Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to install any new antivirus [Closed]

AVG Avast Panda

  • This topic is locked This topic is locked

#1
sumbul

sumbul

    Member

  • Member
  • PipPip
  • 10 posts

Hi,

 

I recently discovered that my Sony laptop is without any antivirus as my trusted AVG free edition was suddenly nowhere to be found. After uninstalling it, I tried to reinstall it but failed. Since then I have tried every trick available on the internet, uninstaller of AVG to remove it completely, updating .NET framework, trying to install Avast and Panda, but all antivirus editions download but do not start working. In case of AVG the error given is Watchdog did not initialise error code 0xcoo70643. I am at my wits end and I think the last option is to format the drive. Can anyone help?

 

I am adding the frst and addition files here.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-08-2015
Ran by SONY (administrator) on SONY-PC (13-08-2015 18:31:07)
Running from C:\Users\SONY\Downloads
Loaded Profiles: SONY (Available Profiles: SONY)
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Disc Soft Ltd) D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Yontoo LLC) C:\Users\SONY\AppData\Roaming\Yontoo\YontooDesktop.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Gemalto N.V.) C:\Users\SONY\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}\syshost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corporation) C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-06-06] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [CheckNDISPort] => C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe [454656 2014-11-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [iCloudServices] => D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [ApplePhotoStreams] => D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [Yontoo Desktop] => C:\Users\SONY\AppData\Roaming\Yontoo\YontooDesktop.exe [47392 2013-05-18] (Yontoo LLC)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-07] (Samsung)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\SONY\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [syshost32] => C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}\syshost.exe [448000 2015-08-01] ()
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File not found
Startup: C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.lnk [2015-04-20]
ShortcutTarget: Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.lnk -> C:\ProgramData\{304900a9-7a28-7c3e-3049-900a97a202a5}\Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.exe (No File)
Startup: C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No Man's Nightingale.lnk [2015-04-20]
ShortcutTarget: No Man's Nightingale.lnk -> C:\ProgramData\{e89ff5a3-3346-c592-e89f-ff5a3334d68c}\No Man's Nightingale.exe (No File)
Startup: C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2015-05-02]
ShortcutTarget: v.lnk -> C:\Users\SONY\AppData\Roaming\obgmjtqyfi.exe (Miva Merchant)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=HP_ss&mntrId=4EAE30F9EDF08D22
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> DefaultScope {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1F4FAC8C-915D-4FC8-94D8-031BED8E413C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{349C048B-AE67-45E3-8609-D98E2B083689}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B5B73DB1-AD11-4E7C-A720-44EC83E005F8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EDA363DA-E2EF-4E98-819D-84CC657ED5D0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{FC7510BB-0952-45C0-B122-6D105F7ED926}: [DhcpNameServer] 192.168.42.129
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoo...C1EC1RSUH5RSUH5
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [2013-12-11] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [2013-12-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-24]
CHR Extension: (Google Search) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-24]
CHR Extension: (Lightning Newtab) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-24]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-24]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\SONY\AppData\Local\newhb2.crx [2013-10-08]
CHR HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\SONY\AppData\Local\newhb2.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\SONY\AppData\Local\newhb2.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit16.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 1e10da1e; c:\Program Files (x86)\LighterModule\LighterModule.dll [2483200 2015-08-12] () [File not signed]
R2 caa5fe02; c:\Program Files (x86)\IndepthProc\IndepthProc.dll [2677248 2015-08-12] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 VSSS; C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [105338944 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-15] (DT Soft Ltd)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-13 18:31 - 2015-08-13 18:31 - 00021279 _____ C:\Users\SONY\Downloads\FRST.txt
2015-08-13 18:30 - 2015-08-13 18:31 - 00000000 ____D C:\FRST
2015-08-13 18:28 - 2015-08-13 18:28 - 02173952 _____ (Farbar) C:\Users\SONY\Downloads\FRST64.exe
2015-08-13 18:19 - 2015-08-13 18:22 - 00000000 ____D C:\ProgramData\MFAData
2015-08-13 18:19 - 2015-08-13 18:19 - 00000000 ____D C:\Users\SONY\AppData\Local\MFAData
2015-08-13 17:56 - 2015-08-13 18:00 - 00450475 _____ C:\Users\SONY\Downloads\avgremover.log
2015-08-13 17:54 - 2015-08-13 17:56 - 199148008 _____ (AVG Technologies) C:\Users\SONY\Downloads\avg_avc_x64_all_2015_ltst_223.exe
2015-08-13 17:52 - 2015-08-13 17:53 - 16902632 _____ (AVG Technologies) C:\Users\SONY\Downloads\avg_gsr_stb_all_ltst_95.exe
2015-08-13 16:45 - 2015-08-13 15:49 - 00026020 _____ C:\Users\SONY\Desktop\cleanup_main.log
2015-08-13 16:25 - 2015-08-13 16:25 - 00003130 _____ C:\Windows\System32\Tasks\{B769DC04-C6C6-4D49-8AE6-83C4EB27F67E}
2015-08-13 16:24 - 2015-07-31 10:03 - 00009253 _____ C:\Users\SONY\Downloads\historyv.txt
2015-08-13 16:15 - 2015-08-13 16:16 - 00005138 _____ C:\Windows\iis7.log
2015-08-13 16:14 - 2015-08-13 16:14 - 00000000 ____D C:\inetpub
2015-08-13 16:13 - 2015-08-13 16:13 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 16:12 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 16:11 - 2012-07-07 01:28 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-08-13 16:11 - 2011-04-28 09:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-08-13 16:11 - 2011-03-25 08:53 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-08-13 16:11 - 2011-03-25 08:53 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-08-13 16:11 - 2011-03-25 08:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-08-13 16:11 - 2011-03-25 08:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-08-13 16:11 - 2011-03-25 08:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-08-13 16:11 - 2011-03-25 08:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-08-13 16:11 - 2011-03-25 08:52 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 01657216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 00187264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-08-13 16:11 - 2011-03-11 11:52 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-08-13 16:11 - 2011-03-11 11:52 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-08-13 16:11 - 2011-03-11 11:48 - 02566144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-08-13 16:11 - 2011-03-11 11:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-08-13 16:11 - 2011-03-11 11:09 - 01686016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-08-13 16:11 - 2011-03-11 11:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-08-13 16:11 - 2011-03-11 10:01 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-08-13 15:45 - 2015-07-31 11:07 - 00005885 _____ C:\Users\SONY\Downloads\history.txt
2015-08-13 14:51 - 2015-08-13 18:22 - 00000000 ____D C:\Users\SONY\AppData\Local\AvgSetupLog
2015-08-13 14:51 - 2015-08-13 17:22 - 00000000 ____D C:\ProgramData\Avg
2015-08-13 14:50 - 2015-08-13 14:50 - 16902256 _____ (AVG Technologies) C:\Users\SONY\Downloads\avg_gsr_stb_all_ltst_103.exe
2015-08-13 12:45 - 2015-08-13 18:23 - 00000840 _____ C:\Windows\setupact.log
2015-08-13 12:45 - 2015-08-13 18:22 - 00098598 _____ C:\Windows\PFRO.log
2015-08-13 12:45 - 2015-08-13 12:45 - 00000000 _____ C:\Windows\setuperr.log
2015-08-13 12:44 - 2015-08-13 14:58 - 00000181 _____ C:\cleanup.bat
2015-08-13 12:38 - 2015-08-13 12:39 - 00151880 _____ C:\Users\SONY\Documents\cc_20150813_123842.reg
2015-08-13 12:37 - 2015-08-13 12:37 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-13 12:37 - 2015-08-13 12:37 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-13 12:37 - 2015-08-13 12:37 - 00000000 ____D C:\Program Files\CCleaner
2015-08-13 12:36 - 2015-08-13 12:36 - 06609608 _____ (Piriform Ltd) C:\Users\SONY\Downloads\ccsetup508.exe
2015-08-13 11:54 - 2015-08-13 12:13 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Panda Security
2015-08-13 11:53 - 2015-08-13 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-08-13 11:51 - 2015-08-13 13:13 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-12 15:52 - 2015-08-12 15:53 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\SONY\Downloads\avg_remover_stf_x86_2015_5501.exe
2015-08-12 14:48 - 2015-08-12 14:56 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-12 14:32 - 2015-08-12 14:32 - 00000000 ____D C:\Program Files (x86)\LighterModule
2015-08-12 14:16 - 2015-08-12 14:17 - 05091592 _____ (AVG Technologies) C:\Users\SONY\Downloads\avg_free_stb_all_2015_ltst_284.exe
2015-08-12 12:53 - 2015-08-12 12:53 - 00000000 ____D C:\MATS
2015-08-12 12:50 - 2015-08-12 12:50 - 00347816 _____ (Microsoft Corporation) C:\Users\SONY\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-08-12 12:43 - 2015-08-12 13:14 - 00000024 _____ C:\Users\SONY\AppData\Roaming\appdataFr25.bin
2015-08-12 12:14 - 2015-08-12 12:14 - 00000000 ____D C:\Users\SONY\AppData\Roaming\LightningDownloader
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\Tag Assistant by
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\IndepthProc
2015-08-12 12:12 - 2015-08-12 12:44 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-08-12 12:08 - 2015-08-13 18:08 - 00000396 _____ C:\Windows\Tasks\FindYourFlavor.job
2015-08-12 12:08 - 2015-08-12 12:08 - 00003306 _____ C:\Windows\System32\Tasks\FindYourFlavor
2015-08-12 12:08 - 2015-08-12 12:08 - 00000000 ____D C:\ProgramData\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}
2015-08-11 18:52 - 2015-08-11 18:52 - 00003160 _____ C:\Windows\System32\Tasks\{38E7AD39-FC48-4125-B56E-1A73A86E520D}
2015-08-02 11:58 - 2015-08-06 16:54 - 00000000 ____D C:\Users\SONY\Desktop\europe
2015-08-01 23:15 - 2015-08-01 23:15 - 00000000 ____D C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-13 18:31 - 2009-07-14 10:15 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-13 18:31 - 2009-07-14 10:15 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-13 18:27 - 2013-05-15 04:30 - 01087038 _____ C:\Windows\WindowsUpdate.log
2015-08-13 18:24 - 2015-03-27 12:54 - 00000000 ____D C:\Program Files (x86)\Mblaze_Home
2015-08-13 18:23 - 2013-06-11 11:38 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-08-13 18:23 - 2013-05-20 11:21 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Yontoo
2015-08-13 18:23 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-13 17:55 - 2014-02-14 09:55 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2015-08-13 17:01 - 2009-07-14 10:43 - 00836652 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-13 17:00 - 2013-05-20 12:30 - 00813282 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-13 16:14 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-08-13 16:14 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\inetsrv
2015-08-13 14:51 - 2015-06-03 12:16 - 00000000 ____D C:\Users\SONY\AppData\Local\Avg
2015-08-13 12:41 - 2014-06-16 12:16 - 00000000 ____D C:\Windows\Minidump
2015-08-13 12:41 - 2013-05-15 12:38 - 00000000 ____D C:\Users\SONY\AppData\Roaming\uTorrent
2015-08-13 12:41 - 2013-05-15 05:27 - 00000000 ____D C:\Windows\Panther
2015-08-13 12:41 - 2013-05-14 17:19 - 00000000 ____D C:\Users\SONY\AppData\Roaming\DAEMON Tools Lite
2015-08-13 12:02 - 2009-07-14 10:15 - 00455360 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 11:54 - 2013-05-14 16:43 - 00110368 _____ C:\Users\SONY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-12 14:12 - 2013-05-14 21:36 - 00000000 ___RD C:\Users\SONY\Desktop\Icons
2015-08-12 12:47 - 2015-04-20 22:19 - 00000000 ____D C:\ProgramData\13937395122847156029
2015-08-09 11:48 - 2013-05-16 17:05 - 00000000 ____D C:\Users\SONY\AppData\Roaming\vlc
2015-08-06 14:10 - 2015-04-24 08:09 - 00002499 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-04 22:12 - 2015-04-20 22:12 - 00000454 _____ C:\Windows\Tasks\Bidaily Synchronize Task.job
 
==================== Files in the root of some directories =======
 
2015-08-12 12:43 - 2015-08-12 13:14 - 0000024 _____ () C:\Users\SONY\AppData\Roaming\appdataFr25.bin
2015-05-02 13:58 - 2015-05-02 13:59 - 92495872 __RSH (Miva Merchant) C:\Users\SONY\AppData\Roaming\obgmjtqyfi.exe
2013-07-27 20:44 - 2014-09-19 17:39 - 0000094 _____ () C:\Users\SONY\AppData\Roaming\WB.CFG
2013-12-31 09:02 - 2014-01-02 11:19 - 0000005 _____ () C:\Users\SONY\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-15 12:35 - 2014-01-22 11:58 - 0000005 _____ () C:\Users\SONY\AppData\Roaming\WBPU-TTL.DAT
2013-10-08 11:14 - 2013-10-08 11:14 - 0361117 _____ () C:\Users\SONY\AppData\Local\newhb2.crx
 
Some files in TEMP:
====================
C:\Users\SONY\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\SONY\AppData\Local\Temp\{CA1A6643-9147-412D-B259-1AFF265290ED}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-14 11:52
 
==================== End of log ============================

Edited by sumbul, 13 August 2015 - 07:07 AM.

  • 0

Advertisements


#2
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Addition file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-08-2015
Ran by SONY (2015-08-13 18:32:12)
Running from C:\Users\SONY\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4220597351-1278389899-3307482538-500 - Administrator - Disabled)
Guest (S-1-5-21-4220597351-1278389899-3307482538-501 - Limited - Disabled)
SONY (S-1-5-21-4220597351-1278389899-3307482538-1000 - Administrator - Enabled) => C:\Users\SONY
 
==================== Security Center ========================
 
 
 
 
 
 
 
 
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\uTorrent) (Version: 3.4.3.39773 - BitTorrent Inc.)
7 Sticky Notes (HKLM-x32\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChipMaster (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{caa5fe02}) (Version:  - ChipMaster) <==== ATTENTION
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
LighterModule (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{1e10da1e}) (Version:  - Software Publisher) <==== ATTENTION
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yontoo 2.053 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.053 - Yontoo LLC) <==== ATTENTION
Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AD96B76-F1C6-4880-B6CA-640844FC15DA} - System32\Tasks\{C7BB56B3-2CB2-44BB-BEC6-57DF0D74A829} => pcalua.exe -a H:\age2upa.exe -d H:\
Task: {0BDDE5F7-31B0-4DE5-B604-9EEE2BB3C7D1} - System32\Tasks\{38E7AD39-FC48-4125-B56E-1A73A86E520D} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {1DA7E72D-B3BF-431B-B4D0-ACE29DE5C6CB} - System32\Tasks\{C1E9D1A6-3A42-4368-88EE-B54EF862D62C} => pcalua.exe -a C:\Users\SONY\AppData\Local\Temp\dlm70FB.tmp\msaoex.exe -d C:\Users\SONY\Downloads
Task: {29BB52E2-6A35-4AEC-993B-03009C145495} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {331C7B57-0DE4-4FDF-B9DF-9FC9D085B90C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {49CC0649-B318-4BF4-84C2-0F0F32EDBFC1} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {5394B619-7E26-4238-8DCE-2DEC16563D29} - System32\Tasks\Digital Sites => C:\Users\SONY\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {572792A1-EF94-4A1F-AF52-B4CD738A6021} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {68B82DB2-6D1B-4ED6-8E53-4ED772C9804C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {6EE1BECC-D30E-41BB-85FA-6665DCE3C60E} - System32\Tasks\FindYourFlavor => c:\programdata\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}\avast 2015 license file is here ! [latest].exe [2014-08-12] () <==== ATTENTION
Task: {71342D64-518D-4A25-A204-EA289BCF73E2} - System32\Tasks\{B769DC04-C6C6-4D49-8AE6-83C4EB27F67E} => pcalua.exe -a C:\Users\SONY\Downloads\NetFx20SP2_ia64.exe -d C:\Users\SONY\Downloads
Task: {722769D6-7958-491E-A61A-5C2880F00ECB} - System32\Tasks\DTReg => C:\Users\SONY\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION
Task: {87B0899A-EF76-4E5F-9831-366E0444BB23} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {9BB57EED-8A15-41FB-A6DF-4B7FEE29AD69} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {A5501E55-E147-43C3-B02A-25EE99E7DF89} - System32\Tasks\{B80D3956-9C00-4806-BD38-691C9329DAD6} => pcalua.exe -a H:\SETUPREG.EXE -d H:\
Task: {A98ED478-6CA2-44B5-8DD2-D17625CBCEF0} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{304900a9-7a28-7c3e-3049-900a97a202a5}\Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.exe <==== ATTENTION
Task: {BF75663F-8E46-4AD5-96F3-5B244FDB0703} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4220597351-1278389899-3307482538-1000
Task: {C0328A8C-DC3C-48AA-9615-1CA5984ADCDB} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {CAEBEA9A-5759-4E1D-AC26-80DE4E70898D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {D85B29F3-2C73-4ED3-AD35-F7266AB8B244} - System32\Tasks\DSite => C:\Users\SONY\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E62E72D0-9D00-455D-9AB1-5594175A505F} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{304900a9-7a28-7c3e-3049-900a97a202a5}\Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\SONY\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => 0x010601006EB976F9912EFD4DAF7512F3D384F9704600E8000000000044440000200000000014730F1F1304800013040000208021DD070C0000001D00130024002500570200003A0043003A005C00550073006500720073005C0053004F004E0059005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C00440053006900740065005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B0000000000050053004F004E00590000000000000008000000000000000000010030000000D007090003000000000000000B001500A00500003C0000000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\FindYourFlavor.job => c:\programdata\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}\avast 2015 license file is here ! [latest].exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-05-14 17:06 - 2012-06-06 03:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-08-01 23:15 - 2015-08-01 23:13 - 00448000 _____ () C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}\syshost.exe
2015-03-27 12:54 - 2014-11-28 12:04 - 00454656 _____ () C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe
2015-08-12 14:32 - 2015-08-12 14:32 - 02483200 _____ () c:\Program Files (x86)\LighterModule\LighterModule.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-12 12:13 - 2015-08-12 12:13 - 02677248 _____ () c:\Program Files (x86)\IndepthProc\IndepthProc.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () D:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () D:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-05-20 11:25 - 2015-08-13 18:23 - 00013600 _____ () C:\Users\SONY\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
2012-02-15 04:35 - 2012-02-15 05:07 - 11796096 _____ () C:\Users\SONY\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-27 12:54 - 2014-11-28 12:03 - 00335872 _____ () C:\Program Files (x86)\Mblaze_Home\Helper.dll
2015-03-27 12:54 - 2014-04-03 08:18 - 00971776 _____ () C:\Program Files (x86)\Mblaze_Home\libxml2.dll
2015-03-27 12:54 - 2014-04-03 08:18 - 00073728 _____ () C:\Program Files (x86)\Mblaze_Home\zlib1.dll
2015-03-27 12:54 - 2014-04-03 08:18 - 00290904 _____ () C:\Program Files (x86)\Mblaze_Home\libxslt.dll
2015-03-27 12:54 - 2014-11-28 12:04 - 00851968 _____ () C:\Program Files (x86)\Mblaze_Home\Runtime.dll
2015-03-27 12:54 - 2014-11-28 12:03 - 00026624 _____ () C:\Program Files (x86)\Mblaze_Home\Threading.dll
2013-05-14 19:04 - 2012-03-07 18:57 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2015-08-06 14:10 - 2015-07-31 11:49 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-06 14:10 - 2015-07-31 11:49 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-06 14:10 - 2015-07-31 11:49 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6780D330-8523-4289-9C97-EE5D925E274C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{477B7387-9D5D-4FE5-B8B8-B41B717C153F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{16CAF907-551C-4A73-806F-7BAAF4891A6D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C601F587-ECE7-4578-90DF-47A17AA40B21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{071B8E9B-C39F-4169-865D-9C3E0CC2BA69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A95CBB46-A85F-41B8-86FD-8B492C0CA3AD}] => (Allow) D:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{F04C3671-221A-48FE-BE50-CC5F01B840B8}] => (Allow) D:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{C0016128-9C8E-4E5F-8D56-FF7038A15E16}] => (Allow) D:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{3E0354A3-8D00-44EF-B340-BEF76EAA0E37}] => (Allow) D:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{CBDA7E20-3012-4575-B3E2-34AD57BD27C6}] => (Allow) D:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{845E1A9B-2270-477A-8C88-481D734BCA6E}] => (Allow) D:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{84231EEA-1B26-4596-BB8B-B8CC6109F376}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{4ABCCA5C-F036-4DD8-B85C-50FBB92D2D42}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A8D4D21F-4115-46EE-94B5-33DD7121B6D3}] => (Allow) D:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{20FC3731-A6C6-49DB-9E3E-83BCBBCB8DD3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{531820E2-5284-408D-97F6-C5D88D9D3081}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E32CA4E-864A-4D6B-B38D-F4B832464C76}] => (Allow) C:\Users\SONY\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7E4A4013-1CAA-4242-9CC7-B704E4F2A649}D:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) D:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D0302675-0971-4756-AD90-22FE59E5E7C4}D:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) D:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{3A2CF04B-3B4B-4532-842F-FBE57FACE4EC}D:\program files (x86)\ibm\spss\statistics\20\stats.exe] => (Allow) D:\program files (x86)\ibm\spss\statistics\20\stats.exe
FirewallRules: [UDP Query User{F1BE8B5D-0AFF-4B2B-81BD-A6EE9B08877A}D:\program files (x86)\ibm\spss\statistics\20\stats.exe] => (Allow) D:\program files (x86)\ibm\spss\statistics\20\stats.exe
FirewallRules: [TCP Query User{154D6B15-B0E6-4D86-8D53-83198C481E0F}D:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) D:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{9A170E51-9E4B-44B4-8EA4-C0D365A78818}D:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) D:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{B8E1F760-0176-4DF6-A308-52EC572934C4}C:\users\sony\appdata\local\{eea44684-5378-a27f-aa15-394e8949477b}\syshost.exe] => (Block) C:\users\sony\appdata\local\{eea44684-5378-a27f-aa15-394e8949477b}\syshost.exe
FirewallRules: [UDP Query User{CDF6B364-46DD-47B6-B1E3-A47F42C676E1}C:\users\sony\appdata\local\{eea44684-5378-a27f-aa15-394e8949477b}\syshost.exe] => (Block) C:\users\sony\appdata\local\{eea44684-5378-a27f-aa15-394e8949477b}\syshost.exe
FirewallRules: [{DC95A24B-F7D6-4130-AC8F-D03FD3108972}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/13/2015 06:21:25 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27046. CA_Error27046: SetWfpCallbacksAction(0xC007001C): Driver installation failed
 
Error: (08/13/2015 05:38:46 PM) (Source: MsiInstaller) (EventID: 11321) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.
 
Error: (08/13/2015 05:07:46 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed
 
Error: (08/13/2015 05:07:46 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed
 
Error: (08/13/2015 03:50:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Kies.App.Main()
 
Error: (08/13/2015 03:03:48 PM) (Source: MsiInstaller) (EventID: 11321) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.
 
Error: (08/13/2015 02:57:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed
 
Error: (08/13/2015 02:57:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed
 
Error: (08/13/2015 01:48:53 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed
 
Error: (08/13/2015 01:48:53 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed
 
 
System errors:
=============
Error: (08/13/2015 06:18:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/13/2015 06:18:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/13/2015 06:18:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/13/2015 06:18:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/13/2015 06:18:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/13/2015 06:18:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/13/2015 06:18:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/13/2015 06:18:08 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/13/2015 06:18:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/13/2015 06:18:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
Error: (08/13/2015 06:21:25 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27046. CA_Error27046: SetWfpCallbacksAction(0xC007001C): Driver installation failed(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/13/2015 05:38:46 PM) (Source: MsiInstaller) (EventID: 11321) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/13/2015 05:07:46 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/13/2015 05:07:46 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/13/2015 03:50:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Kies.App.Main()
 
Error: (08/13/2015 03:03:48 PM) (Source: MsiInstaller) (EventID: 11321) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1321. SA_Error1321: StandardAction(0xC0070529): The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AVG\AVG2015\avgcrema.exe.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/13/2015 02:57:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/13/2015 02:57:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/13/2015 01:48:53 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/13/2015 01:48:53 PM) (Source: MsiInstaller) (EventID: 10005) (User: SONY-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity:
===================================
  Date: 2015-08-13 13:13:47.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:13:47.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:13:47.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:10:32.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:10:32.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:10:32.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:10:20.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:10:20.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:10:20.319
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-13 13:10:20.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 1942.71 MB
Available physical RAM: 391.05 MB
Total Virtual: 3885.43 MB
Available Virtual: 1892.32 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.73 GB) (Free:20.49 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:83.09 GB) (Free:59.35 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:83.09 GB) (Free:16.49 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:83.09 GB) (Free:73.46 GB) NTFS
Drive h: (NDAIA) (CDROM) (Total:1.33 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C33C43C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=83.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166.2 GB) - (Type=OF Extended)
 
==================== End of log ============================

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets get at it :)

This will be very busy but at the end you should be close to being fixed

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [syshost32] => C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}\syshost.exe [448000 2015-08-01] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File not found
Startup: C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v.lnk [2015-05-02]
ShortcutTarget: v.lnk -> C:\Users\SONY\AppData\Roaming\obgmjtqyfi.exe (Miva Merchant)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Startup: C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.lnk [2015-04-20]
ShortcutTarget: Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.lnk -> C:\ProgramData\{304900a9-7a28-7c3e-3049-900a97a202a5}\Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.exe (No File)
Startup: C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No Man's Nightingale.lnk [2015-04-20]
ShortcutTarget: No Man's Nightingale.lnk -> C:\ProgramData\{e89ff5a3-3346-c592-e89f-ff5a3334d68c}\No Man's Nightingale.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=HP_ss&mntrId=4EAE30F9EDF08D22
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> DefaultScope {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoo...C1EC1RSUH5RSUH5
R2 1e10da1e; c:\Program Files (x86)\LighterModule\LighterModule.dll [2483200 2015-08-12] () [File not signed]
R2 caa5fe02; c:\Program Files (x86)\IndepthProc\IndepthProc.dll [2677248 2015-08-12] () [File not signed]
R2 VSSS; C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [105338944 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
2015-08-13 18:19 - 2015-08-13 18:22 - 00000000 ____D C:\ProgramData\MFAData
2015-08-13 18:19 - 2015-08-13 18:19 - 00000000 ____D C:\Users\SONY\AppData\Local\MFAData
2015-08-13 17:56 - 2015-08-13 18:00 - 00450475 _____ C:\Users\SONY\Downloads\avgremover.log
2015-08-13 16:25 - 2015-08-13 16:25 - 00003130 _____ C:\Windows\System32\Tasks\{B769DC04-C6C6-4D49-8AE6-83C4EB27F67E}
2015-08-13 14:51 - 2015-08-13 18:22 - 00000000 ____D C:\Users\SONY\AppData\Local\AvgSetupLog
2015-08-13 14:51 - 2015-08-13 17:22 - 00000000 ____D C:\ProgramData\Avg
2015-08-13 11:54 - 2015-08-13 12:13 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Panda Security
2015-08-13 11:53 - 2015-08-13 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-08-13 11:51 - 2015-08-13 13:13 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-12 15:52 - 2015-08-12 15:53 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\SONY\Downloads\avg_remover_stf_x86_2015_5501.exe
2015-08-12 14:48 - 2015-08-12 14:56 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-12 14:32 - 2015-08-12 14:32 - 00000000 ____D C:\Program Files (x86)\LighterModule
2015-08-12 12:14 - 2015-08-12 12:14 - 00000000 ____D C:\Users\SONY\AppData\Roaming\LightningDownloader
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\Tag Assistant by
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\IndepthProc
2015-08-12 12:12 - 2015-08-12 12:44 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-08-12 12:08 - 2015-08-13 18:08 - 00000396 _____ C:\Windows\Tasks\FindYourFlavor.job
2015-08-12 12:08 - 2015-08-12 12:08 - 00003306 _____ C:\Windows\System32\Tasks\FindYourFlavor
2015-08-12 12:08 - 2015-08-12 12:08 - 00000000 ____D C:\ProgramData\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}
2015-08-11 18:52 - 2015-08-11 18:52 - 00003160 _____ C:\Windows\System32\Tasks\{38E7AD39-FC48-4125-B56E-1A73A86E520D}
2015-08-01 23:15 - 2015-08-01 23:15 - 00000000 ____D C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}
2015-08-13 17:55 - 2014-02-14 09:55 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2015-08-13 14:51 - 2015-06-03 12:16 - 00000000 ____D C:\Users\SONY\AppData\Local\Avg
2015-08-12 12:47 - 2015-04-20 22:19 - 00000000 ____D C:\ProgramData\13937395122847156029
2015-08-04 22:12 - 2015-04-20 22:12 - 00000454 _____ C:\Windows\Tasks\Bidaily Synchronize Task.job
2013-12-31 09:02 - 2014-01-02 11:19 - 0000005 _____ () C:\Users\SONY\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-15 12:35 - 2014-01-22 11:58 - 0000005 _____ () C:\Users\SONY\AppData\Roaming\WBPU-TTL.DAT
2013-10-08 11:14 - 2013-10-08 11:14 - 0361117 _____ () C:\Users\SONY\AppData\Local\newhb2.crx
2015-05-02 13:58 - 2015-05-02 13:59 - 92495872 __RSH (Miva Merchant) C:\Users\SONY\AppData\Roaming\obgmjtqyfi.exe
Task: {0AD96B76-F1C6-4880-B6CA-640844FC15DA} - System32\Tasks\{C7BB56B3-2CB2-44BB-BEC6-57DF0D74A829} => pcalua.exe -a H:\age2upa.exe -d H:\
Task: {0BDDE5F7-31B0-4DE5-B604-9EEE2BB3C7D1} - System32\Tasks\{38E7AD39-FC48-4125-B56E-1A73A86E520D} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {1DA7E72D-B3BF-431B-B4D0-ACE29DE5C6CB} - System32\Tasks\{C1E9D1A6-3A42-4368-88EE-B54EF862D62C} => pcalua.exe -a C:\Users\SONY\AppData\Local\Temp\dlm70FB.tmp\msaoex.exe -d C:\Users\SONY\Downloads
Task: {29BB52E2-6A35-4AEC-993B-03009C145495} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {331C7B57-0DE4-4FDF-B9DF-9FC9D085B90C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {5394B619-7E26-4238-8DCE-2DEC16563D29} - System32\Tasks\Digital Sites => C:\Users\SONY\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6EE1BECC-D30E-41BB-85FA-6665DCE3C60E} - System32\Tasks\FindYourFlavor => c:\programdata\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}\avast 2015 license file is here ! [latest].exe [2014-08-12] () <==== ATTENTION
Task: {71342D64-518D-4A25-A204-EA289BCF73E2} - System32\Tasks\{B769DC04-C6C6-4D49-8AE6-83C4EB27F67E} => pcalua.exe -a C:\Users\SONY\Downloads\NetFx20SP2_ia64.exe -d C:\Users\SONY\Downloads
Task: {722769D6-7958-491E-A61A-5C2880F00ECB} - System32\Tasks\DTReg => C:\Users\SONY\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION
Task: {9BB57EED-8A15-41FB-A6DF-4B7FEE29AD69} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {A5501E55-E147-43C3-B02A-25EE99E7DF89} - System32\Tasks\{B80D3956-9C00-4806-BD38-691C9329DAD6} => pcalua.exe -a H:\SETUPREG.EXE -d H:\
Task: {A98ED478-6CA2-44B5-8DD2-D17625CBCEF0} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{304900a9-7a28-7c3e-3049-900a97a202a5}\Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.exe <==== ATTENTION
Task: {CAEBEA9A-5759-4E1D-AC26-80DE4E70898D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {D85B29F3-2C73-4ED3-AD35-F7266AB8B244} - System32\Tasks\DSite => C:\Users\SONY\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E62E72D0-9D00-455D-9AB1-5594175A505F} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{304900a9-7a28-7c3e-3049-900a97a202a5}\Download No Man's Nightingale by Ruth Rendell Torrent - KickassTorrents.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\SONY\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => 0x010601006EB976F9912EFD4DAF7512F3D384F9704600E8000000000044440000200000000014730F1F1304800013040000208021DD070C0000001D00130024002500570200003A0043003A005C00550073006500720073005C0053004F004E0059005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C00440053006900740065005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B0000000000050053004F004E00590000000000000008000000000000000000010030000000D007090003000000000000000B001500A00500003C0000000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\FindYourFlavor.job => c:\programdata\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}\avast 2015 license file is here ! [latest].exe <==== ATTENTION
C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}
c:\Program Files (x86)\LighterModule
c:\Program Files (x86)\IndepthProc
C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\ProgramData\{304900a9-7a28-7c3e-3049-900a97a202a5}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

NEXT

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#4
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

hi,

 

I dont know how I missed your reply yesterday,  had this window open all day and was waiting for a response. Anyway I have uninstalled and reinstalled chrome that seems to have fixed my year long problems with chrome. So many thanks for that. However on copying the frst log in d notepad file and keeping it in the same folder etc, when I ran fix in frst, the system crashed with a blue screen and restarted. 

 

I am on to the next two steps of adware and service scanner, so please let me know about the system crashing solution.


  • 0

#5
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
After scanning with adware when I clicked clean I again got a blue screen saying a problem has been detected and windows has been shut down to prevent damage. What to do?
  • 0

#6
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

FSS log report:

 

Farbar Service Scanner Version: 26-07-2015
Ran by SONY (administrator) on 14-08-2015 at 12:30:47
Running from "C:\Users\SONY\Downloads"
Microsoft Windows 7 Home Basic   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Windows Defender Disabled Policy: 
==========================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#7
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

adware [R0] text

 

# AdwCleaner v4.208 - Logfile created 14/08/2015 at 12:23:22
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [Server]
# Operating system : Windows 7 Home Basic  (x64)
# Username : SONY - SONY-PC
# Running from : C:\Users\SONY\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\SONY\AppData\Roaming\WBPU-Q5-TTL.DAT
File Found : C:\Users\SONY\AppData\Roaming\WBPU-TTL.DAT
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\bestadblocker
Folder Found : C:\Program Files (x86)\Common Files\337
Folder Found : C:\Program Files (x86)\Desk 365
Folder Found : C:\Program Files (x86)\SalePLUss
Folder Found : C:\Program Files (x86)\VideoConverter
Folder Found : C:\ProgramData\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}
Folder Found : C:\ProgramData\{304900a9-7a28-7c3e-3049-900a97a202a5}
Folder Found : C:\ProgramData\{e89ff5a3-3346-c592-e89f-ff5a3334d68c}
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\edehhacodjgmopdjlnjbkcakfjclplmh
Folder Found : C:\ProgramData\IePluginService
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WPM
Folder Found : C:\Users\SONY\AppData\Local\Babylon
Folder Found : C:\Users\SONY\AppData\Local\Bundled software uninstaller
Folder Found : C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Folder Found : C:\Users\SONY\AppData\Roaming\Babylon
Folder Found : C:\Users\SONY\AppData\Roaming\DigitalSites
Folder Found : C:\Users\SONY\AppData\Roaming\DSite
Folder Found : C:\Users\SONY\AppData\Roaming\file scout
Folder Found : C:\Users\SONY\AppData\Roaming\LightningDownloader
Folder Found : C:\Users\SONY\AppData\Roaming\WinZipper
Folder Found : C:\Users\SONY\AppData\Roaming\Yontoo
Folder Found : C:\Users\SONY\AppData\Roaming\YourFileDownloader
 
***** [ Scheduled tasks ] *****
 
Task Found : BrowserProtect
Task Found : Desk 365 RunAsStdUser
Task Found : Digital Sites
Task Found : DSite
Task Found : DTReg
Task Found : YourFile DownloaderUpdate
Task Found : Bidaily Synchronize Task
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Infected : C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Infected : C:\Users\SONY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Infected : C:\Users\SONY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1387599497&from=ild&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\5f538f8cb43abf45
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\bb2a6285b5fbf653
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E2F13F43-6E94-4C7B-ADED-84B3CC60203C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E2F13F43-6E94-4C7B-ADED-84B3CC60203C}
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\5f538f8cb43abf45
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SDP
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\WinZipper.001
Key Found : HKLM\SOFTWARE\Classes\WinZipper.7z
Key Found : HKLM\SOFTWARE\Classes\WinZipper.arj
Key Found : HKLM\SOFTWARE\Classes\WinZipper.bz2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.bzip2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.cab
Key Found : HKLM\SOFTWARE\Classes\WinZipper.cpio
Key Found : HKLM\SOFTWARE\Classes\WinZipper.deb
Key Found : HKLM\SOFTWARE\Classes\WinZipper.dmg
Key Found : HKLM\SOFTWARE\Classes\WinZipper.fat
Key Found : HKLM\SOFTWARE\Classes\WinZipper.gz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.gzip
Key Found : HKLM\SOFTWARE\Classes\WinZipper.hfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.iso
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lha
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lzh
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lzma
Key Found : HKLM\SOFTWARE\Classes\WinZipper.ntfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.rar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.rpm
Key Found : HKLM\SOFTWARE\Classes\WinZipper.squashfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.swm
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.taz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tbz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tbz2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tgz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tpz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.txz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.vhd
Key Found : HKLM\SOFTWARE\Classes\WinZipper.wim
Key Found : HKLM\SOFTWARE\Classes\WinZipper.xar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.xz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.z
Key Found : HKLM\SOFTWARE\Classes\WinZipper.zip
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\delta-homesSoftware
Key Found : HKLM\SOFTWARE\Desksvc
Key Found : HKLM\SOFTWARE\ff4c82e1-8d72-1dc7-638c-a0a56d815669
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\SOFTWARE\hdcode
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{1e10da1e}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{caa5fe02}
Key Found : HKLM\SOFTWARE\mystartsearchSoftware
Key Found : HKLM\SOFTWARE\nationzoomSoftware
Key Found : HKLM\SOFTWARE\V9
Key Found : HKLM\SOFTWARE\winzipersvc
Key Found : HKLM\SOFTWARE\YourFileDownloader
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\DefaultTab
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=NT_ss&mntrId=4EAE30F9EDF08D22
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - hxxp://www.delta-search.com/?affID=121845&tt=gc_&babsrc=HP_ss&mntrId=4EAE2AEDB9D4AFFF
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v44.0.2403.155
 
 
*************************
 
AdwCleaner[R0].txt - [17626 bytes] - [14/08/2015 12:23:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17686 bytes] ##########

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have a fresh FRST scan please

Looks like windows defender has been broken I will fix that once I have a fresh look at the system
  • 0

#9
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here you are sir. My original AVG had also vanished in thin air. Also the IE has the same issues as chrome.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-08-2015
Ran by SONY (administrator) on SONY-PC (14-08-2015 17:47:03)
Running from C:\Users\SONY\Desktop\repair
Loaded Profiles: SONY (Available Profiles: SONY)
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Disc Soft Ltd) D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Yontoo LLC) C:\Users\SONY\AppData\Roaming\Yontoo\YontooDesktop.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Gemalto N.V.) C:\Users\SONY\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
() C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}\syshost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corporation) C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-06-06] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [CheckNDISPort] => C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe [454656 2014-11-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [iCloudServices] => D:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [ApplePhotoStreams] => D:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [Yontoo Desktop] => C:\Users\SONY\AppData\Roaming\Yontoo\YontooDesktop.exe [47392 2013-05-18] (Yontoo LLC)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-07] (Samsung)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\SONY\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [syshost32] => C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}\syshost.exe [448000 2015-08-01] ()
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [GoogleChromeAutoLaunch_79F1A261ED58496F2C6780BA48906A79] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-08] (Google Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=HP_ss&mntrId=4EAE30F9EDF08D22
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> DefaultScope {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-08-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-08-14] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1F4FAC8C-915D-4FC8-94D8-031BED8E413C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{349C048B-AE67-45E3-8609-D98E2B083689}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B5B73DB1-AD11-4E7C-A720-44EC83E005F8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EDA363DA-E2EF-4E98-819D-84CC657ED5D0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{FC7510BB-0952-45C0-B122-6D105F7ED926}: [DhcpNameServer] 192.168.42.129
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoo...C1EC1RSUH5RSUH5
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [2013-12-11] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [2013-12-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-14]
CHR Extension: (Google Docs) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-14]
CHR Extension: (Google Drive) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-14]
CHR Extension: (Fun Dial) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2015-08-14]
CHR Extension: (YouTube) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-14]
CHR Extension: (Google Search) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-14]
CHR Extension: (Google Sheets) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-14]
CHR Extension: (Earth) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2015-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Gmail) - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-14]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\SONY\AppData\Local\newhb2.crx [2013-10-08]
CHR HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\SONY\AppData\Local\newhb2.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\SONY\AppData\Local\newhb2.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\SONY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit16.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 VSSS; C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [105338944 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-15] (DT Soft Ltd)
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-14 16:05 - 2015-08-14 16:08 - 00000000 ___HD C:\$AVG
2015-08-14 16:05 - 2015-08-14 16:08 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-14 15:58 - 2015-08-14 16:16 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-14 15:56 - 2015-08-14 15:56 - 00000000 ____D C:\Users\SONY\AppData\Local\Avg2015
2015-08-14 12:30 - 2015-08-14 12:31 - 00003204 _____ C:\Users\SONY\Downloads\FSS.txt
2015-08-14 12:23 - 2015-08-14 12:23 - 00000000 ____D C:\AdwCleaner
2015-08-14 12:22 - 2015-08-14 12:22 - 02248704 _____ C:\Users\SONY\Downloads\AdwCleaner.exe
2015-08-14 12:19 - 2015-08-14 12:19 - 00899072 _____ (Farbar) C:\Users\SONY\Downloads\FSS.exe
2015-08-14 12:12 - 2015-08-14 12:12 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-14 12:12 - 2015-08-14 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 12:11 - 2015-08-14 17:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-14 12:11 - 2015-08-14 15:20 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-14 12:11 - 2015-08-14 12:11 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-14 12:11 - 2015-08-14 12:11 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-14 12:11 - 2015-08-14 12:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-14 12:10 - 2015-08-14 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-14 12:10 - 2015-08-14 12:10 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-14 12:01 - 2015-08-14 12:15 - 00000000 ____D C:\Users\SONY\Desktop\repair
2015-08-14 11:24 - 2015-08-14 11:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-14 11:24 - 2015-08-14 11:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 19:09 - 2015-08-13 19:09 - 00689664 _____ C:\Users\SONY\Downloads\MicrosoftFixit50202.msi
2015-08-13 18:53 - 2015-07-30 01:49 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 18:53 - 2015-07-30 01:46 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 18:53 - 2015-07-30 01:46 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 18:53 - 2015-07-30 01:46 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 18:53 - 2015-07-30 01:46 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 18:53 - 2015-07-30 01:46 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-13 18:53 - 2015-07-30 01:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 18:53 - 2015-07-30 01:41 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 18:53 - 2015-05-21 18:42 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-08-13 18:53 - 2015-01-28 04:53 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-08-13 18:52 - 2015-03-19 08:37 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 18:52 - 2015-03-19 08:27 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-13 18:52 - 2015-03-19 08:27 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-13 18:52 - 2013-03-19 11:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 18:52 - 2013-03-19 10:23 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-13 18:52 - 2013-03-19 08:49 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 18:52 - 2012-06-01 10:47 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-08-13 18:52 - 2012-06-01 10:46 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-08-13 18:52 - 2012-06-01 10:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-08-13 18:52 - 2012-06-01 10:45 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-08-13 18:52 - 2012-06-01 10:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-08-13 18:52 - 2012-06-01 10:44 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-08-13 18:52 - 2012-06-01 10:17 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-08-13 18:52 - 2012-06-01 10:14 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-08-13 18:52 - 2012-06-01 10:14 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-08-13 18:52 - 2012-06-01 10:13 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-08-13 18:52 - 2012-06-01 10:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-08-13 18:52 - 2012-06-01 10:12 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-08-13 18:51 - 2014-09-15 06:14 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 18:47 - 2015-08-13 18:47 - 00677376 _____ C:\Users\SONY\Downloads\MicrosoftFixit50687.msi
2015-08-13 18:46 - 2015-08-13 18:46 - 00302011 _____ C:\Users\SONY\Downloads\WindowsUpdateDiagnostic (1).diagcab
2015-08-13 18:41 - 2015-08-13 18:41 - 00302011 _____ C:\Users\SONY\Downloads\WindowsUpdateDiagnostic.diagcab
2015-08-13 18:32 - 2015-08-13 18:32 - 00037520 _____ C:\Users\SONY\Downloads\Addition.txt
2015-08-13 18:31 - 2015-08-13 18:32 - 00032937 _____ C:\Users\SONY\Downloads\FRST.txt
2015-08-13 18:30 - 2015-08-14 17:47 - 00000000 ____D C:\FRST
2015-08-13 18:19 - 2015-08-14 16:03 - 00000000 ____D C:\ProgramData\MFAData
2015-08-13 18:19 - 2015-08-13 18:19 - 00000000 ____D C:\Users\SONY\AppData\Local\MFAData
2015-08-13 17:56 - 2015-08-13 18:00 - 00450475 _____ C:\Users\SONY\Downloads\avgremover.log
2015-08-13 17:54 - 2015-08-13 17:56 - 199148008 _____ (AVG Technologies) C:\Users\SONY\Downloads\avg_avc_x64_all_2015_ltst_223.exe
2015-08-13 17:52 - 2015-08-13 17:53 - 16902632 _____ (AVG Technologies) C:\Users\SONY\Downloads\avg_gsr_stb_all_ltst_95.exe
2015-08-13 16:25 - 2015-08-13 16:25 - 00003130 _____ C:\Windows\System32\Tasks\{B769DC04-C6C6-4D49-8AE6-83C4EB27F67E}
2015-08-13 16:24 - 2015-07-31 10:03 - 00009253 _____ C:\Users\SONY\Downloads\historyv.txt
2015-08-13 16:14 - 2015-08-13 16:14 - 00000000 ____D C:\inetpub
2015-08-13 16:13 - 2015-08-13 16:13 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 16:12 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 16:11 - 2012-07-07 01:28 - 00552448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-08-13 16:11 - 2011-04-28 09:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-08-13 16:11 - 2011-03-25 08:53 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-08-13 16:11 - 2011-03-25 08:53 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-08-13 16:11 - 2011-03-25 08:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-08-13 16:11 - 2011-03-25 08:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-08-13 16:11 - 2011-03-25 08:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-08-13 16:11 - 2011-03-25 08:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-08-13 16:11 - 2011-03-25 08:52 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 01657216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 00187264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-08-13 16:11 - 2011-03-11 11:53 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-08-13 16:11 - 2011-03-11 11:52 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-08-13 16:11 - 2011-03-11 11:52 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-08-13 16:11 - 2011-03-11 11:48 - 02566144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-08-13 16:11 - 2011-03-11 11:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-08-13 16:11 - 2011-03-11 11:09 - 01686016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-08-13 16:11 - 2011-03-11 11:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-08-13 16:11 - 2011-03-11 10:01 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-08-13 15:45 - 2015-07-31 11:07 - 00005885 _____ C:\Users\SONY\Downloads\history.txt
2015-08-13 14:51 - 2015-08-14 16:09 - 00000000 ____D C:\Users\SONY\AppData\Local\AvgSetupLog
2015-08-13 14:51 - 2015-08-14 16:09 - 00000000 ____D C:\ProgramData\Avg
2015-08-13 14:50 - 2015-08-13 14:50 - 16902256 _____ (AVG Technologies) C:\Users\SONY\Downloads\avg_gsr_stb_all_ltst_103.exe
2015-08-13 12:44 - 2015-08-13 14:58 - 00000181 _____ C:\cleanup.bat
2015-08-13 12:38 - 2015-08-13 12:39 - 00151880 _____ C:\Users\SONY\Documents\cc_20150813_123842.reg
2015-08-13 12:37 - 2015-08-13 12:37 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-13 12:37 - 2015-08-13 12:37 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-13 12:37 - 2015-08-13 12:37 - 00000000 ____D C:\Program Files\CCleaner
2015-08-13 12:36 - 2015-08-13 12:36 - 06609608 _____ (Piriform Ltd) C:\Users\SONY\Downloads\ccsetup508.exe
2015-08-13 11:54 - 2015-08-13 12:13 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Panda Security
2015-08-13 11:53 - 2015-08-13 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-08-13 11:51 - 2015-08-13 13:13 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-12 15:52 - 2015-08-12 15:53 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\SONY\Downloads\avg_remover_stf_x86_2015_5501.exe
2015-08-12 14:48 - 2015-08-12 14:56 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-12 14:32 - 2015-08-12 14:32 - 00000000 ____D C:\Program Files (x86)\LighterModule
2015-08-12 14:16 - 2015-08-12 14:17 - 05091592 _____ (AVG Technologies) C:\Users\SONY\Downloads\avg_free_stb_all_2015_ltst_284.exe
2015-08-12 12:53 - 2015-08-12 12:53 - 00000000 ____D C:\MATS
2015-08-12 12:50 - 2015-08-12 12:50 - 00347816 _____ (Microsoft Corporation) C:\Users\SONY\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-08-12 12:43 - 2015-08-12 13:14 - 00000024 _____ C:\Users\SONY\AppData\Roaming\appdataFr25.bin
2015-08-12 12:14 - 2015-08-12 12:14 - 00000000 ____D C:\Users\SONY\AppData\Roaming\LightningDownloader
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\Tag Assistant by
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\IndepthProc
2015-08-12 12:12 - 2015-08-12 12:44 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-08-12 12:08 - 2015-08-14 12:08 - 00000396 _____ C:\Windows\Tasks\FindYourFlavor.job
2015-08-12 12:08 - 2015-08-12 12:08 - 00003306 _____ C:\Windows\System32\Tasks\FindYourFlavor
2015-08-12 12:08 - 2015-08-12 12:08 - 00000000 ____D C:\ProgramData\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}
2015-08-11 18:52 - 2015-08-11 18:52 - 00003160 _____ C:\Windows\System32\Tasks\{38E7AD39-FC48-4125-B56E-1A73A86E520D}
2015-08-02 11:58 - 2015-08-06 16:54 - 00000000 ____D C:\Users\SONY\Desktop\europe
2015-08-01 23:15 - 2015-08-01 23:15 - 00000000 ____D C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-14 16:55 - 2014-02-14 09:55 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2015-08-14 16:24 - 2013-05-15 04:30 - 01573427 _____ C:\Windows\WindowsUpdate.log
2015-08-14 15:56 - 2009-07-14 10:43 - 00822620 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-14 15:54 - 2013-05-20 11:21 - 00000000 ____D C:\Users\SONY\AppData\Roaming\Yontoo
2015-08-14 14:52 - 2013-06-11 11:38 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-08-14 12:37 - 2014-06-16 12:16 - 00000000 ____D C:\Windows\Minidump
2015-08-14 12:37 - 2009-07-14 10:15 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-14 12:37 - 2009-07-14 10:15 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-14 12:30 - 2015-03-27 12:54 - 00000000 ____D C:\Program Files (x86)\Mblaze_Home
2015-08-14 12:29 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-14 12:12 - 2013-05-14 16:43 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-14 11:25 - 2009-07-14 10:15 - 00447976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 11:24 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-08-14 11:24 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\inetsrv
2015-08-14 11:24 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\AppCompat
2015-08-14 10:22 - 2013-05-20 12:30 - 00816836 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-14 10:12 - 2015-04-20 22:12 - 00000454 _____ C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-08-13 14:51 - 2015-06-03 12:16 - 00000000 ____D C:\Users\SONY\AppData\Local\Avg
2015-08-13 12:41 - 2013-05-15 12:38 - 00000000 ____D C:\Users\SONY\AppData\Roaming\uTorrent
2015-08-13 12:41 - 2013-05-15 05:27 - 00000000 ____D C:\Windows\Panther
2015-08-13 12:41 - 2013-05-14 17:19 - 00000000 ____D C:\Users\SONY\AppData\Roaming\DAEMON Tools Lite
2015-08-13 11:54 - 2013-05-14 16:43 - 00110368 _____ C:\Users\SONY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-12 14:12 - 2013-05-14 21:36 - 00000000 ___RD C:\Users\SONY\Desktop\Icons
2015-08-12 12:47 - 2015-04-20 22:19 - 00000000 ____D C:\ProgramData\13937395122847156029
2015-08-09 11:48 - 2013-05-16 17:05 - 00000000 ____D C:\Users\SONY\AppData\Roaming\vlc
 
==================== Files in the root of some directories =======
 
2015-08-12 12:43 - 2015-08-12 13:14 - 0000024 _____ () C:\Users\SONY\AppData\Roaming\appdataFr25.bin
2013-07-27 20:44 - 2014-09-19 17:39 - 0000094 _____ () C:\Users\SONY\AppData\Roaming\WB.CFG
2013-12-31 09:02 - 2014-01-02 11:19 - 0000005 _____ () C:\Users\SONY\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-15 12:35 - 2014-01-22 11:58 - 0000005 _____ () C:\Users\SONY\AppData\Roaming\WBPU-TTL.DAT
2013-10-08 11:14 - 2013-10-08 11:14 - 0361117 _____ () C:\Users\SONY\AppData\Local\newhb2.crx
 
Some files in TEMP:
====================
C:\Users\SONY\AppData\Local\Temp\Quarantine.exe
C:\Users\SONY\AppData\Local\Temp\sqlite3.dll
C:\Users\SONY\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-14 11:52
 
==================== End of log ============================

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This time if possible I would like you to run the fix from safe mode

If the system blue screens again let me know and I will use a stronger tool

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [syshost32] => C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}\syshost.exe [448000 2015-08-01] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=HP_ss&mntrId=4EAE30F9EDF08D22
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> DefaultScope {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoo...C1EC1RSUH5RSUH5
R2 VSSS; C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [105338944 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-08-14 16:05 - 2015-08-14 16:08 - 00000000 ___HD C:\$AVG
2015-08-14 16:05 - 2015-08-14 16:08 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-14 15:58 - 2015-08-14 16:16 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-14 15:56 - 2015-08-14 15:56 - 00000000 ____D C:\Users\SONY\AppData\Local\Avg2015
2015-08-13 18:19 - 2015-08-14 16:03 - 00000000 ____D C:\ProgramData\MFAData
2015-08-13 18:19 - 2015-08-13 18:19 - 00000000 ____D C:\Users\SONY\AppData\Local\MFAData
2015-08-13 17:56 - 2015-08-13 18:00 - 00450475 _____ C:\Users\SONY\Downloads\avgremover.log
2015-08-13 14:51 - 2015-08-14 16:09 - 00000000 ____D C:\Users\SONY\AppData\Local\AvgSetupLog
2015-08-13 14:51 - 2015-08-14 16:09 - 00000000 ____D C:\ProgramData\Avg
2015-08-12 14:32 - 2015-08-12 14:32 - 00000000 ____D C:\Program Files (x86)\LighterModule
2015-08-12 12:14 - 2015-08-12 12:14 - 00000000 ____D C:\Users\SONY\AppData\Roaming\LightningDownloader
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\Tag Assistant by
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\IndepthProc
2015-08-12 12:12 - 2015-08-12 12:44 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-08-12 12:08 - 2015-08-14 12:08 - 00000396 _____ C:\Windows\Tasks\FindYourFlavor.job
2015-08-12 12:08 - 2015-08-12 12:08 - 00003306 _____ C:\Windows\System32\Tasks\FindYourFlavor
2015-08-12 12:08 - 2015-08-12 12:08 - 00000000 ____D C:\ProgramData\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}
2015-08-11 18:52 - 2015-08-11 18:52 - 00003160 _____ C:\Windows\System32\Tasks\{38E7AD39-FC48-4125-B56E-1A73A86E520D}
2015-08-01 23:15 - 2015-08-01 23:15 - 00000000 ____D C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}
2015-08-14 16:55 - 2014-02-14 09:55 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2015-08-14 10:12 - 2015-04-20 22:12 - 00000454 _____ C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-08-13 14:51 - 2015-06-03 12:16 - 00000000 ____D C:\Users\SONY\AppData\Local\Avg
2015-08-12 12:47 - 2015-04-20 22:19 - 00000000 ____D C:\ProgramData\13937395122847156029
C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}
C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

Advertisements


#11
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

It succeeded in safe mode...here the fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-08-2015
Ran by SONY (2015-08-14 18:42:35) Run:1
Running from C:\Users\SONY\Desktop\repair
Loaded Profiles: SONY (Available Profiles: SONY)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\...\Run: [syshost32] => C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}\syshost.exe [448000 2015-08-01] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File not found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=HP_ss&mntrId=4EAE30F9EDF08D22
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> DefaultScope {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439361843&z=938c34b962509801699beb5g9z9c4t3cbq4g0m8wdt&from=wpc&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXC1EC1RSUH5RSUH5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4220597351-1278389899-3307482538-1000 -> {E2F13F43-6E94-4C7B-ADED-84B3CC60203C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoo...C1EC1RSUH5RSUH5
R2 VSSS; C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [105338944 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-08-14 16:05 - 2015-08-14 16:08 - 00000000 ___HD C:\$AVG
2015-08-14 16:05 - 2015-08-14 16:08 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-14 15:58 - 2015-08-14 16:16 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-14 15:56 - 2015-08-14 15:56 - 00000000 ____D C:\Users\SONY\AppData\Local\Avg2015
2015-08-13 18:19 - 2015-08-14 16:03 - 00000000 ____D C:\ProgramData\MFAData
2015-08-13 18:19 - 2015-08-13 18:19 - 00000000 ____D C:\Users\SONY\AppData\Local\MFAData
2015-08-13 17:56 - 2015-08-13 18:00 - 00450475 _____ C:\Users\SONY\Downloads\avgremover.log
2015-08-13 14:51 - 2015-08-14 16:09 - 00000000 ____D C:\Users\SONY\AppData\Local\AvgSetupLog
2015-08-13 14:51 - 2015-08-14 16:09 - 00000000 ____D C:\ProgramData\Avg
2015-08-12 14:32 - 2015-08-12 14:32 - 00000000 ____D C:\Program Files (x86)\LighterModule
2015-08-12 12:14 - 2015-08-12 12:14 - 00000000 ____D C:\Users\SONY\AppData\Roaming\LightningDownloader
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\Tag Assistant by
2015-08-12 12:13 - 2015-08-12 12:13 - 00000000 ____D C:\Program Files (x86)\IndepthProc
2015-08-12 12:12 - 2015-08-12 12:44 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-08-12 12:08 - 2015-08-14 12:08 - 00000396 _____ C:\Windows\Tasks\FindYourFlavor.job
2015-08-12 12:08 - 2015-08-12 12:08 - 00003306 _____ C:\Windows\System32\Tasks\FindYourFlavor
2015-08-12 12:08 - 2015-08-12 12:08 - 00000000 ____D C:\ProgramData\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430}
2015-08-11 18:52 - 2015-08-11 18:52 - 00003160 _____ C:\Windows\System32\Tasks\{38E7AD39-FC48-4125-B56E-1A73A86E520D}
2015-08-01 23:15 - 2015-08-01 23:15 - 00000000 ____D C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}
2015-08-14 16:55 - 2014-02-14 09:55 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2015-08-14 10:12 - 2015-04-20 22:12 - 00000454 _____ C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-08-13 14:51 - 2015-06-03 12:16 - 00000000 ____D C:\Users\SONY\AppData\Local\Avg
2015-08-12 12:47 - 2015-04-20 22:19 - 00000000 ____D C:\ProgramData\13937395122847156029
C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}
C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Error: Restore point can only be created in normal mode.
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Windows\CurrentVersion\Run\\syshost32 => value removed successfully
"c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value removed successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value removed successfully
"HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. 
"HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
"HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found. 
"HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2F13F43-6E94-4C7B-ADED-84B3CC60203C}" => key removed successfully
HKCR\CLSID\{E2F13F43-6E94-4C7B-ADED-84B3CC60203C} => key not found. 
"HKCR\PROTOCOLS\Filter\deflate" => key removed successfully
"HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311}" => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
VSSS => service removed successfully
AVGIDSHA => service not found.
Avgrkx64 => service not found.
Avgtdia => service not found.
KProcessHacker2 => service not found.
"C:\$AVG" => File/Folder not found.
"C:\ProgramData\AVG2015" => File/Folder not found.
C:\Program Files (x86)\AVG => moved successfully.
"C:\Users\SONY\AppData\Local\Avg2015" => File/Folder not found.
C:\ProgramData\MFAData => moved successfully.
C:\Users\SONY\AppData\Local\MFAData => moved successfully.
C:\Users\SONY\Downloads\avgremover.log => moved successfully.
C:\Users\SONY\AppData\Local\AvgSetupLog => moved successfully.
C:\ProgramData\Avg => moved successfully.
C:\Program Files (x86)\LighterModule => moved successfully.
C:\Users\SONY\AppData\Roaming\LightningDownloader => moved successfully.
C:\Program Files (x86)\Tag Assistant by => moved successfully.
C:\Program Files (x86)\IndepthProc => moved successfully.
C:\Program Files (x86)\bestadblocker => moved successfully.
C:\Windows\Tasks\FindYourFlavor.job => moved successfully.
C:\Windows\System32\Tasks\FindYourFlavor => moved successfully.
C:\ProgramData\{2e64b90c-1d74-2a07-2e64-4b90c1d7e430} => moved successfully.
C:\Windows\System32\Tasks\{38E7AD39-FC48-4125-B56E-1A73A86E520D} => moved successfully.
C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B} => moved successfully.
C:\Windows\Tasks\Digital Sites.job => moved successfully.
C:\Windows\Tasks\Bidaily Synchronize Task.job => moved successfully.
C:\Users\SONY\AppData\Local\Avg => moved successfully.
C:\ProgramData\13937395122847156029 => moved successfully.
"C:\Users\SONY\AppData\Local\{EEA44684-5378-A27F-AA15-394E8949477B}" => File/Folder not found.
C:\Users\SONY\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
"C:\Program Files\kprocesshacker.sys" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4220597351-1278389899-3307482538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.
 
 
 
========= End of CMD: =========
 
EmptyTemp: => 402.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 18:42:44 ====

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK now run AdwCleaner again and this time select clean... 

 

Once done install a fresh copy of AVG and let me know how that is running


  • 0

#13
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Absolutely smashing sir. It worked finally. I have AVG 2015 free edition installed, virus definitions up to date and a scan running now. I am deeply grateful to you.


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once the scan is complete could you let me know of any outstanding problems
  • 0

#15
sumbul

sumbul

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hello sir,

 

No apparent problems, trojan and other viruses were detected and removed by AVG scan however I am not able to find the archived report for you.


  • 0






Similar Topics


Also tagged with one or more of these keywords: AVG, Avast, Panda

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP