02 10:11 - 000000000 ____D C:\Users\SONY\Desktop\UK Work
2020-08-03 16:55 - 2020-08-03 19:50 - 000000000 ____D C:\Users\SONY\Desktop\Work

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-02 15:41 - 2020-07-23 12:16 - 000000000 ____D C:\FRST
2020-09-02 15:41 - 2020-07-23 09:52 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-09-02 15:40 - 2020-06-25 11:34 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-09-02 15:38 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-02 15:34 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
2020-09-02 14:53 - 2009-07-14 11:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-09-02 14:53 - 2009-07-14 11:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-09-02 14:44 - 2009-07-14 12:08 - 000032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-09-02 09:44 - 2019-06-29 09:43 - 000000000 ____D C:\Users\SONY\Desktop\ENC
2020-09-01 22:48 - 2019-06-18 20:00 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mozilla
2020-09-01 15:53 - 2019-10-07 01:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-09-01 15:53 - 2019-10-07 01:58 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-09-01 13:56 - 2019-11-20 21:36 - 000002374 _____ C:\Users\SONY\Desktop\Google Chrome.lnk
2020-09-01 13:56 - 2019-06-15 19:19 - 000002411 _____ C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-08-29 08:56 - 2019-06-18 20:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-08-26 14:29 - 2020-06-25 11:32 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-08-24 21:33 - 2020-05-04 13:31 - 000000000 ____D C:\Users\SONY\Desktop\Read Me
2020-08-21 17:16 - 2019-06-24 17:07 - 000000267 _____ C:\Users\SONY\Desktop\email.txt
2020-08-20 17:01 - 2019-06-15 20:21 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-08-14 17:42 - 2019-06-25 13:32 - 000001309 _____ C:\Users\SONY\Desktop\measure.txt
2020-08-13 17:52 - 2019-06-15 20:21 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-08-13 16:47 - 2020-07-23 09:52 - 000998808 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2020-08-13 16:47 - 2020-07-23 09:52 - 000251800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2020-08-13 16:47 - 2020-05-19 09:11 - 000233368 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2020-08-05 21:52 - 2019-10-07 01:58 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-08-04 19:44 - 2019-06-19 19:00 - 000000000 ____D C:\Users\SONY\Desktop\4K Video Downloader
2020-08-04 18:43 - 2019-06-15 20:06 - 000000000 ____D C:\Users\SONY\AppData\Local\ElevatedDiagnostics
2020-08-04 18:23 - 2020-08-01 12:53 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\uTorrent

==================== Files in the root of some directories ========

2019-06-22 12:58 - 2019-06-22 12:58 - 000000000 _____ () C:\Users\SONY\AppData\Local\oobelibMkey.log
2020-02-09 20:44 - 2020-02-09 20:44 - 000007597 _____ () C:\Users\SONY\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-27 19:39
==================== End of FRST.txt ========================
 

PakseFrustration

Posts: 16   +0
The ADDITION log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by SONY (02-09-2020 15:48:06)
Running from C:\Users\SONY\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2019-06-15 12:02:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1738186064-958222864-1310178189-500 - Administrator - Disabled)
Guest (S-1-5-21-1738186064-958222864-1310178189-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1738186064-958222864-1310178189-1002 - Limited - Enabled)
SONY (S-1-5-21-1738186064-958222864-1310178189-1000 - Administrator - Enabled) => C:\Users\SONY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Security Cloud (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Security Cloud (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Cloud (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{AC1A4B11-192E-45F2-A205-D3BF4CC8D938}) (Version: 4.13.0.3800 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20043 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.371 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.54 - NCH Software)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.0.0.35798 - Foxit Software Inc.)
Google Chrome (HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Google Chrome) (Version: 85.0.4183.83 - Google LLC)
IDM Crack 6.32 build 6 (HKLM-x32\...\IDM Crack 6.32 build 6) (Version: 6.32 build 6 - Crackingpatching.com Team)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky)
Kaspersky Security Cloud (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
K-Lite Mega Codec Pack 14.3.7 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.7 - KLCP)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 80.0 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0 (x64 en-US)) (Version: 80.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.2 - Mozilla)
Recover PDF Password 4.0.238 (HKLM-x32\...\Recover PDF Password_is1) (Version: - Eltima Software, Inc.)
Skype version 8.53 (HKLM-x32\...\Skype_is1) (Version: 8.53 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\slack) (Version: 4.7.0 - Slack Technologies Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TunSetupVPNU (HKLM\...\{3E4BC5B7-104F-40B3-BEC4-9CEF0BCD0EF8}) (Version: 1.0.0 - Keepsolid Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 7.25 - NCH Software)
VPN Unlimited 7.4 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 7.4 - KeepSolid Inc.)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\SONY\AppData\Local\Google\Chrome\Application\85.0.4183.83\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SYSTEM32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SYSTEM32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SYSTEM32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SYSTEM32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SYSTEM32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-06-20 15:56 - 2020-06-29 11:47 - 001876992 _____ () [File not signed] C:\Program Files (x86)\VPN Unlimited\vpnu_private_sdk.dll
2019-05-16 08:52 - 2019-05-16 08:52 - 002651648 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000058880 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\VPN Unlimited\cares.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000361984 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libcurl.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 002516480 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libcrypto-1_1.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libssl-1_1.dll
2019-06-20 15:56 - 2018-02-16 17:17 - 004628480 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\VPN Unlimited\Qt5Core.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:02B2B479 [125]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2019-08-06 12:15 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Discord => C:\Users\SONY\AppData\Local\Discord\app-0.0.305\Discord.exe
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: utweb => "C:\Users\SONY\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9CAC9CCD-66DB-4E10-836B-FEDDFD51A6D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{88E3DD29-BED4-4DD3-85F5-A0A1057B0444}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B9C073C2-4CC3-438C-B5A9-B8038BF4562D}C:\users\sony\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{51480E15-3BF6-4C29-AAE7-06C565097C58}C:\users\sony\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [TCP Query User{696C76F7-C8CC-4667-BA57-9FCD706E79E3}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{F8CEDD9F-6717-499A-B45A-DA9884EDF62A}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{43F64A85-4742-4520-B5D7-9941AB7185E5}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{C4292981-0980-4FEF-86DE-F7514AC651C2}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{031BFEBD-391A-439D-A78A-368EE7E21E60}C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe] => (Allow) C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe (Eltima Software -> Eltima Software)
FirewallRules: [UDP Query User{1E25E491-558C-4B1E-B453-3AF1AC634CB1}C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe] => (Allow) C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe (Eltima Software -> Eltima Software)
FirewallRules: [{32272219-F654-40D5-90FF-4337DCF3464F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B0D4F3C-588A-4859-8956-0E90C027F87B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7A75122F-5F52-461F-BDD9-A1267E9B0999}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [{24809C58-4ADA-4854-B5A2-891A723D92BF}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [TCP Query User{3FAA61BB-4314-4F34-9EC5-26F5F20E45C2}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [UDP Query User{20445883-975E-47C9-ACE9-2A3E5CD1C202}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [TCP Query User{CFF03755-B145-47B4-88D5-F105E91F31B4}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [UDP Query User{0631744D-6C26-4BBE-B5D3-B87C7D30F2A9}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [TCP Query User{BD673061-250C-4BF2-A6DF-3FDFC6111505}C:\users\sony\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [UDP Query User{F938538B-89BB-41FC-9E67-34C24889D9EF}C:\users\sony\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\utorrent.exe => No File

==================== Restore Points =========================

27-08-2020 17:07:13 Windows Update
31-08-2020 15:47:23 Windows Update

==================== Faulty Device Manager Devices ============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/02/2020 03:39:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2020 02:45:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2020 02:40:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2020 09:44:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2020 08:23:50 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (09/01/2020 08:23:50 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/01/2020 01:35:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2020 09:03:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/02/2020 03:38:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:36:56 PM on ‎9/‎2/‎2020 was unexpected.

Error: (09/01/2020 04:16:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/01/2020 04:16:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (08/31/2020 04:29:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (08/31/2020 04:29:07 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (08/31/2020 04:26:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (08/31/2020 10:39:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Foxit Reader Update Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/31/2020 10:39:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Foxit Reader Update Service service to connect.


Windows Defender:
===================================
Date: 2020-08-16 12:55:42.406
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{F02BE15B-2BEE-4B11-8FFE-AAF930BCAEC4}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2020-08-16 10:43:56.284
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C2DDDCC1-B44C-46AF-B005-67C2F26A65D1}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2020-08-16 10:19:09.474
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{BC018B59-94E5-4EBA-AFEC-2EF852B068D2}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-08-04 18:47:29.028
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{9A10434B-223E-4997-A5AC-2160EDB46397}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-07-26 16:21:06.585
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{856CB659-5365-4251-8CA4-ABAA05A9C39A}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-06-27 14:32:02.078
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2020-06-27 10:37:25.159
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2020-06-26 15:39:16.661
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. R0170Y4 05/22/2009
Motherboard: Sony Corporation VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 64%
Total physical RAM: 3935.02 MB
Available physical RAM: 1388.84 MB
Total Virtual: 7868.18 MB
Available Virtual: 5307.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.17 GB) (Free:9.72 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:21.72 GB) NTFS

\\?\Volume{d6230fd6-8fd9-11e9-b262-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 82D76217)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,827   +503
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

PakseFrustration

Posts: 16   +0
Rouge Killer

RogueKiller Anti-Malware V14.7.2.0 (x64) [Sep 1 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : SONY [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200904_094040, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/09/05 12:08:39 (Duration : 00:36:52)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.DriverToolkit (Potentially Malicious)] HKEY_USERS\S-1-5-21-1738186064-958222864-1310178189-1000\Software\DriverToolkit -- -> Deleted
[PUP.DriverPack (Potentially Malicious)] HKEY_USERS\S-1-5-21-1738186064-958222864-1310178189-1000\Software\drpsu -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B9C073C2-4CC3-438C-B5A9-B8038BF4562D}C:\users\sony\appdata\roaming\utorrent web\utweb.exe -- [%_SONY_appdata%\utorrent web\utweb.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{51480E15-3BF6-4C29-AAE7-06C565097C58}C:\users\sony\appdata\roaming\utorrent web\utweb.exe -- [%_SONY_appdata%\utorrent web\utweb.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B9C073C2-4CC3-438C-B5A9-B8038BF4562D}C:\users\sony\appdata\roaming\utorrent web\utweb.exe -- [%_SONY_appdata%\utorrent web\utweb.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{51480E15-3BF6-4C29-AAE7-06C565097C58}C:\users\sony\appdata\roaming\utorrent web\utweb.exe -- [%_SONY_appdata%\utorrent web\utweb.exe] -> Deleted
[PUP.DriverToolkit (Potentially Malicious)] DriverToolkit -- %localappdata%\DriverToolkit -> Deleted
[PUP.DriverToolkit (Potentially Malicious)] DriverToolkit -- %programfiles(x86)%\DriverToolkit -> Deleted
=> Backup -- C:\PROGRA~2\DRIVER~1\Backup -> Deleted
=> Download -- C:\PROGRA~2\DRIVER~1\Download -> Deleted
[PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Default Search Engine -> Deleted
[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Default Search Engine -> Deleted
[PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Default Search Engine -> Deleted
[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Default Search Engine -> Deleted
 

PakseFrustration

Posts: 16   +0
Malwarebytes

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/5/20
Scan Time: 12:16 PM
Log File: e4901338-ef36-11ea-9d8f-00ff310a450c.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1036
Update Package Version: 1.0.29465
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SONY-PC\SONY

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 239740
Threats Detected: 32
Threats Quarantined: 0
Time Elapsed: 14 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.SearchYa, HKU\S-1-5-21-1738186064-958222864-1310178189-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}, No Action By User, 424, 242794, 1.0.29465, , ame, , ,

Registry Value: 5
PUP.Optional.SearchYa, HKU\S-1-5-21-1738186064-958222864-1310178189-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{993F5746-4C15-42BC-99C1-064A1764271B}|DISPLAYNAME, No Action By User, 424, 242794, 1.0.29465, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, No Action By User, 6899, 676880, 1.0.29465, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6899, 676881, 1.0.29465, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, No Action By User, 6899, 676880, 1.0.29465, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6899, 676881, 1.0.29465, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.PushNotifications.Generic, C:\USERS\SONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\SONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\SONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\SONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\LevelDB, No Action By User, 201, 838845, , , , , ,

File: 22
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 201, 838845, , , , , 99139D1590F6090D374C02B6F3DE6151, 52E8C5C40B82F60EC252698C760DAC81BAC889711D8B8FD420543EF976596DC6
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\006765.ldb, No Action By User, 201, 838845, , , , , 4E33F99C6378D7E51518041BFCD1C248, 3C0C5FAF33318DB4BE6B052E5C52C9F0DE2EC6DE57914AA559E68ED537152D24
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\006767.ldb, No Action By User, 201, 838845, , , , , 5681EBBA615C6A5D494D8906964781B7, 8EFB6B0B59C66E22CD8FE57E524002FA27968A21FA6B7B48596BEB597942E873
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\006769.log, No Action By User, 201, 838845, , , , , 898869AA8FA6AC5B0B22AA41C0E8A56D, 9507046B6CB42A8345664021D7C560EB0F5FAB65680E544672956ECAD69310BC
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\006770.ldb, No Action By User, 201, 838845, , , , , 7FA9A3C70FB1B4D7C00999A2B5F7E09B, F9BB263D73174F1E0A8E369D2DE47CC7D3521049E7333CC6C1A283A36EFE1FE7
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 201, 838845, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 201, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 201, 838845, , , , , 9FE735F13C093FB25B5F4374CE3DFF73, 31383F1D34E60609EED6722B77FCDEC638B9D15CB91985D226F49A83AA0F8F71
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 201, 838845, , , , , 36B4EDC14BD4CA3C2FCB0AB2DDF47FA0, C51ABCF61B94E61DE5F86F16FC1137DC0526BF9C8E18775C278ABE41062F04AD
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 201, 838845, , , , , A1A1E8D4455255DE49692D0A22AFAE72, 5FE776C25E925BEABD863A35969A9EC19E328866E0828840EA7A2EBD6733B83E
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000005.ldb, No Action By User, 201, 838845, , , , , D3DECCC06ECB5D189CE7C7E5DEBC3671, BF5B2B26D75669545BE9E8970D903C9A2831EAA3B8FBAFEA50F63595BF4DF8C3
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000044.ldb, No Action By User, 201, 838845, , , , , D73CFC10C7520504CF47769033532757, F5F99F4CD93B44899A5CA4349910C9AF765CF6701B190F3D467287CEFF851985
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000047.ldb, No Action By User, 201, 838845, , , , , 42C5501073A59420F1E5BD75546BFC35, 3977A5EA4C906E0602FEB3162D40FE3C7E9B380F5D628B112B7D4E7017A22D97
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000049.log, No Action By User, 201, 838845, , , , , 790D6CF3A1F9860B7C4671B6C44F6415, 61C1A04C57F0DA612B9D3F5500990FE5B3B53C6EB85AEDB32289F62F3304D50D
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\000050.ldb, No Action By User, 201, 838845, , , , , AE468E185ACF2D35010FC8F3590D7FBC, B2C72F7274F604B7276FB0D003EE61460E440D761A25A1A06297750EF67E480B
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\CURRENT, No Action By User, 201, 838845, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOCK, No Action By User, 201, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOG, No Action By User, 201, 838845, , , , , 4FE586EDBBCFBF9AABB6A7B9992B79C8, D6C3FFD516A83D7D0432B03E801C86DC84C2AFD8F7FF103099C838DE271463AA
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\LOG.old, No Action By User, 201, 838845, , , , , 7C83B8F513A3DF8C07A2CBCEF0C88C15, 6AF859FD9A106F251F3E27A90A5D82E090431F992450DCE0B7E2ADDE67840A8B
PUP.Optional.PushNotifications.Generic, C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 201, 838845, , , , , 78191A59D73720403111FDF1527A1BD6, CA831B595A965DBB084967193CD81632F64A58732A3694B27AE0272B9E65D795
PUP.Optional.PushNotifications.Generic, C:\USERS\SONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 201, 838845, 1.0.29465, , ame, , 3E3734284E94D1054BDD0AC7520A842C, 05CC839E42D0F0DB4555345C718D75AE9A3188A4A695DF2A2D31772495EE4D74
PUP.Optional.PushNotifications.Generic, C:\USERS\SONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 201, 838845, 1.0.29465, , ame, , 3E3734284E94D1054BDD0AC7520A842C, 05CC839E42D0F0DB4555345C718D75AE9A3188A4A695DF2A2D31772495EE4D74

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

PakseFrustration

Posts: 16   +0
AdW had 2 logs. Here is the first...

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-05-2020
# Duration: 00:00:05
# OS: Windows 7 Ultimate
# Cleaned: 11
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Windows\Temp\WebCompanion.zip

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\WebCompanion.exe
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted tangoenergy.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Deleted http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2391 octets] - [05/09/2020 13:01:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

PakseFrustration

Posts: 16   +0
Here is the 2nd...

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-05-2020
# Duration: 00:00:44
# OS: Windows 7 Ultimate
# Scanned: 31837
# Detected: 11


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.WebCompanion C:\Windows\Temp\WebCompanion.zip

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\WebCompanion.exe
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy tangoenergy.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

PUP.Optional.Legacy http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Broni

Posts: 55,827   +503
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

PakseFrustration

Posts: 16   +0
FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2020
Ran by SONY (administrator) on SONY-PC (Sony Corporation VGN-NW125J) (05-09-2020 13:32:46)
Running from C:\Users\SONY\Desktop\Scanny Programs
Loaded Profiles: SONY
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Eltima Software -> Eltima Software) C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> Google LLC) C:\Users\SONY\AppData\Local\Google\Chrome\Application\chrome.exe <9>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avpui.exe
(KeepSolid Inc.) [File not signed] C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <5>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (Sennheiser) <==== ATTENTION
HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (DarkMatter CA) <==== ATTENTION
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Run: [Google Update] => C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-21] (Google LLC -> Google LLC)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\SYSTEM32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15CC6238-46AF-4196-A3A6-1C01E25DBFFD} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1738186064-958222864-1310178189-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2019-05-15] (Microsoft Windows -> Microsoft Corporation)
Task: {3297F8F9-9C2F-443D-8F38-B5E161CA62C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-08] (Adobe Inc. -> Adobe)
Task: {46B59945-5228-40B4-BF53-FB0DDB36BFB1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1738186064-958222864-1310178189-1000Core => C:\Users\SONY\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-06-18] (Google Inc -> Google LLC)
Task: {5B85198A-9CDE-4E46-B35C-DCE34FCC286C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1738186064-958222864-1310178189-1000UA => C:\Users\SONY\AppData\Local\Google\Update\GoogleUpdate.exe [156456 2019-06-18] (Google Inc -> Google LLC)
Task: {655D59EF-6E6B-42E5-8A7D-72294F360D6C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)
Task: {7D277012-2A2B-4AA0-A999-42D676AF6D99} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {886452C0-6EAB-4A3E-839E-EE48C828B265} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
Task: {E447FBFF-FB27-477B-B95F-7FB5C5BECE4E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [491320 2020-06-23] (Bitdefender SRL -> Bitdefender)
Task: {E71BADFF-7089-4E55-A27A-E2C8F4E50416} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-06-08] (Adobe Inc. -> Adobe)
Task: {FD638E9D-F38B-4E20-A313-D1ACE254A8E3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-09-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {FE3A9D98-5056-4B9B-A05F-8A5B56C80858} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 183.182.100.1 8.8.4.4
Tcpip\..\Interfaces\{310A450C-2256-4579-ACF9-3D29393C4556}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E57A67F-2F45-4C15-9AA6-EAE31389E3C6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4E57A67F-2F45-4C15-9AA6-EAE31389E3C6}: [DhcpNameServer] 183.182.100.1 8.8.4.4
Tcpip\..\Interfaces\{CD144B2F-7574-4F66-A738-3DB8C758D9BA}: [NameServer] 10.100.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1738186064-958222864-1310178189-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: ytww0b7u.default
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ytww0b7u.default [2020-06-25]
FF Homepage: Mozilla\Firefox\Profiles\ytww0b7u.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\ytww0b7u.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF Extension: (Avast Online Security) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\ytww0b7u.default\Extensions\wrc@avast.com.xpi [2020-02-08]
FF ProfilePath: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release [2020-09-05]
FF NewTab: Mozilla\Firefox\Profiles\i4fl49ei.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__191126
FF Extension: (Privacy Badger) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-08-27]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\sp@avast.com.xpi [2020-07-04]
FF Extension: (LastPass: Free Password Manager) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\support@lastpass.com.xpi [2020-08-28]
FF Extension: (uBlock Origin) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-08-23]
FF Extension: (Avast Online Security) - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\i4fl49ei.default-release\Extensions\wrc@avast.com.xpi [2020-06-17]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-06-08] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-06-08] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-08-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-07-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-07-23] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default [2020-09-05]
CHR DownloadDir: C:\Users\SONY\Desktop
CHR Notifications: Default -> hxxps://166716742877603.webpush.freshchat.com; hxxps://app.slack.com; hxxps://voice.google.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-15]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-15]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-15]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-08-08]
CHR Extension: (MozBar) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2019-11-03]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-06]
CHR Extension: (Kaspersky Protection) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-17]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2019-06-18]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2020-09-02]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2020-05-21]
CHR Extension: (Evernote Web) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2019-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-02]
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-01]
CHR Extension: (Slides) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-18]
CHR Extension: (Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-18]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-18]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-10]
CHR Extension: (Sheets) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-05]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-01]
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-19]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
StartMenuInternet: Google Chrome.OZ6TULZGLO2PJGYLWWOESANBQM - C:\Users\SONY\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-08] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-09-05] (Malwarebytes Inc -> Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1356792 2020-06-23] (Bitdefender SRL -> Bitdefender)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13603384 2020-09-01] (Adlice -> )
R2 RppClientService; C:\Program Files (x86)\Eltima Software\Recover PDF Password\agent\RPPc.exe [687104 2012-04-20] (Eltima Software -> Eltima Software)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [49664 2020-06-29] (KeepSolid Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2019-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuardTunnel$VPNUWireguard; C:\Program Files (x86)\VPN Unlimited\WireVPNUImpl.exe [17920 2020-05-21] () [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651648 2019-05-16] (Microsoft Corporation) [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-09-05] (Malwarebytes Corporation -> Malwarebytes)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [531584 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [79768 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [145504 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [251800 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [643840 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1277704 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998808 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [79760 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [211048 2020-05-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [233368 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217608 2020-09-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197280 2020-09-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73880 2020-09-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-09-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [119920 2020-09-05] (Malwarebytes Inc -> Malwarebytes)
R2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2009-06-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [11392 2007-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2019-06-19] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2018-09-07] (ProtonVPN AG -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-09-05] (Adlice -> )
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\Windows\System32\DRIVERS\wintun.sys [29576 2019-12-30] (WireGuard LLC -> WireGuard LLC)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [398112 2011-09-14] (Marvell Semiconductor -> Marvell)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
U1 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-05 13:07 - 2020-09-05 13:32 - 000000000 ____D C:\Users\SONY\Desktop\Scanny Programs
2020-09-05 13:06 - 2020-09-05 13:06 - 000073880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-09-05 13:04 - 2020-09-05 13:04 - 000197280 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-09-05 13:04 - 2020-09-05 13:04 - 000119920 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-09-05 13:03 - 2020-09-05 13:03 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
2020-09-05 13:00 - 2020-09-05 13:01 - 000000000 ____D C:\AdwCleaner
2020-09-05 12:36 - 2020-09-05 12:36 - 000300576 _____ C:\Windows\Minidump\090520-51433-01.dmp
2020-09-05 12:15 - 2020-09-05 12:15 - 000000000 ____D C:\Users\SONY\AppData\Local\mbam
2020-09-05 12:14 - 2020-09-05 12:14 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-09-05 12:14 - 2020-09-05 12:14 - 000217608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-09-05 12:14 - 2020-09-05 12:14 - 000001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-09-05 12:14 - 2020-09-05 12:13 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-09-05 12:13 - 2020-09-05 12:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-09-05 12:11 - 2020-09-05 12:11 - 000000000 ____D C:\Program Files\Malwarebytes
2020-09-05 11:29 - 2020-09-05 11:46 - 000000000 ____D C:\ProgramData\RogueKiller
2020-09-05 11:29 - 2020-09-05 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-09-05 11:29 - 2020-09-05 11:29 - 000000000 ____D C:\Program Files\RogueKiller
2020-09-02 22:55 - 2020-09-02 22:56 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-09-02 19:28 - 2020-09-03 18:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-09-02 17:08 - 2020-09-02 17:08 - 000000000 ____D C:\Windows\system32\Tasks\Event Viewer Tasks
2020-09-01 15:52 - 2020-09-01 15:52 - 000019469 _____ C:\Users\SONY\Desktop\US List 062020.csv
2020-08-26 14:29 - 2020-08-26 14:29 - 000084072 _____ C:\ProgramData\agent.update.1598426935.bdinstall.v2.bin
2020-08-22 18:49 - 2020-08-29 17:11 - 000000263 _____ C:\Users\SONY\Desktop\Tour Title Layout.txt
2020-08-13 17:34 - 2020-08-13 17:34 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-08-13 17:34 - 2020-08-13 17:34 - 000012288 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb
2020-08-13 17:34 - 2020-08-13 17:34 - 000000000 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-08-13 17:33 - 2020-08-13 17:33 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-08-13 17:33 - 2020-08-13 17:33 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-08-13 17:33 - 2020-08-13 17:33 - 000012288 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb
2020-08-13 17:33 - 2020-08-13 17:33 - 000012288 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb
2020-08-13 17:33 - 2020-08-13 17:33 - 000000000 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-08-13 17:33 - 2020-08-13 17:33 - 000000000 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-wal

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-05 13:33 - 2020-07-23 12:16 - 000000000 ____D C:\FRST
2020-09-05 13:33 - 2020-07-23 09:52 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-09-05 13:18 - 2019-06-18 20:00 - 000000000 ____D C:\Users\SONY\AppData\LocalLow\Mozilla
2020-09-05 13:13 - 2009-07-14 11:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-09-05 13:13 - 2009-07-14 11:45 - 000030112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-09-05 13:10 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
2020-09-05 13:08 - 2019-06-29 09:43 - 000000000 ____D C:\Users\SONY\Desktop\ENC
2020-09-05 13:05 - 2020-06-25 11:34 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-09-05 13:03 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-05 12:36 - 2020-03-28 13:35 - 000000000 ____D C:\Windows\Minidump
2020-09-04 19:07 - 2019-10-07 01:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-09-04 19:07 - 2019-10-07 01:58 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-09-04 15:23 - 2020-08-03 16:56 - 000000000 ____D C:\Users\SONY\Desktop\UK Work
2020-09-03 18:47 - 2019-06-15 21:35 - 000248676 _____ C:\Windows\ntbtlog.txt
2020-09-03 18:40 - 2019-06-18 20:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-09-02 14:44 - 2009-07-14 12:08 - 000032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-09-01 13:56 - 2019-11-20 21:36 - 000002374 _____ C:\Users\SONY\Desktop\Google Chrome.lnk
2020-09-01 13:56 - 2019-06-15 19:19 - 000002411 _____ C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-08-26 14:29 - 2020-06-25 11:32 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-08-24 21:33 - 2020-05-04 13:31 - 000000000 ____D C:\Users\SONY\Desktop\Read Me
2020-08-21 17:16 - 2019-06-24 17:07 - 000000267 _____ C:\Users\SONY\Desktop\email.txt
2020-08-20 17:01 - 2019-06-15 20:21 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-08-14 17:42 - 2019-06-25 13:32 - 000001309 _____ C:\Users\SONY\Desktop\measure.txt
2020-08-13 17:52 - 2019-06-15 20:21 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-08-13 16:47 - 2020-07-23 09:52 - 000998808 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2020-08-13 16:47 - 2020-07-23 09:52 - 000251800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2020-08-13 16:47 - 2020-05-19 09:11 - 000233368 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys

==================== Files in the root of some directories ========

2019-06-22 12:58 - 2019-06-22 12:58 - 000000000 _____ () C:\Users\SONY\AppData\Local\oobelibMkey.log
2020-02-09 20:44 - 2020-02-09 20:44 - 000007597 _____ () C:\Users\SONY\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-27 19:39
==================== End of FRST.txt ========================
 

PakseFrustration

Posts: 16   +0
Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by SONY (05-09-2020 13:36:03)
Running from C:\Users\SONY\Desktop\Scanny Programs
Windows 7 Ultimate Service Pack 1 (X64) (2019-06-15 12:02:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1738186064-958222864-1310178189-500 - Administrator - Disabled)
Guest (S-1-5-21-1738186064-958222864-1310178189-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1738186064-958222864-1310178189-1002 - Limited - Enabled)
SONY (S-1-5-21-1738186064-958222864-1310178189-1000 - Administrator - Enabled) => C:\Users\SONY

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Security Cloud (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Security Cloud (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Cloud (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{AC1A4B11-192E-45F2-A205-D3BF4CC8D938}) (Version: 4.13.0.3800 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20043 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.371 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.54 - NCH Software)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.0.0.35798 - Foxit Software Inc.)
Google Chrome (HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\Google Chrome) (Version: 85.0.4183.83 - Google LLC)
IDM Crack 6.32 build 6 (HKLM-x32\...\IDM Crack 6.32 build 6) (Version: 6.32 build 6 - Crackingpatching.com Team)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky)
Kaspersky Security Cloud (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
K-Lite Mega Codec Pack 14.3.7 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.7 - KLCP)
Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 80.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0.1 (x64 en-US)) (Version: 80.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.2 - Mozilla)
Recover PDF Password 4.0.238 (HKLM-x32\...\Recover PDF Password_is1) (Version: - Eltima Software, Inc.)
RogueKiller version 14.7.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.7.2.0 - Adlice Software)
Skype version 8.53 (HKLM-x32\...\Skype_is1) (Version: 8.53 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\slack) (Version: 4.7.0 - Slack Technologies Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TunSetupVPNU (HKLM\...\{3E4BC5B7-104F-40B3-BEC4-9CEF0BCD0EF8}) (Version: 1.0.0 - Keepsolid Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 7.25 - NCH Software)
VPN Unlimited 7.4 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 7.4 - KeepSolid Inc.)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\SONY\AppData\Local\Google\Chrome\Application\85.0.4183.83\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\ShellEx.dll [2020-07-23] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SYSTEM32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SYSTEM32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SYSTEM32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SYSTEM32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SYSTEM32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-06-20 15:56 - 2020-06-29 11:47 - 001876992 _____ () [File not signed] C:\Program Files (x86)\VPN Unlimited\vpnu_private_sdk.dll
2019-05-16 08:52 - 2019-05-16 08:52 - 002651648 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000058880 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\VPN Unlimited\cares.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000361984 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libcurl.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 002516480 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libcrypto-1_1.dll
2019-06-20 15:56 - 2020-05-21 17:00 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN Unlimited\libssl-1_1.dll
2019-06-20 15:56 - 2018-02-16 17:17 - 004628480 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\VPN Unlimited\Qt5Core.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:02B2B479 [125]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1738186064-958222864-1310178189-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2019-08-06 12:15 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1738186064-958222864-1310178189-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Discord => C:\Users\SONY\AppData\Local\Discord\app-0.0.305\Discord.exe
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: utweb => "C:\Users\SONY\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9CAC9CCD-66DB-4E10-836B-FEDDFD51A6D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{88E3DD29-BED4-4DD3-85F5-A0A1057B0444}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{696C76F7-C8CC-4667-BA57-9FCD706E79E3}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{F8CEDD9F-6717-499A-B45A-DA9884EDF62A}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{43F64A85-4742-4520-B5D7-9941AB7185E5}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{C4292981-0980-4FEF-86DE-F7514AC651C2}C:\users\sony\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\sony\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{031BFEBD-391A-439D-A78A-368EE7E21E60}C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe] => (Allow) C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe (Eltima Software -> Eltima Software)
FirewallRules: [UDP Query User{1E25E491-558C-4B1E-B453-3AF1AC634CB1}C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe] => (Allow) C:\program files (x86)\eltima software\recover pdf password\server\rpp.exe (Eltima Software -> Eltima Software)
FirewallRules: [{32272219-F654-40D5-90FF-4337DCF3464F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B0D4F3C-588A-4859-8956-0E90C027F87B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7A75122F-5F52-461F-BDD9-A1267E9B0999}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [{24809C58-4ADA-4854-B5A2-891A723D92BF}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [TCP Query User{3FAA61BB-4314-4F34-9EC5-26F5F20E45C2}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [UDP Query User{20445883-975E-47C9-ACE9-2A3E5CD1C202}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [TCP Query User{CFF03755-B145-47B4-88D5-F105E91F31B4}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [UDP Query User{0631744D-6C26-4BBE-B5D3-B87C7D30F2A9}C:\program files (x86)\vpn unlimited\vpn-unlimited.exe] => (Allow) C:\program files (x86)\vpn unlimited\vpn-unlimited.exe (KeepSolid Inc.) [File not signed]
FirewallRules: [TCP Query User{BD673061-250C-4BF2-A6DF-3FDFC6111505}C:\users\sony\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [UDP Query User{F938538B-89BB-41FC-9E67-34C24889D9EF}C:\users\sony\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\utorrent.exe => No File

==================== Restore Points =========================

31-08-2020 15:47:23 Windows Update
04-09-2020 00:02:57 Windows Update

==================== Faulty Device Manager Devices ============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/05/2020 01:04:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2020 12:38:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2020 11:09:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/04/2020 07:03:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/04/2020 11:57:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/03/2020 06:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/03/2020 06:41:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2020 08:23:53 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007


System errors:
=============
Error: (09/05/2020 01:01:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VPN Unlimited Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/05/2020 01:01:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/05/2020 01:01:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2020 01:01:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Monitor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2020 01:01:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Foxit Reader Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2020 01:01:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2020 01:01:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProductAgentService service terminated unexpectedly. It has done this 1 time(s).

Error: (09/05/2020 01:01:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RogueKiller RTP service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2020-08-16 12:55:42.406
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{F02BE15B-2BEE-4B11-8FFE-AAF930BCAEC4}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2020-08-16 10:43:56.284
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C2DDDCC1-B44C-46AF-B005-67C2F26A65D1}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2020-08-16 10:19:09.474
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{BC018B59-94E5-4EBA-AFEC-2EF852B068D2}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-08-04 18:47:29.028
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{9A10434B-223E-4997-A5AC-2160EDB46397}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-07-26 16:21:06.585
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{856CB659-5365-4251-8CA4-ABAA05A9C39A}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-06-27 14:32:02.078
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2020-06-27 10:37:25.159
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2020-06-26 15:39:16.661
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.17200.2
Previous Engine Version:1.1.6402.0
Update Source:User
Error Code:0x8050800c
Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. R0170Y4 05/22/2009
Motherboard: Sony Corporation VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 93%
Total physical RAM: 3935.02 MB
Available physical RAM: 269.85 MB
Total Virtual: 7868.18 MB
Available Virtual: 3156.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.17 GB) (Free:9.42 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:21.72 GB) NTFS

\\?\Volume{d6230fd6-8fd9-11e9-b262-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 82D76217)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,827   +503
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.9 KB · Views: 2

PakseFrustration

Posts: 16   +0
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2020
Ran by SONY (05-09-2020 13:57:14) Run:1
Running from C:\Users\SONY\Desktop
Loaded Profiles: SONY
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\ DisallowedCertificates: 1990649205B55EAB5D692E9EDB1BE0DDD3B037DE (Sennheiser) <==== ATTENTION
HKLM\ DisallowedCertificates: C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 (DarkMatter CA) <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-07-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-07-23] <==== ATTENTION
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
U1 aswbdisk; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-06-22 12:58 - 2019-06-22 12:58 - 000000000 _____ () C:\Users\SONY\AppData\Local\oobelibMkey.log
2020-02-09 20:44 - 2020-02-09 20:44 - 000007597 _____ () C:\Users\SONY\AppData\Local\Resmon.ResmonCfg
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\SONY\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:02B2B479 [125]
FirewallRules: [TCP Query User{BD673061-250C-4BF2-A6DF-3FDFC6111505}C:\users\sony\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [UDP Query User{F938538B-89BB-41FC-9E67-34C24889D9EF}C:\users\sony\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sony\appdata\roaming\utorrent\utorrent.exe => No File


*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1990649205B55EAB5D692E9EDB1BE0DDD3B037DE => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\C597D4E7FF9CE5BD3EC321C11827FCA9294A6BA1 => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js => moved successfully
C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg => moved successfully
HKLM\System\CurrentControlSet\Services\ACDaemon => removed successfully
ACDaemon => service removed successfully
HKLM\System\CurrentControlSet\Services\ApfiltrService => removed successfully
ApfiltrService => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\SONY\AppData\Local\oobelibMkey.log => moved successfully
C:\Users\SONY\AppData\Local\Resmon.ResmonCfg => moved successfully
HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE} => removed successfully
HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54} => removed successfully
HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401} => removed successfully
HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5} => removed successfully
HKU\S-1-5-21-1738186064-958222864-1310178189-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
C:\ProgramData\TEMP => ":02B2B479" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BD673061-250C-4BF2-A6DF-3FDFC6111505}C:\users\sony\appdata\roaming\utorrent\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F938538B-89BB-41FC-9E67-34C24889D9EF}C:\users\sony\appdata\roaming\utorrent\utorrent.exe" => removed successfully

==== End of Fixlog 13:57:14 ====
 

Broni

Posts: 55,827   +503
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

PakseFrustration

Posts: 16   +0
Security Check log

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Malwarebytes
Kaspersky Security Cloud
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 32.0.0.371
Google Chrome (85.0.4183.83)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Bitdefender Agent ProductAgentService.exe
Bitdefender Agent DiscoverySrv.exe
Kaspersky Lab Kaspersky Security Cloud 20.0 avp.exe
Kaspersky Lab Kaspersky Security Cloud 20.0 avpui.exe
Kaspersky Lab Kaspersky Secure Connection 4.0 ksde.exe
Kaspersky Lab Kaspersky Secure Connection 4.0 ksdeui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

PakseFrustration

Posts: 16   +0
FSS log

Farbar Service Scanner Version: 14-12-2019
Ran by SONY (administrator) on 05-09-2020 at 16:03:12
Running from "C:\Users\SONY\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

PakseFrustration

Posts: 16   +0
After running TFC, this (see picture) appeared, but I wasn't sure what to do so I just closed it & ran the final program which did not generate any logs.


1599306737729.png
 

Broni

Posts: 55,827   +503
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.