I've managed to get something on to my laptop, it appeared at the same time as Shopperz and MPC Cleaner.
I've used a few different programs (Avast, Adwcleaner, Hitman Pro) to try and wipe it but to no avail.
I also tried installing MBAM and got Runtime Error (at 110:137): Could not call proc.
One of the locations Avast flagged up was C:\Windows\SysWOW64\dnsapi.dll
Everything I've tried can't connect to the internet apart from Avast (via updates) and their SafeZone browser.
Opened Chrome and got an error message (twice):
RunDLL
There was a problem starting C:\Program Files\AVAST\Software\Avast\defs\16042502\bcuengine.dll
Operation did not complete successfully because the file contains a virus or potentially unwanted software.
Tried opening a photo (using Photos) and got the error message:
This app can't open
Photos can't be opened using the Built-in Administrator account. Sign in with a different account and try again.
Opened task manager and VC Agent is using heaps of memory.
Please help!
Regards,
Ben
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Ben (administrator) on BEN-VAIO (27-04-2016 07:33:48)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben (Available Profiles: Ben & Lauren & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-05-27] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1802424 2015-11-26] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954368 2015-11-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-26] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-17] (AVAST Software)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll [2010-04-27] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll [2010-04-27] (UPEK Inc.)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{2599466d-1ebe-49ad-ae13-b8ddeaa690eb}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{b485a6d4-4564-4ce3-bfb5-65ecb278fd7f}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=SVEE
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=SVEE
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {669FEA48-2777-405B-A9B9-6B2FFA504A32} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {7C46CE2B-7CC6-4F69-A8DA-A337466A2A7D} URL = hxxp://uk.shopping.com/?linkin_id=8056359
SearchScopes: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000 -> {E7A3B793-9903-423F-808E-05DECB668200} URL = hxxp://rover.ebay.com/rover/1/710-42480 ... 4?satitle={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Extension: GsearchFinder - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-17]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&p ... 3UtC3MsAk..
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=06481487F9B42635474C1165B173518F&v=20160415&ts=AHEqA3UtC3MsAk.."
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Adblock Plus) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-16]
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-16]
CHR Extension: (Avast Online Security) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-17]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-17] (AVAST Software)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 QDLService2kSony; c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [330488 2009-12-08] (QUALCOMM, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-11-06] (Synaptics Incorporated)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
U4 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X]
S2 Oluia; "C:\Users\Ben\AppData\Roaming\TeadmeMeapvo\Wypbo.exe" -cms [X]
S2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-26] (AVAST Software)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-04-26] ()
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-22] (Intel(R) Corporation) [File not signed]
R3 qcfilterSny2k; C:\Windows\System32\drivers\qcfilterSny2k.sys [6400 2009-12-08] (QUALCOMM Incorporated)
R3 qcusbnetsny2k; C:\Windows\System32\drivers\qcusbnetsny2k.sys [240640 2009-12-08] (QUALCOMM Incorporated)
R3 qcusbserSny2k; C:\Windows\system32\DRIVERS\qcusbserSny2k.sys [121216 2009-12-08] (QUALCOMM Incorporated)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [29352 2015-11-02] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-11-06] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U4 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-27 07:33 - 2016-04-27 07:34 - 00018498 _____ C:\Users\Ben\Desktop\FRST.txt
2016-04-27 07:33 - 2016-04-27 07:33 - 00000000 ____D C:\FRST
2016-04-27 07:32 - 2016-04-27 07:32 - 00000000 ____D C:\Users\Ben\Desktop\Cool
2016-04-27 07:31 - 2016-04-27 03:15 - 02376192 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-04-26 09:23 - 2016-04-26 09:23 - 00027760 _____ C:\WINDOWS\system32\.crusader
2016-04-26 08:47 - 2016-04-26 09:28 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-04-26 08:47 - 2016-04-26 08:47 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-26 08:46 - 2016-04-26 08:46 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-26 08:45 - 2016-04-26 09:24 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-26 08:17 - 2016-04-26 08:38 - 00000000 ____D C:\AdwCleaner
2016-04-26 08:10 - 2016-04-26 08:04 - 11441744 _____ (SurfRight B.V.) C:\Users\Ben\Desktop\hitmanpro_x64.exe
2016-04-26 08:10 - 2016-04-26 08:02 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-26 08:10 - 2016-04-26 07:54 - 03580480 _____ C:\Users\Ben\Desktop\adwcleaner_5.113.exe
2016-04-26 07:19 - 2016-04-26 07:19 - 00007606 _____ C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
2016-04-17 14:44 - 2016-04-17 14:44 - 00000000 ____D C:\Users\Ben\AppData\Roaming\MCorp
2016-04-17 14:41 - 2016-04-17 14:41 - 00003164 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1460900447
2016-04-17 14:41 - 2016-04-17 14:41 - 00001082 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-17 14:41 - 2016-04-17 14:41 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-17 14:34 - 2016-04-17 14:34 - 00000000 ____D C:\WINDOWS\system32\mugi
2016-04-17 14:29 - 2016-04-17 14:28 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-04-17 14:29 - 2016-04-17 14:28 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-04-17 14:28 - 2016-04-17 14:28 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-04-17 14:16 - 2016-04-17 14:44 - 00000000 ____D C:\Program Files\Paapsuacaju
2016-04-17 14:16 - 2016-04-17 14:17 - 00000000 ____D C:\Users\Ben\AppData\Local\Tempfolder
2016-04-17 14:15 - 2016-04-26 08:31 - 00000000 ____D C:\Program Files (x86)\browseextension
2016-04-17 14:15 - 2016-04-17 14:15 - 00000000 ____D C:\Users\Ben\AppData\Local\tuto_monetize_120160416
2016-04-17 14:14 - 2016-04-18 01:55 - 00000696 __RSH C:\ProgramData\ntuser.pol
2016-04-17 14:11 - 2016-04-17 14:11 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-17 14:10 - 2016-04-17 14:10 - 02386201 _____ C:\WINDOWS\chromebrowser.exe
2016-04-16 08:14 - 2016-04-16 08:14 - 00003090 _____ C:\Users\Ben\Desktop\Ben CV.txt
2016-03-31 05:36 - 2016-03-31 05:36 - 00000000 ____D C:\Users\Ben\New folder (3)
2016-03-31 05:32 - 2016-04-18 01:56 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Anvsoft
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-26 10:19 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-26 10:19 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-26 10:18 - 2014-08-20 23:11 - 00000000 ____D C:\Users\Ben\AppData\Roaming\BitComet
2016-04-26 10:17 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-26 10:13 - 2014-07-22 16:16 - 00000000 ____D C:\Users\Ben\Documents\Recuva
2016-04-26 09:37 - 2014-07-23 10:33 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-26 09:34 - 2014-07-23 10:21 - 00895120 _____ (Google Inc.) C:\Users\Ben\Downloads\ChromeSetup(2).exe
2016-04-26 09:33 - 2014-07-23 11:27 - 00918952 _____ (Oracle Corporation) C:\Users\Ben\Downloads\chromeinstall-7u65.exe
2016-04-26 09:33 - 2014-07-23 10:31 - 00819144 _____ (Google Inc.) C:\Users\Ben\Downloads\chrome_installer(1).exe
2016-04-26 09:30 - 2014-07-23 10:33 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-26 09:27 - 2015-12-14 00:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-26 09:27 - 2015-12-14 00:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-26 09:25 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-26 08:45 - 2014-07-23 09:32 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-04-26 08:43 - 2014-07-22 11:30 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8E33020E-755A-4B4C-B5C8-488687D63A75}
2016-04-26 08:32 - 2014-07-23 09:32 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-26 08:10 - 2015-12-14 00:25 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-26 08:10 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-26 08:09 - 2014-07-23 13:05 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-04-18 01:55 - 2014-07-23 10:35 - 00002137 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 14:34 - 2015-12-14 00:26 - 00000000 ____D C:\Users\Ben
2016-04-17 14:34 - 2015-10-30 08:18 - 00535088 _____ C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-17 14:29 - 2014-07-23 09:27 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-17 14:28 - 2014-07-23 09:32 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-04-17 14:28 - 2014-07-23 09:32 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-04-17 14:28 - 2014-07-23 09:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-17 14:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-17 14:14 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-16 03:31 - 2014-07-23 10:33 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-16 03:31 - 2014-07-23 10:33 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2016-04-26 07:19 - 2016-04-26 07:19 - 0007606 _____ () C:\Users\Ben\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\acc.enc.exe
C:\Users\Ben\AppData\Local\Temp\dxdiag.exe
C:\Users\Ben\AppData\Local\Temp\libeay32.dll
C:\Users\Ben\AppData\Local\Temp\msconfig.exe
C:\Users\Ben\AppData\Local\Temp\msvcr120.dll
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ben\AppData\Local\Temp\W1LPE92NEN.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-10-30 08:18] - [2016-04-17 14:34] - 0535088 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\SysWOW64\dnsapi.dll => no Company Name <===== ATTENTION
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-26 07:45
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Ben (2016-04-27 07:35:33)
Running from C:\Users\Ben\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-13 23:51:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2327566409-1839958317-1420291532-500 - Administrator - Disabled)
Ben (S-1-5-21-2327566409-1839958317-1420291532-1000 - Administrator - Enabled) => C:\Users\Ben
DefaultAccount (S-1-5-21-2327566409-1839958317-1420291532-503 - Limited - Disabled)
Guest (S-1-5-21-2327566409-1839958317-1420291532-501 - Limited - Disabled)
Lauren (S-1-5-21-2327566409-1839958317-1420291532-1001 - Limited - Enabled) => C:\Users\Lauren
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 2.1.21228 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 2.1.21228 - British Broadcasting Corp.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
browseextension version 1.1 (HKLM-x32\...\browseextension_is1) (Version: 1.1 - browseextension) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.4.2224 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9791 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OneClick Internet (HKLM-x32\...\OneClickInternet) (Version: 3.0 - OneClick Internet)
Protector Suite 2009 (HKLM\...\{0F841121-4DB6-4B31-839F-7F5AB3BB3423}) (Version: 5.9.3.6321 - UPEK Inc.)
Qualcomm Gobi 2000 Package for Sony (HKLM-x32\...\{A91C7D28-59EE-41D4-88C8-F273FFBC4564}) (Version: 1.1.80 - QUALCOMM)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
shopperz (HKLM-x32\...\{7BF3CCFB-DFD7-464A-85A8-40A9D4A6A5AE}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
VAIO Care (HKLM\...\{6EEC3E9C-3479-42EB-B93C-E7DF7927DD82}) (Version: 8.4.4.09181 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.3.0.05310 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.2.0.07020 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation)
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\WinDirStat) (Version: - )
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2327566409-1839958317-1420291532-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ben\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02DB6517-BC23-4004-8B82-0DAD846807B8} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {0AED3133-9DDF-4DEE-9ABA-1C79EF0C3F45} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {0CE8586F-8154-49F6-A29A-17FE83246760} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {12B53AC6-3844-4244-9F1D-02B440A19819} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1A709A69-465D-4EE3-A304-74B54DE1ADF0} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {1FC760C7-1226-46E2-89B9-B880D4394A22} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {21BAEBAF-6A16-4A0A-A015-7BE37D84FD92} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {22B1F911-754F-40D7-A32B-B7A2F322FAE7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2775BB56-A43D-4B7B-AB48-413707301849} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {2D219DF4-51C4-481D-B519-17FA558FA4C0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2F3285B7-B05A-48EE-9ADD-C282EC9E3E57} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3A53712C-5F44-4F8A-96C5-FBE999715011} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {41D0DBC8-DF9A-4302-913F-C493941AC521} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {449179AE-B465-4BD0-B5E9-774CF5388A22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4C54A90A-C887-465F-B810-AD08846BD8D3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {4D5F467E-8BD8-49E2-9E1D-065F2DA3E0FC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {50B7CCCF-AE1D-4D9A-9727-C3FE90E4FC4E} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-07-26] (Sony Corporation)
Task: {52E0BADF-3B2E-438D-8372-936535295CED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {58192DD0-5B24-43B7-9D3A-19239C1EE8FC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {5B0924FD-40B5-46F6-AC69-AD36DC131870} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-17] (AVAST Software)
Task: {5D820C98-0011-44B0-A2EC-10196AE07A41} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6047CA1E-5B52-418C-B846-4885E242736F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6449F0D9-40BA-483C-81CF-7C776261B55D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {66A89628-1A53-498B-BD5B-9129B19FD6F7} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {6B4F148C-C9F7-4EA6-BAED-31E600380096} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F79EF46-C6E9-447B-81C9-1830E3456D25} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {70E05DC3-A4A0-41A0-AF79-3007103ED42E} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {73CD2943-388C-4374-86EF-85671327BE95} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {75157E0A-32A0-49C2-8D6A-9E1967FE998B} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {76986919-8F4B-427C-9DDF-5F1FD362787D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {78E2628C-D7CA-4DF2-9AB9-67898A81327F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {7F6DCF8A-C2AF-4CD9-BB44-B5D97AD785DC} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-23] (Sony Corporation)
Task: {8056C37A-6EAF-4010-94FB-BE3E8FC10621} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {816FFE2D-BC49-4A9C-8663-3A29D5D2086D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {853818D0-9EE0-482E-9D77-BBCAE1D7987B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {89B8A677-DC55-4981-82CC-DE4BE5F1968A} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {931F9F25-FEA2-4CB2-96CD-94CD3CD3F9FD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {94126247-7F87-4CF0-9CC9-7E55ADC9FDE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {970F7B78-81AF-4A70-ACF4-B905A382DA1C} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {9A4BA312-45F9-4034-8B34-99B1458807CB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9A653206-662A-4C31-B28B-B03BA2EF4874} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {9F6C227E-44A1-40A3-8DAD-DB64D2E8F59C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {A7874D18-1CB3-4F82-BE2B-E105EF1AA13C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {ACD4E03C-EAE0-4E04-8D7F-E8228B25892A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {B233070B-EF82-42BB-B45E-EB49279546FD} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {B51DC954-D947-4E6F-8A3D-EA14FE51419A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B6417DB2-96A1-45A3-BDD7-E27093323100} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {BE4E5E3A-6035-47EE-AE95-C70649473E20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C447C919-0203-40D3-9467-0485177639B3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D734D950-4D98-4842-90A6-5F9861D2B154} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DAE4541C-8774-4482-9991-7BAE1A333B87} - System32\Tasks\SafeZone scheduled Autoupdate 1460900447 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {DC05946A-A160-48FA-8A10-EC1DD9269F9A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {DD3CDFF8-3CC7-4081-8857-39570908113D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {E64D0EBA-54DA-47C4-806E-440E50F4E465} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E7EFF5D8-D407-41BC-93D7-CA34E4280CE6} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {EFA3DDA3-137B-467A-8C09-387A956CF0FE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F073110F-F7C0-472D-93A8-AC8E8F34BB7B} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {F6C42010-A6AF-4254-BA40-B3337B26C91D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {FE98B4C9-50A1-43CA-ACFF-4172B792452B} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-14 00:21 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-14 07:32 - 2015-12-14 08:08 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 08:17 - 2015-10-30 08:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 08:17 - 2015-10-30 08:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-14 08:09 - 2015-12-14 08:09 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00413336 _____ () C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
2015-08-26 14:06 - 2015-08-26 14:06 - 00709272 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_modeler.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00130712 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_process_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00025752 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_system_power_state_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00059544 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_quality_and_reliability_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00194712 _____ () C:\Program Files\Sony\VAIO Care\ESRV\acpi_battery_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00159896 _____ () C:\Program Files\Sony\VAIO Care\ESRV\sema_thermal_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00158360 _____ () C:\Program Files\Sony\VAIO Care\ESRV\wifi_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00050840 _____ () C:\Program Files\Sony\VAIO Care\ESRV\devices_use_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00032920 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_disktrace_input.dll
2015-08-26 14:06 - 2015-08-26 14:06 - 00458904 _____ () C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
2015-08-26 14:06 - 2015-08-26 14:06 - 00185496 _____ () C:\Program Files\Sony\VAIO Care\ESRV\foreground_window_input.dll
2016-04-17 14:28 - 2016-04-17 14:28 - 00137920 _____ () C:\Program Files\AVAST Software\Avast\x64\log.dll
2016-04-17 14:28 - 2016-04-17 14:28 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-17 14:28 - 2016-04-17 14:28 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-26 04:59 - 2016-04-26 04:59 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042502\algo.dll
2016-04-17 14:28 - 2016-04-17 14:28 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-07-22 09:48 - 2010-05-31 19:18 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2014-07-22 09:48 - 2010-05-31 19:18 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-12-14 07:32 - 2015-12-14 08:08 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-14 07:32 - 2015-12-14 08:08 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-06 18:46 - 2015-12-06 18:46 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-07-20 18:01 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-10-13 06:46 - 2015-10-13 06:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-04-17 14:34 - 00001444 ____A C:\WINDOWS\system32\Drivers\etc\hosts
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Sony\VAIO 09 img1 Wallpaper 1366x768.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SMSetup => "C:\Users\Ben\AppData\Local\Temp\~sp6CD9.tmp" "C:\Users\Ben\AppData\Local\Temp\~sp6CD9.tmp" /S /cnid 407453 /dsie /dsff /dsgc /hp /wait /ntp_ie /ms /S /restart
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
MSCONFIG\startupreg: Zoner Photo Studio Service 16 => "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2327566409-1839958317-1420291532-1000\...\StartupApproved\Run: => "iCloudServices"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{EB8F29A1-6717-44BA-B131-CD83A4EFA65A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D4949C3D-8859-412E-8059-A77B4F08D959}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7938973C-F07A-4532-9F10-C6EDE0DAAB61}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D8DDAB9E-2176-48A3-A3BE-3E9640746B19}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{CC81183F-4D8E-4D54-BB86-86EF3068ED0E}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{7BAE6CBA-A089-4287-BF70-64458E4AC7E8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4727595D-C10A-4C5C-BB57-BCD332896BD3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7C500BA5-4E45-445C-A71B-75E90CE1AB3D}] => (Allow) svchost.exe
FirewallRules: [{854FDCFA-A091-4213-A0ED-1588AF4AA6B7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{06A04842-8BCE-448D-8FE5-0C3464BABE9C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{51CD5278-00A8-4C40-895E-BE37FE327FF3}] => (Allow) LPort=2869
FirewallRules: [{9C350CBE-E4B3-4ED9-B4D5-20D80A512B03}] => (Allow) LPort=1900
FirewallRules: [{54184850-E74C-452D-A1E9-069DB3348CF8}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{E1168C28-E645-4FE7-BCB8-E36BAAB39E22}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{EB56001B-89C8-4F8F-A1E4-CCC1A4E3692A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D35FDE99-1D04-4A33-ABAC-00D5366B55BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{438F267F-62DA-485B-93F3-E08B95243AB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D66CBC2-CE3A-44B9-8F3B-079F99A3C4EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C498EC1F-AC39-43D9-BD2B-6CF2D4455286}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4DFF45A6-C4FB-48AC-B68E-A31F073EC286}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1EAB4EB9-1613-48B5-9B97-6791C2A98F3B}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{7465BA47-5CF3-4602-A6AA-7B9B0CC7956D}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{76F9290F-0998-4D54-8767-B0EA78F830FF}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{6A5D66BE-5D55-4042-B635-6BCDC7A504AB}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{0D643003-6943-4FA8-BE1A-CC85B11C817C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F54B2744-23B7-44D0-8F80-94BECC7EFAB8}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{9768E43D-C8EF-4AD2-8101-A32F1AAFCC67}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [{C3619DCF-58D4-4E45-B4C0-1F334E0739B1}] => (Allow) LPort=24459
FirewallRules: [{5BDD35F0-D5AD-4ED1-81E9-1B1A45DDA67E}] => (Allow) LPort=24459
==================== Restore Points =========================
31-03-2016 03:13:55 Scheduled Checkpoint
17-04-2016 00:29:25 Scheduled Checkpoint
26-04-2016 09:17:40 Checkpoint by HitmanPro
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2016 07:30:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/27/2016 07:30:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/27/2016 07:30:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/27/2016 07:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76290218
Error: (04/27/2016 07:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76290218
Error: (04/27/2016 07:30:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/27/2016 07:30:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/27/2016 07:30:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/27/2016 07:30:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/26/2016 04:19:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ben-VAIO)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (04/27/2016 07:31:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1
Error: (04/27/2016 07:30:27 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Qualcomm Gobi 2000 HS-USB Mobile Broadband Device 9225, {A4205C17-661C-4FDD-80C2-55EEEFD53D04}, had event 74
Error: (04/26/2016 09:30:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0
Error: (04/26/2016 09:29:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
%%1053
Error: (04/26/2016 09:29:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.
Error: (04/26/2016 09:28:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WTGService service failed to start due to the following error:
%%2
Error: (04/26/2016 09:28:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Oluia service failed to start due to the following error:
%%2
Error: (04/26/2016 09:28:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058
Error: (04/26/2016 09:27:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275
Error: (04/26/2016 09:25:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error:
%%997
CodeIntegrity:
===================================
Date: 2016-04-17 14:09:30.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-17 14:09:01.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-25 06:15:41.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-14 01:55:38.365
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-14 01:55:38.348
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-14 01:55:38.284
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-13 23:50:41.071
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-13 23:47:08.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-13 23:41:02.110
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-13 23:17:50.833
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 34%
Total physical RAM: 6006.88 MB
Available physical RAM: 3940.52 MB
Total Virtual: 12150.88 MB
Available Virtual: 10127.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:454.49 GB) (Free:31.61 GB) NTFS
Drive e: (SCRUBS) (CDROM) (Total:7.36 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 465.8 GB) (Disk ID: 49520B0C)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=510 MB) - (Type=27)
==================== End of Addition.txt ============================