Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware blocking internet access?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware blocking internet access?

Unread postby yerbyb » April 27th, 2016, 3:33 am

Hello,

I've managed to get something on to my laptop, it appeared at the same time as Shopperz and MPC Cleaner.
I've used a few different programs (Avast, Adwcleaner, Hitman Pro) to try and wipe it but to no avail.
I also tried installing MBAM and got Runtime Error (at 110:137): Could not call proc.
One of the locations Avast flagged up was C:\Windows\SysWOW64\dnsapi.dll

Everything I've tried can't connect to the internet apart from Avast (via updates) and their SafeZone browser.

Opened Chrome and got an error message (twice):
RunDLL
There was a problem starting C:\Program Files\AVAST\Software\Avast\defs\16042502\bcuengine.dll
Operation did not complete successfully because the file contains a virus or potentially unwanted software.

Tried opening a photo (using Photos) and got the error message:
This app can't open
Photos can't be opened using the Built-in Administrator account. Sign in with a different account and try again.

Opened task manager and VC Agent is using heaps of memory.

Please help!

Regards,
Ben


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Ben (administrator) on BEN-VAIO (27-04-2016 07:33:48)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben & Lauren & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-05-27] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1802424 2015-11-26] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2015-11-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-26] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-17] (AVAST Software)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2010-04-27] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2010-04-27] (UPEK Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{2599466d-1ebe-49ad-ae13-b8ddeaa690eb}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{b485a6d4-4564-4ce3-bfb5-65ecb278fd7f}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=SVEE
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=SVEE
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {669FEA48-2777-405B-A9B9-6B2FFA504A32} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {7C46CE2B-7CC6-4F69-A8DA-A337466A2A7D} URL = hxxp://uk.shopping.com/?linkin_id=8056359
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {E7A3B793-9903-423F-808E-05DECB668200} URL = hxxp://rover.ebay.com/rover/1/710-42480 ... 4?satitle={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: GsearchFinder - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&p ... 3UtC3MsAk..
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=06481487F9B42635474C1165B173518F&v=20160415&ts=AHEqA3UtC3MsAk.."
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-16]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-16]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-17] (AVAST Software)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 QDLService2kSony; c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [330488 2009-12-08] (QUALCOMM, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-11-06] (Synaptics Incorporated)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
U4 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X]
S2 Oluia; "C:\Users\Ben\AppData\Roaming\TeadmeMeapvo\Wypbo.exe" -cms [X]
S2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-26] (AVAST Software)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-04-26] ()
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-22] (Intel(R) Corporation) [File not signed]
R3 qcfilterSny2k; C:\Windows\System32\drivers\qcfilterSny2k.sys [6400 2009-12-08] (QUALCOMM Incorporated)
R3 qcusbnetsny2k; C:\Windows\System32\drivers\qcusbnetsny2k.sys [240640 2009-12-08] (QUALCOMM Incorporated)
R3 qcusbserSny2k; C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [121216 2009-12-08] (QUALCOMM Incorporated)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [29352 2015-11-02] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-11-06] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U4 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-27 07:33 - 2016-04-27 07:34 - 00018498 _____ C:\Users\Ben\Desktop\FRST.txt
2016-04-27 07:33 - 2016-04-27 07:33 - 00000000 ____D C:\FRST
2016-04-27 07:32 - 2016-04-27 07:32 - 00000000 ____D C:\Users\Ben\Desktop\Cool
2016-04-27 07:31 - 2016-04-27 03:15 - 02376192 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-04-26 09:23 - 2016-04-26 09:23 - 00027760 _____ C:\WINDOWS\system32\.crusader
2016-04-26 08:47 - 2016-04-26 09:28 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-04-26 08:47 - 2016-04-26 08:47 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-26 08:46 - 2016-04-26 08:46 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-26 08:45 - 2016-04-26 09:24 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-26 08:17 - 2016-04-26 08:38 - 00000000 ____D C:\AdwCleaner
2016-04-26 08:10 - 2016-04-26 08:04 - 11441744 _____ (SurfRight B.V.) C:\Users\Ben\Desktop\hitmanpro_x64.exe
2016-04-26 08:10 - 2016-04-26 08:02 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-26 08:10 - 2016-04-26 07:54 - 03580480 _____ C:\Users\Ben\Desktop\adwcleaner_5.113.exe
2016-04-26 07:19 - 2016-04-26 07:19 - 00007606 _____ C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2016-04-17 14:44 - 2016-04-17 14:44 - 00000000 ____D C:\Users\Ben\AppData\Roaming\MCorp
2016-04-17 14:41 - 2016-04-17 14:41 - 00003164 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1460900447
2016-04-17 14:41 - 2016-04-17 14:41 - 00001082 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-17 14:41 - 2016-04-17 14:41 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-17 14:34 - 2016-04-17 14:34 - 00000000 ____D C:\WINDOWS\system32\mugi
2016-04-17 14:29 - 2016-04-17 14:28 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-04-17 14:29 - 2016-04-17 14:28 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-04-17 14:28 - 2016-04-17 14:28 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-04-17 14:16 - 2016-04-17 14:44 - 00000000 ____D C:\Program Files\Paapsuacaju
2016-04-17 14:16 - 2016-04-17 14:17 - 00000000 ____D C:\Users\Ben\AppData\Local\Tempfolder
2016-04-17 14:15 - 2016-04-26 08:31 - 00000000 ____D C:\Program Files (x86)\browseextension
2016-04-17 14:15 - 2016-04-17 14:15 - 00000000 ____D C:\Users\Ben\AppData\Local\tuto_monetize_120160416
2016-04-17 14:14 - 2016-04-18 01:55 - 00000696 __RSH C:\ProgramData\ntuser.pol
2016-04-17 14:11 - 2016-04-17 14:11 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-17 14:10 - 2016-04-17 14:10 - 02386201 _____ C:\WINDOWS\chromebrowser.exe
2016-04-16 08:14 - 2016-04-16 08:14 - 00003090 _____ C:\Users\Ben\Desktop\Ben CV.txt
2016-03-31 05:36 - 2016-03-31 05:36 - 00000000 ____D C:\Users\Ben\New folder (3)
2016-03-31 05:32 - 2016-04-18 01:56 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Anvsoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-26 10:19 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-26 10:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-26 10:18 - 2014-08-20 23:11 - 00000000 ____D C:\Users\Ben\AppData\Roaming\BitComet
2016-04-26 10:17 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-26 10:13 - 2014-07-22 16:16 - 00000000 ____D C:\Users\Ben\Documents\Recuva
2016-04-26 09:37 - 2014-07-23 10:33 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-26 09:34 - 2014-07-23 10:21 - 00895120 _____ (Google Inc.) C:\Users\Ben\Downloads\ChromeSetup(2).exe
2016-04-26 09:33 - 2014-07-23 11:27 - 00918952 _____ (Oracle Corporation) C:\Users\Ben\Downloads\chromeinstall-7u65.exe
2016-04-26 09:33 - 2014-07-23 10:31 - 00819144 _____ (Google Inc.) C:\Users\Ben\Downloads\chrome_installer(1).exe
2016-04-26 09:30 - 2014-07-23 10:33 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-26 09:27 - 2015-12-14 00:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-26 09:27 - 2015-12-14 00:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-26 09:25 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-26 08:45 - 2014-07-23 09:32 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-04-26 08:43 - 2014-07-22 11:30 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8E33020E-755A-4B4C-B5C8-488687D63A75}
2016-04-26 08:32 - 2014-07-23 09:32 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-26 08:10 - 2015-12-14 00:25 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-26 08:10 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-26 08:09 - 2014-07-23 13:05 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-04-18 01:55 - 2014-07-23 10:35 - 00002137 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 14:34 - 2015-12-14 00:26 - 00000000 ____D C:\Users\Ben
2016-04-17 14:34 - 2015-10-30 08:18 - 00535088 _____ C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-17 14:29 - 2014-07-23 09:27 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-17 14:28 - 2014-07-23 09:32 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-04-17 14:28 - 2014-07-23 09:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-17 14:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-17 14:14 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-16 03:31 - 2014-07-23 10:33 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-16 03:31 - 2014-07-23 10:33 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-04-26 07:19 - 2016-04-26 07:19 - 0007606 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\acc.enc.exe
C:\Users\Ben\AppData\Local\Temp\dxdiag.exe
C:\Users\Ben\AppData\Local\Temp\libeay32.dll
C:\Users\Ben\AppData\Local\Temp\msconfig.exe
C:\Users\Ben\AppData\Local\Temp\msvcr120.dll
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ben\AppData\Local\Temp\W1LPE92NEN.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-10-30 08:18] - [2016-04-17 14:34] - 0535088 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\WINDOWS\SysWOW64\dnsapi.dll => no Company Name <===== ATTENTION

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-26 07:45

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Ben (2016-04-27 07:35:33)
Running from C:\Users\Ben\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-13 23:51:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2327566409-1839958317-1420291532-500 - Administrator - Disabled)
Ben (S-1-5-21-2327566409-1839958317-1420291532-1000 - Administrator - Enabled) => C:\Users\Ben
DefaultAccount (S-1-5-21-2327566409-1839958317-1420291532-503 - Limited - Disabled)
Guest (S-1-5-21-2327566409-1839958317-1420291532-501 - Limited - Disabled)
Lauren (S-1-5-21-2327566409-1839958317-1420291532-1001 - Limited - Enabled) => C:\Users\Lauren

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 2.1.21228 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 2.1.21228 - British Broadcasting Corp.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
browseextension version 1.1 (HKLM-x32\...\browseextension_is1) (Version: 1.1 - browseextension) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9791 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OneClick Internet (HKLM-x32\...\OneClickInternet) (Version: 3.0 - OneClick Internet)
Protector Suite 2009 (HKLM\...\{0F841121-4DB6-4B31-839F-7F5AB3BB3423}) (Version: 5.9.3.6321 - UPEK Inc.)
Qualcomm Gobi 2000 Package for Sony (HKLM-x32\...\{A91C7D28-59EE-41D4-88C8-F273FFBC4564}) (Version: 1.1.80 - QUALCOMM)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
shopperz (HKLM-x32\...\{7BF3CCFB-DFD7-464A-85A8-40A9D4A6A5AE}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
VAIO Care (HKLM\...\{6EEC3E9C-3479-42EB-B93C-E7DF7927DD82}) (Version: 8.4.4.09181 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.3.0.05310 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.2.0.07020 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation)
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\WinDirStat) (Version: - )
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ben\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02DB6517-BC23-4004-8B82-0DAD846807B8} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {0AED3133-9DDF-4DEE-9ABA-1C79EF0C3F45} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {0CE8586F-8154-49F6-A29A-17FE83246760} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {12B53AC6-3844-4244-9F1D-02B440A19819} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1A709A69-465D-4EE3-A304-74B54DE1ADF0} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {1FC760C7-1226-46E2-89B9-B880D4394A22} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {21BAEBAF-6A16-4A0A-A015-7BE37D84FD92} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {22B1F911-754F-40D7-A32B-B7A2F322FAE7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2775BB56-A43D-4B7B-AB48-413707301849} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {2D219DF4-51C4-481D-B519-17FA558FA4C0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2F3285B7-B05A-48EE-9ADD-C282EC9E3E57} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3A53712C-5F44-4F8A-96C5-FBE999715011} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {41D0DBC8-DF9A-4302-913F-C493941AC521} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {449179AE-B465-4BD0-B5E9-774CF5388A22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4C54A90A-C887-465F-B810-AD08846BD8D3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {4D5F467E-8BD8-49E2-9E1D-065F2DA3E0FC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {50B7CCCF-AE1D-4D9A-9727-C3FE90E4FC4E} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {52E0BADF-3B2E-438D-8372-936535295CED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58192DD0-5B24-43B7-9D3A-19239C1EE8FC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {5B0924FD-40B5-46F6-AC69-AD36DC131870} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-17] (AVAST Software)
Task: {5D820C98-0011-44B0-A2EC-10196AE07A41} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6047CA1E-5B52-418C-B846-4885E242736F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6449F0D9-40BA-483C-81CF-7C776261B55D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {66A89628-1A53-498B-BD5B-9129B19FD6F7} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {6B4F148C-C9F7-4EA6-BAED-31E600380096} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F79EF46-C6E9-447B-81C9-1830E3456D25} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {70E05DC3-A4A0-41A0-AF79-3007103ED42E} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {73CD2943-388C-4374-86EF-85671327BE95} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {75157E0A-32A0-49C2-8D6A-9E1967FE998B} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {76986919-8F4B-427C-9DDF-5F1FD362787D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {78E2628C-D7CA-4DF2-9AB9-67898A81327F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {7F6DCF8A-C2AF-4CD9-BB44-B5D97AD785DC} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-23] (Sony Corporation)
Task: {8056C37A-6EAF-4010-94FB-BE3E8FC10621} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {816FFE2D-BC49-4A9C-8663-3A29D5D2086D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {853818D0-9EE0-482E-9D77-BBCAE1D7987B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {89B8A677-DC55-4981-82CC-DE4BE5F1968A} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {931F9F25-FEA2-4CB2-96CD-94CD3CD3F9FD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {94126247-7F87-4CF0-9CC9-7E55ADC9FDE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {970F7B78-81AF-4A70-ACF4-B905A382DA1C} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {9A4BA312-45F9-4034-8B34-99B1458807CB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9A653206-662A-4C31-B28B-B03BA2EF4874} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {9F6C227E-44A1-40A3-8DAD-DB64D2E8F59C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {A7874D18-1CB3-4F82-BE2B-E105EF1AA13C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {ACD4E03C-EAE0-4E04-8D7F-E8228B25892A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {B233070B-EF82-42BB-B45E-EB49279546FD} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {B51DC954-D947-4E6F-8A3D-EA14FE51419A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B6417DB2-96A1-45A3-BDD7-E27093323100} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {BE4E5E3A-6035-47EE-AE95-C70649473E20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C447C919-0203-40D3-9467-0485177639B3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D734D950-4D98-4842-90A6-5F9861D2B154} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DAE4541C-8774-4482-9991-7BAE1A333B87} - System32\Tasks\SafeZone scheduled Autoupdate 1460900447 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {DC05946A-A160-48FA-8A10-EC1DD9269F9A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DD3CDFF8-3CC7-4081-8857-39570908113D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {E64D0EBA-54DA-47C4-806E-440E50F4E465} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E7EFF5D8-D407-41BC-93D7-CA34E4280CE6} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {EFA3DDA3-137B-467A-8C09-387A956CF0FE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F073110F-F7C0-472D-93A8-AC8E8F34BB7B} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {F6C42010-A6AF-4254-BA40-B3337B26C91D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {FE98B4C9-50A1-43CA-ACFF-4172B792452B} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-14 00:21 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-14 07:32 - 2015-12-14 08:08 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00413336 _____ () C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
2015-08-26 14:06 - 2015-08-26 14:06 - 00709272 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_modeler.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00130712 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_process_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00025752 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_system_power_state_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00059544 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_quality_and_reliability_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00194712 _____ () C:\Program Files\Sony\VAIO Care\ESRV\acpi_battery_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00159896 _____ () C:\Program Files\Sony\VAIO Care\ESRV\sema_thermal_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00158360 _____ () C:\Program Files\Sony\VAIO Care\ESRV\wifi_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00050840 _____ () C:\Program Files\Sony\VAIO Care\ESRV\devices_use_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00032920 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_disktrace_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00458904 _____ () C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
2015-08-26 14:06 - 2015-08-26 14:06 - 00185496 _____ () C:\Program Files\Sony\VAIO Care\ESRV\foreground_window_input.dll
2016-04-17 14:28 - 2016-04-17 14:28 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll
2016-04-17 14:28 - 2016-04-17 14:28 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-17 14:28 - 2016-04-17 14:28 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-26 04:59 - 2016-04-26 04:59 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042502\algo.dll
2016-04-17 14:28 - 2016-04-17 14:28 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-07-22 09:48 - 2010-05-31 19:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2014-07-22 09:48 - 2010-05-31 19:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-12-14 07:32 - 2015-12-14 08:08 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-14 07:32 - 2015-12-14 08:08 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-06 18:46 - 2015-12-06 18:46 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-07-20 18:01 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-10-13 06:46 - 2015-10-13 06:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-04-17 14:34 - 00001444 ____A C:\WINDOWS\system32\Drivers\etc\hosts

107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Sony\VAIO 09 img1 Wallpaper 1366x768.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SMSetup => "C:\Users\Ben\AppData\Local\Temp\~sp6CD9.tmp" "C:\Users\Ben\AppData\Local\Temp\~sp6CD9.tmp" /S /cnid 407453 /dsie /dsff /dsgc /hp /wait /ntp_ie /ms /S /restart
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
MSCONFIG\startupreg: Zoner Photo Studio Service 16 => "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{EB8F29A1-6717-44BA-B131-CD83A4EFA65A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D4949C3D-8859-412E-8059-A77B4F08D959}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7938973C-F07A-4532-9F10-C6EDE0DAAB61}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D8DDAB9E-2176-48A3-A3BE-3E9640746B19}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{CC81183F-4D8E-4D54-BB86-86EF3068ED0E}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{7BAE6CBA-A089-4287-BF70-64458E4AC7E8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4727595D-C10A-4C5C-BB57-BCD332896BD3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7C500BA5-4E45-445C-A71B-75E90CE1AB3D}] => (Allow) svchost.exe
FirewallRules: [{854FDCFA-A091-4213-A0ED-1588AF4AA6B7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{06A04842-8BCE-448D-8FE5-0C3464BABE9C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{51CD5278-00A8-4C40-895E-BE37FE327FF3}] => (Allow) LPort=2869
FirewallRules: [{9C350CBE-E4B3-4ED9-B4D5-20D80A512B03}] => (Allow) LPort=1900
FirewallRules: [{54184850-E74C-452D-A1E9-069DB3348CF8}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{E1168C28-E645-4FE7-BCB8-E36BAAB39E22}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{EB56001B-89C8-4F8F-A1E4-CCC1A4E3692A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D35FDE99-1D04-4A33-ABAC-00D5366B55BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{438F267F-62DA-485B-93F3-E08B95243AB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D66CBC2-CE3A-44B9-8F3B-079F99A3C4EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C498EC1F-AC39-43D9-BD2B-6CF2D4455286}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4DFF45A6-C4FB-48AC-B68E-A31F073EC286}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1EAB4EB9-1613-48B5-9B97-6791C2A98F3B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{7465BA47-5CF3-4602-A6AA-7B9B0CC7956D}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{76F9290F-0998-4D54-8767-B0EA78F830FF}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{6A5D66BE-5D55-4042-B635-6BCDC7A504AB}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{0D643003-6943-4FA8-BE1A-CC85B11C817C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F54B2744-23B7-44D0-8F80-94BECC7EFAB8}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{9768E43D-C8EF-4AD2-8101-A32F1AAFCC67}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [{C3619DCF-58D4-4E45-B4C0-1F334E0739B1}] => (Allow) LPort=24459
FirewallRules: [{5BDD35F0-D5AD-4ED1-81E9-1B1A45DDA67E}] => (Allow) LPort=24459

==================== Restore Points =========================

31-03-2016 03:13:55 Scheduled Checkpoint
17-04-2016 00:29:25 Scheduled Checkpoint
26-04-2016 09:17:40 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2016 07:30:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/27/2016 07:30:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/27/2016 07:30:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/27/2016 07:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76290218

Error: (04/27/2016 07:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76290218

Error: (04/27/2016 07:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/27/2016 07:30:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/27/2016 07:30:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/27/2016 07:30:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/26/2016 04:19:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (04/27/2016 07:31:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (04/27/2016 07:30:27 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Qualcomm Gobi 2000 HS-USB Mobile Broadband Device 9225, {A4205C17-661C-4FDD-80C2-55EEEFD53D04}, had event 74

Error: (04/26/2016 09:30:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (04/26/2016 09:29:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
%%1053

Error: (04/26/2016 09:29:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (04/26/2016 09:28:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WTGService service failed to start due to the following error:
%%2

Error: (04/26/2016 09:28:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Oluia service failed to start due to the following error:
%%2

Error: (04/26/2016 09:28:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (04/26/2016 09:27:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275

Error: (04/26/2016 09:25:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error:
%%997


CodeIntegrity:
===================================
Date: 2016-04-17 14:09:30.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-17 14:09:01.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-25 06:15:41.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-14 01:55:38.365
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-14 01:55:38.348
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-14 01:55:38.284
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-13 23:50:41.071
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 23:47:08.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 23:41:02.110
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 23:17:50.833
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 34%
Total physical RAM: 6006.88 MB
Available physical RAM: 3940.52 MB
Total Virtual: 12150.88 MB
Available Virtual: 10127.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:454.49 GB) (Free:31.61 GB) NTFS
Drive e: (SCRUBS) (CDROM) (Total:7.36 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 49520B0C)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=510 MB) - (Type=27)

==================== End of Addition.txt ============================
yerbyb
Active Member
 
Posts: 10
Joined: April 27th, 2016, 3:02 am
Advertisement
Register to Remove

Re: Malware blocking internet access?

Unread postby Blade81 » April 27th, 2016, 12:27 pm

Hi,

If you removed MBAM installer file please download it here to your desktop but don't try to run it yet. We'll do a bit later.

Right click Windows logo (on the left corner of the Windows taskbar) and select Command Prompt (Admin). Then type in the following command and wait until finished:
Code: Select all
sfc /scannow


Then run FRST again and post back its log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Malware blocking internet access?

Unread postby yerbyb » April 27th, 2016, 9:05 pm

File was too long to post so is attached.
You do not have the required permissions to view the files attached to this post.
yerbyb
Active Member
 
Posts: 10
Joined: April 27th, 2016, 3:02 am

Re: Malware blocking internet access?

Unread postby Blade81 » April 28th, 2016, 3:57 am

Good. Let's see if we can get MBAM run next.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Malware blocking internet access?

Unread postby yerbyb » April 28th, 2016, 8:53 am

After a restart, the log reads:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28-Apr-16
Scan Time: 10:19 AM
Logfile: MBAM removes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.28.03
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Ben

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 476628
Time Elapsed: 45 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
yerbyb
Active Member
 
Posts: 10
Joined: April 27th, 2016, 3:02 am

Re: Malware blocking internet access?

Unread postby Blade81 » April 28th, 2016, 9:35 am

Hi,

If you have adwCleaner still installed please run it again with scan option and post back the log.

Also, re run FRST making sure Addition.txt related option is checked. Post back the logs (FRST.txt and Addition.txt).
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Malware blocking internet access?

Unread postby yerbyb » April 28th, 2016, 10:49 pm

# AdwCleaner v5.114 - Logfile created 29/04/2016 at 03:22:36
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Server]
# Operating system : Windows 10 Pro (X64)
# Username : Ben - BEN-VAIO
# Running from : C:\Users\Ben\Desktop\adwcleaner_5.114.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Key Found : HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6459 bytes] - [26/04/2016 08:22:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [1416 bytes] - [26/04/2016 08:38:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [6710 bytes] - [26/04/2016 08:18:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [1212 bytes] - [26/04/2016 08:31:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1042 bytes] - [29/04/2016 03:22:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1115 bytes] ##########
yerbyb
Active Member
 
Posts: 10
Joined: April 27th, 2016, 3:02 am

Re: Malware blocking internet access?

Unread postby yerbyb » April 28th, 2016, 10:52 pm

Files too long to post- attached.
You do not have the required permissions to view the files attached to this post.
yerbyb
Active Member
 
Posts: 10
Joined: April 27th, 2016, 3:02 am

Re: Malware blocking internet access?

Unread postby Blade81 » April 30th, 2016, 4:03 am

Hi,

Run AdwCleaner again and clean those findings. Post back the log.


  1. Click Window button
  2. Type notepad.exe in the search programs and files box and click Enter.
    A blank Notepad page should open.
  3. Copy and Paste the script below into Notepad. Do not include the words Code: select all
    (Click the select all text next to Code: to automatically select the entire script).
    Code: Select all
    Hosts:
    browseextension version 1.1 (HKLM-x32\...\browseextension_is1) (Version: 1.1 - browseextension) <==== ATTENTION
    shopperz (HKLM-x32\...\{7BF3CCFB-DFD7-464A-85A8-40A9D4A6A5AE}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=06481487F9B42635474C1165B173518F&v=20160415&ts=AHEqA3UtC3MsAk..
    CHR StartupUrls: Default -> "hxxps://www.google.co.uk/","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=06481487F9B42635474C1165B173518F&v=20160415&ts=AHEqA3UtC3MsAk.."
    S2 Oluia; "C:\Users\Ben\AppData\Roaming\TeadmeMeapvo\Wypbo.exe" -cms [X]
    
  4. Save it on your Desktop as filename fixlist.txt <<-- Important!
    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  5. Right-click FRST/FRST64.exe and select "Run as administrator" to run it.
  6. Press the Fix button, once. The fix script will be processed...
    When finished, it will create and open the file Fixlog.txt on your Desktop.
  7. Please copy and paste the contents of the Fixlog.txt file in your next reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Malware blocking internet access?

Unread postby yerbyb » April 30th, 2016, 11:49 pm

# AdwCleaner v5.114 - Logfile created 01/05/2016 at 04:40:54
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Local]
# Operating system : Windows 10 Pro (X64)
# Username : Ben - BEN-VAIO
# Running from : C:\Users\Ben\Desktop\adwcleaner_5.114.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key Deleted : HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6459 bytes] - [26/04/2016 08:22:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [1416 bytes] - [26/04/2016 08:38:12]
C:\AdwCleaner\AdwCleaner[C3].txt - [996 bytes] - [01/05/2016 04:40:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [6710 bytes] - [26/04/2016 08:18:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [1212 bytes] - [26/04/2016 08:31:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1194 bytes] - [29/04/2016 03:22:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [1266 bytes] - [01/05/2016 04:07:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1360 bytes] ##########



Fix result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Ben (2016-05-01 04:48:28) Run:1
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben & Lauren & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Hosts:
browseextension version 1.1 (HKLM-x32\...\browseextension_is1) (Version: 1.1 - browseextension) <==== ATTENTION
shopperz (HKLM-x32\...\{7BF3CCFB-DFD7-464A-85A8-40A9D4A6A5AE}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&p ... 3UtC3MsAk..
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=06481487F9B42635474C1165B173518F&v=20160415&ts=AHEqA3UtC3MsAk.."
S2 Oluia; "C:\Users\Ben\AppData\Roaming\TeadmeMeapvo\Wypbo.exe" -cms [X]
*****************

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
browseextension version 1.1 (HKLM-x32\...\browseextension_is1) (Version: 1.1 - browseextension) <==== ATTENTION => Error: No automatic fix found for this entry.
shopperz (HKLM-x32\...\{7BF3CCFB-DFD7-464A-85A8-40A9D4A6A5AE}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Oluia => service removed successfully

==== End of Fixlog 04:48:28 ====
yerbyb
Active Member
 
Posts: 10
Joined: April 27th, 2016, 3:02 am

Re: Malware blocking internet access?

Unread postby Blade81 » May 1st, 2016, 7:49 am

Hi,

Right click on Windows button and select Programs and Features. Uninstall these if present:
browseextension version 1.1
shopperz


When done, run FRST (with Addition.txt option checked) again and post back the logs.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Malware blocking internet access?

Unread postby yerbyb » May 1st, 2016, 8:36 am

Tried to uninstall shopperz and got the error:
An error occurred while trying to uninstall shopperz. It may have already been uninstalled.
Would you like to remove shopperz from the Programs and Features list?

Just got the same error message from the browseextension.

I clicked no for both- awaiting further instruction.

FRST logs are too long to post.
You do not have the required permissions to view the files attached to this post.
yerbyb
Active Member
 
Posts: 10
Joined: April 27th, 2016, 3:02 am

Re: Malware blocking internet access?

Unread postby Blade81 » May 2nd, 2016, 3:32 am

Hi,

Click 'yes' for both. That will remove those ghost entries from the list. How's the system running now?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Malware blocking internet access?

Unread postby yerbyb » May 2nd, 2016, 4:38 am

Ok, have done.

Still getting the same error message when trying to open Settings and Photos, saying they can't be activated by the built in administrator
yerbyb
Active Member
 
Posts: 10
Joined: April 27th, 2016, 3:02 am

Re: Malware blocking internet access?

Unread postby Blade81 » May 2nd, 2016, 5:44 am

Hi,

Still getting the same error message when trying to open Settings and Photos, saying they can't be activated by the built in administrator

Do you recall when this problem began to appear? Click Windows button type uac and press enter. In the User Account Control Settings window check that the slider is at its highest (1st) position (if not, set it so and click ok).
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware