Solved Infected W7 Pro

learninmypc · Nov 6, 2017

I've already cleaned some of it up, just need you to make sure its clean, thanks in advance

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Dell Vostro 1000 (administrator) on DELLVOSTRO1000 (06-11-2017 14:03:27)
Running from C:\Users\Dell Vostro 1000\Desktop
Loaded Profiles: Dell Vostro 1000 (Available Profiles: Dell Vostro 1000)
Platform: Microsoft Windows 7 Professional (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-05] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Run: [Google Update] => C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-20] (Google Inc.)
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814656 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\MountPoints2: {21c6ee82-c26c-11e7-b911-0021707cadb6} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\MountPoints2: {8a8c2786-5fe6-11e2-bc1d-0021707cadb6} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2017-11-06] (Microsoft Corporation)
Startup: C:\Users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-08-19]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBF3435B-C76A-42D1-852D-9A863CF9543F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?fr=fp-msgr
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-msgr
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iplay.com/?o=shp
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {84AF6053-CBF5-4E3D-B2DD-C09F693A207D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=chr-msgr
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={CB85FC95-1FC2-42A5-8B0F-3EEC10E93E9E}&mid=677ec3b8565747d09fa7d16836984445-0609466699721699054b6aae37a8f7d5486a672c&lang=en&ds=AVG&pr=fr&d=2013-01-16 18:37:52&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO: Iplay Gamesbar -> {7ffa5f54-1c4f-46de-8576-c271a0dd482f} -> C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll => No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM - Iplay Gamesbar - {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-06-01] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dell Vostro 1000\AppData\Roaming\Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 [2017-11-06]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 -> Google
FF NetworkProxy: Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-30] (Adobe Systems, Inc.)
FF Plugin: @Oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dell Vostro 1000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-01-15] (mozilla.org)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-01-15]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Slides) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-05]
CHR Extension: (Docs) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-05]
CHR Extension: (Google Drive) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Adguard AdBlocker) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-05]
CHR Extension: (YouTube) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Sheets) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-05]
StartMenuInternet: Google Chrome.TYRE6KKZI4WAYA4S2SQAD7ADIA - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-11-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-05] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255624 2017-11-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-11-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-11-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-11-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-11-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-11-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99560 2017-11-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-11-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [783648 2017-11-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [499560 2017-11-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [149824 2017-11-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [297840 2017-11-05] (AVAST Software)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-06] (Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 14:03 - 2017-11-06 14:03 - 000012967 _____ C:\Users\Dell Vostro 1000\Desktop\FRST.txt
2017-11-06 10:38 - 2017-11-06 10:38 - 000000000 ____D C:\Windows\system32\SPReview
2017-11-06 10:37 - 2017-11-06 10:37 - 000000000 ____D C:\Windows\system32\EventProviders
2017-11-06 10:32 - 2017-11-06 14:03 - 000000000 ____D C:\FRST
2017-11-06 10:32 - 2017-11-06 10:32 - 001799680 _____ (Farbar) C:\Users\Dell Vostro 1000\Desktop\FRST.exe
2017-11-06 09:24 - 2017-11-06 09:24 - 002082630 _____ (J.C. Kessels ) C:\Users\Dell Vostro 1000\Desktop\MyDefrag-v431.exe
2017-11-05 18:26 - 2010-01-08 22:52 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2017-11-05 18:26 - 2009-12-28 22:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-11-05 18:20 - 2017-11-05 18:20 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-05 18:20 - 2017-11-05 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-05 18:20 - 2017-11-05 18:20 - 000000000 ____D C:\Program Files\CCleaner
2017-11-05 18:17 - 2017-11-05 18:17 - 000040924 __RSH C:\ProgramData\ntuser.pol
2017-11-05 18:16 - 2017-11-05 18:18 - 000000000 ____D C:\Program Files\SpywareBlaster
2017-11-05 18:16 - 2017-11-05 18:16 - 000001041 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2017-11-05 18:16 - 2017-11-05 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-11-05 18:16 - 2012-05-02 12:17 - 001070152 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX
2017-11-05 18:16 - 2009-03-24 13:52 - 000129872 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2017-11-05 18:11 - 2017-11-05 18:11 - 004291320 _____ (BrightFort LLC ) C:\Users\Dell Vostro 1000\Downloads\spywareblastersetup55.exe
2017-11-05 18:09 - 2017-11-05 18:10 - 010427120 _____ (Piriform Ltd) C:\Users\Dell Vostro 1000\Downloads\ccsetup536.exe
2017-11-05 15:19 - 2017-11-05 15:19 - 000001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-11-05 15:03 - 2017-11-05 15:03 - 000000000 ____D C:\Users\Dell Vostro 1000\AppData\Roaming\AVAST Software
2017-11-05 15:03 - 2017-11-05 15:03 - 000000000 ____D C:\Users\Dell Vostro 1000\AppData\Local\CEF
2017-11-05 15:02 - 2017-11-05 15:02 - 000783648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-11-05 15:02 - 2017-11-05 15:02 - 000499560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-05 15:02 - 2017-11-05 15:02 - 000297840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-05 15:02 - 2017-11-05 15:02 - 000149824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-05 15:02 - 2017-11-05 15:02 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-05 15:02 - 2017-11-05 15:02 - 000099560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-05 15:02 - 2017-11-05 15:02 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-05 15:02 - 2017-11-05 15:02 - 000042856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-05 15:02 - 2017-11-05 15:02 - 000002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-11-05 15:02 - 2017-11-05 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-11-05 15:02 - 2017-11-05 15:01 - 000921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2017-11-05 15:02 - 2017-11-05 15:01 - 000304816 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-05 15:02 - 2017-11-05 15:01 - 000276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-11-05 15:02 - 2017-11-05 15:01 - 000255624 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-11-05 15:02 - 2017-11-05 15:01 - 000157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-11-05 15:02 - 2017-11-05 15:01 - 000050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-11-05 15:00 - 2017-11-05 15:00 - 000000000 ____D C:\Program Files\AVAST Software
2017-11-05 14:58 - 2017-11-05 15:59 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-05 14:39 - 2017-11-05 14:39 - 000000000 _____ C:\Windows\ativpsrm.bin
2017-11-05 14:32 - 2017-11-05 14:36 - 000000000 ____D C:\Windows\system32\MRT
2017-11-05 14:32 - 2017-11-05 14:32 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-05 14:31 - 2017-11-05 14:32 - 124059592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-05 14:31 - 2016-06-25 07:43 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2017-11-05 14:31 - 2011-04-08 21:56 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-11-05 14:31 - 2010-12-17 21:29 - 000541184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-11-05 14:31 - 2009-12-08 00:05 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-11-05 14:30 - 2015-03-18 18:57 - 003963320 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-11-05 14:30 - 2015-03-18 18:57 - 003908024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-11-05 14:30 - 2014-09-14 16:42 - 002377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-05 14:30 - 2013-03-18 20:54 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-11-05 14:30 - 2013-03-18 18:50 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-11-05 14:30 - 2009-12-08 00:05 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-11-05 14:27 - 2012-06-02 15:19 - 000171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-11-05 14:27 - 2012-06-02 15:12 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-11-05 14:27 - 2012-06-02 14:19 - 001933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-11-05 14:27 - 2012-06-02 14:19 - 000577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-11-05 14:27 - 2012-06-02 14:19 - 000053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-11-05 14:27 - 2012-06-02 14:19 - 000045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-11-05 14:27 - 2012-06-02 14:19 - 000035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-11-05 14:27 - 2012-06-02 14:12 - 002422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-11-05 14:27 - 2012-06-02 14:12 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-11-05 14:22 - 2017-11-05 16:53 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-11-05 14:22 - 2017-11-05 16:53 - 000001005 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-11-05 14:22 - 2017-11-05 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-11-05 14:22 - 2017-11-05 16:53 - 000000000 ____D C:\Program Files\RogueKiller
2017-11-05 14:22 - 2017-11-05 14:37 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-05 14:20 - 2017-11-06 13:49 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-05 14:17 - 2017-11-05 14:19 - 000000000 ____D C:\AdwCleaner
2017-11-05 14:15 - 2017-11-05 14:15 - 000448512 _____ (OldTimer Tools) C:\Users\Dell Vostro 1000\Desktop\TFC.exe
2017-11-05 14:13 - 2017-11-05 14:13 - 008261584 _____ (Malwarebytes) C:\Users\Dell Vostro 1000\Desktop\AdwCleaner.exe
2017-11-05 13:52 - 2017-11-05 13:52 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-11-05 13:52 - 2017-11-05 13:52 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-05 13:52 - 2017-11-05 13:52 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-05 13:51 - 2017-11-05 14:19 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-11-05 13:51 - 2017-11-05 13:51 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-05 13:51 - 2017-11-05 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-05 13:51 - 2017-11-05 13:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-05 13:51 - 2017-11-05 13:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-05 13:21 - 2017-11-05 13:21 - 000000000 ____D C:\Users\Dell Vostro 1000\AppData\Roaming\SUPERAntiSpyware.com
2017-11-05 13:20 - 2017-11-05 13:21 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-05 13:20 - 2017-11-05 13:20 - 000001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-11-05 13:20 - 2017-11-05 13:20 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-11-05 13:20 - 2017-11-05 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 13:55 - 2009-07-13 20:34 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-06 13:55 - 2009-07-13 20:34 - 000020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-06 13:48 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-06 10:30 - 2013-01-16 06:16 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-06 10:30 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2017-11-05 18:22 - 2013-01-16 06:01 - 000000000 ____D C:\Windows\Panther
2017-11-05 18:18 - 2015-12-18 05:27 - 000000000 ____D C:\ProgramData\TEMP
2017-11-05 18:16 - 2009-07-13 18:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-11-05 16:43 - 2015-01-18 21:03 - 000000000 ____D C:\ProgramData\Yahoo!
2017-11-05 16:43 - 2015-01-18 21:00 - 000000000 ____D C:\Program Files\Yahoo!
2017-11-05 15:19 - 2014-08-21 07:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-11-05 15:18 - 2015-01-18 21:04 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-11-05 15:18 - 2013-01-16 18:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-11-05 15:18 - 2013-01-16 18:24 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-05 15:18 - 2013-01-16 18:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-05 15:11 - 2013-01-16 18:25 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-11-05 15:10 - 2013-01-16 18:24 - 000000000 ____D C:\Windows\system32\Adobe
2017-11-05 14:50 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\system32\NDF
2017-11-05 14:39 - 2009-07-13 20:33 - 000292176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-05 14:19 - 2015-01-18 21:04 - 000000000 ____D C:\Users\Dell Vostro 1000\AppData\Roaming\Yahoo!
2017-11-05 14:19 - 2015-01-18 21:04 - 000000000 ____D C:\Users\Dell Vostro 1000\AppData\LocalLow\Yahoo!
2017-11-05 13:15 - 2015-01-03 17:54 - 000002393 _____ C:\Users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

Some files in TEMP:
====================
2017-11-05 16:53 - 2009-07-13 17:17 - 001286144 _____ (Microsoft Corporation) C:\Users\Dell Vostro 1000\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-21 15:11

==================== End of FRST.txt ============================

learninmypc · Nov 6, 2017

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Dell Vostro 1000 (06-11-2017 14:04:21)
Running from C:\Users\Dell Vostro 1000\Desktop
Microsoft Windows 7 Professional (X86) (2013-01-16 14:10:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2096075369-1562336306-3977701488-500 - Administrator - Disabled)
Dell Vostro 1000 (S-1-5-21-2096075369-1562336306-3977701488-1000 - Administrator - Enabled) => C:\Users\Dell Vostro 1000
Guest (S-1-5-21-2096075369-1562336306-3977701488-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.11 - Belarc Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chainz 2 (remove only) (HKLM\...\Chainz 2) (Version: - )
Google Chrome (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Mahjongg XP Championship (HKLM\...\Mahjongg XP Championship) (Version: 1.0.0.0 - Selectsoft Publishing)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
RogueKiller version 12.11.22.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.22.0 - Adlice Software)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Wizard101 (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1214AFA4-0193-4FC1-8985-16987DD08DF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-05] (Adobe Systems Incorporated)
Task: {2E21B8FC-1E54-4FFA-BDAB-5683A018EAF7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-05] (AVAST Software)
Task: {989E8014-BCCC-45D8-B8E0-63350F68BF90} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2096075369-1562336306-3977701488-1000UA => C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D7F2F094-BF62-4110-8F97-4ABCC589A754} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {E59C7D5A-AF05-4418-A4B2-3D0C93F5B5BC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {F6A065CC-7C18-47EF-8DF8-95C196FED7A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2096075369-1562336306-3977701488-1000Core => C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FF04FCEF-94E1-46A9-BE3E-40680DC34237} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-11-05 15:01 - 2017-11-05 15:01 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-06 09:04 - 2017-11-06 09:04 - 005882552 _____ () C:\Program Files\AVAST Software\Avast\defs\17110602\algo.dll
2017-11-05 15:01 - 2017-11-05 15:02 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-11-05 15:02 - 2017-11-05 15:02 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-05 13:51 - 2017-11-05 14:19 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 000985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2009-06-10 13:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5A25D2B7-AC5B-4827-885F-29CE2BBCD4D5}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{17329B63-6CE0-4582-9854-5D058201EC5D}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B4A35576-0415-4E97-93C7-EEF37528577B}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{29771AFE-927E-47F3-8F54-38E0E20B633E}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{392A9535-3528-4A5A-8065-E56300CFB281}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{8C326535-4DEB-4DE7-8E6B-4CD39F1DD1BB}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{AD756112-0C14-426E-9E65-FC8E0AB7E7C2}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{F0F94A85-AF5C-4EA9-B636-8ED25998EFF3}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{D8A99544-AC3F-402D-8D13-69421B133529}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{835E6BED-5922-4310-923F-F0FB31F70C4F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{536E88D5-86E0-4D2E-86B3-205EC6E099D4}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D6A683A0-02CF-4BE4-BAFE-3404E8CF622F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{8794FBD0-8C35-4651-A8D4-9303945D1838}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{336BE5F0-6063-44D5-8C23-2C0538110C5A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B19A756E-1F8E-4D47-8668-199E1416D3B8}C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{BC31CD29-6714-4EE8-B120-88324804C0BD}C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe

==================== Restore Points =========================

06-11-2017 10:38:25 Windows 7 Service Pack 1
06-11-2017 11:36:50 Windows Update

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2017 10:38:25 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11 - 0000012C,0x00560034,0024CFC0,0,0024BFB8,4096,[0]).

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (11/05/2017 06:41:53 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:53 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/05/2017 06:41:53 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:53 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:53 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

System errors:
=============
Error: (11/06/2017 01:51:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800705b4: Windows 7 Service Pack 1 (KB976932).

Error: (11/06/2017 11:38:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (11/06/2017 11:37:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (11/06/2017 11:28:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (11/06/2017 10:37:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (11/06/2017 09:15:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
The class is configured to run as a security id different from the caller

Error: (11/06/2017 09:12:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:08:59 AM on ‎11/‎6/‎2017 was unexpected.

Error: (11/06/2017 09:07:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (11/05/2017 06:43:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error:
The media is write protected.

Error: (11/05/2017 06:42:54 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846 = The request is not supported..

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 37%
Total physical RAM: 1918.05 MB
Available physical RAM: 1200.7 MB
Total Virtual: 3836.09 MB
Available Virtual: 3103.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:37.95 GB) NTFS
Drive d: (MAHJONGG XP) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Nov 6, 2017

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

learninmypc · Nov 6, 2017

RogueKiller found nothing, running Malwarebytes now.

learninmypc · Nov 6, 2017

Malwarebytes & AdwCleaner came up clean.

Broni · Nov 6, 2017

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

learninmypc · Nov 6, 2017

ComboFix 17-10-17.01 - Dell Vostro 1000 11/06/2017 19:19:25.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.654 [GMT -8:00]
Running from: c:\users\Dell Vostro 1000\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2017-10-07 to 2017-11-07 )))))))))))))))))))))))))))))))
.
.
2017-11-07 03:29 . 2017-11-07 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-07 01:24 . 2017-11-07 01:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2017-11-07 00:36 . 2017-11-07 00:36 -------- d-----w- c:\windows\system32\SPReview
2017-11-06 18:37 . 2017-11-06 18:37 -------- d-----w- c:\windows\system32\EventProviders
2017-11-06 18:32 . 2017-11-06 22:05 -------- d-----w- C:\FRST
2017-11-06 17:49 . 2010-11-20 12:30 240000 ----a-w- c:\windows\system32\drivers\netio.sys
2017-11-06 17:48 . 2010-11-20 12:21 105984 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2017-11-06 17:47 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2017-11-06 17:47 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2017-11-06 02:20 . 2017-11-06 02:20 -------- d-----w- c:\program files\CCleaner
2017-11-06 02:16 . 2017-11-06 02:16 -------- d-----w- c:\programdata\Licenses
2017-11-06 02:16 . 2017-11-06 02:18 -------- d-----w- c:\program files\SpywareBlaster
2017-11-06 02:16 . 2012-05-02 20:17 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2017-11-06 02:16 . 2009-03-24 21:52 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2017-11-05 23:18 . 2017-11-05 23:18 58024 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2017-11-05 23:18 . 2017-11-05 23:18 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2017-11-05 23:18 . 2017-11-05 23:18 20648 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2017-11-05 23:18 . 2017-11-05 23:18 109736 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2017-11-05 23:18 . 2017-11-05 23:18 10592424 ----a-w- c:\program files\Mozilla Firefox\icudt55.dll
2017-11-05 23:18 . 2017-11-05 23:18 901288 ----a-w- c:\program files\Mozilla Firefox\icuuc55.dll
2017-11-05 23:18 . 2017-11-05 23:18 59560 ----a-w- c:\program files\Mozilla Firefox\lgpllibs.dll
2017-11-05 23:18 . 2017-11-05 23:18 1287848 ----a-w- c:\program files\Mozilla Firefox\icuin55.dll
2017-11-05 23:03 . 2017-11-05 23:03 -------- d-----w- c:\users\Dell Vostro 1000\AppData\Roaming\AVAST Software
2017-11-05 23:03 . 2017-11-05 23:03 -------- d-----w- c:\users\Dell Vostro 1000\AppData\Local\CEF
2017-11-05 23:00 . 2017-11-05 23:00 -------- d-----w- c:\program files\AVAST Software
2017-11-05 22:58 . 2017-11-05 23:59 -------- d-----w- c:\programdata\AVAST Software
2017-11-05 22:39 . 2017-11-05 22:39 0 ----a-w- c:\windows\ativpsrm.bin
2017-11-05 22:38 . 2017-11-05 22:38 -------- d-----w- c:\windows\Migration
2017-11-05 22:32 . 2017-11-05 22:36 -------- d-----w- c:\windows\system32\MRT
2017-11-05 22:32 . 2017-11-05 22:32 124059592 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2017-11-05 22:31 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2017-11-05 22:31 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-11-05 22:31 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2017-11-05 22:31 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2017-11-05 22:31 . 2016-06-25 15:43 301056 ----a-w- c:\windows\system32\EOSNotify.exe
2017-11-05 22:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2017-11-05 22:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2017-11-05 22:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2017-11-05 22:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2017-11-05 22:27 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2017-11-05 22:27 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2017-11-05 22:27 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2017-11-05 22:27 . 2012-06-02 23:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2017-11-05 22:27 . 2012-06-02 23:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2017-11-05 22:22 . 2017-11-07 02:13 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-11-05 22:22 . 2017-11-05 22:37 -------- d-----w- c:\programdata\RogueKiller
2017-11-05 22:22 . 2017-11-06 00:53 -------- d-----w- c:\program files\RogueKiller
2017-11-05 22:20 . 2017-11-07 01:57 221112 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-11-05 22:17 . 2017-11-07 02:48 -------- d-----w- C:\AdwCleaner
2017-11-05 21:52 . 2017-11-05 21:52 166848 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-11-05 21:52 . 2017-11-05 21:52 65824 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-11-05 21:52 . 2017-11-05 21:52 40352 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-11-05 21:51 . 2017-11-05 22:19 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-11-05 21:51 . 2017-11-05 21:51 -------- d-----w- c:\programdata\Malwarebytes
2017-11-05 21:51 . 2017-11-05 21:51 -------- d-----w- c:\program files\Malwarebytes
2017-11-05 21:51 . 2017-11-05 21:51 -------- d-----w- c:\users\Dell Vostro 1000\AppData\Local\Programs
2017-11-05 21:21 . 2017-11-05 21:21 -------- d-----w- c:\users\Dell Vostro 1000\AppData\Roaming\SUPERAntiSpyware.com
2017-11-05 21:20 . 2017-11-05 21:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2017-11-05 21:20 . 2017-11-05 21:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2017-11-05 21:19 . 2017-11-05 21:19 11282328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BFD8D9B-77E3-432E-A97F-B210B81F456F}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-07 00:40 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2017-11-05 23:18 . 2015-01-19 05:04 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-11-05 23:18 . 2013-01-17 02:24 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-11-05 23:01 1395224 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2017-10-18 7814656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-11-05 253344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2017-11-07 280576]
.
c:\users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-11-05 149824]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2017-11-05 5828816]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-11-05 42856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-11-05 255624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-11-05 783648]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-11-05 499560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2017-01-30 143776]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-11-05 124952]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-08-07 4430792]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2017-11-07 221112]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - TrueSight
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.iplay.com/?o=shp
mStart Page = hxxp://www.yahoo.com/?fr=fp-msgr
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dell Vostro 1000\AppData\Roaming\Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7ffa5f54-1c4f-46de-8576-c271a0dd482f} - c:\program files\iplay_en\encyclopediabritannicagamesbarX.dll
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{7ffa5f54-1c4f-46de-8576-c271a0dd482f} - c:\program files\iplay_en\encyclopediabritannicagamesbarX.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_183_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_183_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-11-06 19:31:48
ComboFix-quarantined-files.txt 2017-11-07 03:31
.
Pre-Run: 39,707,619,328 bytes free
Post-Run: 39,643,930,624 bytes free
.
- - End Of File - - 27A94BDFE06B7FF0D055B1C0279FFC4C
A36C5E4F47E84449FF07ED3517B43A31

learninmypc · Nov 6, 2017

ComboFix 17-10-17.01 - Dell Vostro 1000 11/06/2017 19:19:25.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.654 [GMT -8:00]
Running from: c:\users\Dell Vostro 1000\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2017-10-07 to 2017-11-07 )))))))))))))))))))))))))))))))
.
.
2017-11-07 03:29 . 2017-11-07 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-07 01:24 . 2017-11-07 01:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2017-11-07 00:36 . 2017-11-07 00:36 -------- d-----w- c:\windows\system32\SPReview
2017-11-06 18:37 . 2017-11-06 18:37 -------- d-----w- c:\windows\system32\EventProviders
2017-11-06 18:32 . 2017-11-06 22:05 -------- d-----w- C:\FRST
2017-11-06 17:49 . 2010-11-20 12:30 240000 ----a-w- c:\windows\system32\drivers\netio.sys
2017-11-06 17:48 . 2010-11-20 12:21 105984 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2017-11-06 17:47 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2017-11-06 17:47 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2017-11-06 02:20 . 2017-11-06 02:20 -------- d-----w- c:\program files\CCleaner
2017-11-06 02:16 . 2017-11-06 02:16 -------- d-----w- c:\programdata\Licenses
2017-11-06 02:16 . 2017-11-06 02:18 -------- d-----w- c:\program files\SpywareBlaster
2017-11-06 02:16 . 2012-05-02 20:17 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2017-11-06 02:16 . 2009-03-24 21:52 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2017-11-05 23:18 . 2017-11-05 23:18 58024 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2017-11-05 23:18 . 2017-11-05 23:18 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2017-11-05 23:18 . 2017-11-05 23:18 20648 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2017-11-05 23:18 . 2017-11-05 23:18 109736 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2017-11-05 23:18 . 2017-11-05 23:18 10592424 ----a-w- c:\program files\Mozilla Firefox\icudt55.dll
2017-11-05 23:18 . 2017-11-05 23:18 901288 ----a-w- c:\program files\Mozilla Firefox\icuuc55.dll
2017-11-05 23:18 . 2017-11-05 23:18 59560 ----a-w- c:\program files\Mozilla Firefox\lgpllibs.dll
2017-11-05 23:18 . 2017-11-05 23:18 1287848 ----a-w- c:\program files\Mozilla Firefox\icuin55.dll
2017-11-05 23:03 . 2017-11-05 23:03 -------- d-----w- c:\users\Dell Vostro 1000\AppData\Roaming\AVAST Software
2017-11-05 23:03 . 2017-11-05 23:03 -------- d-----w- c:\users\Dell Vostro 1000\AppData\Local\CEF
2017-11-05 23:00 . 2017-11-05 23:00 -------- d-----w- c:\program files\AVAST Software
2017-11-05 22:58 . 2017-11-05 23:59 -------- d-----w- c:\programdata\AVAST Software
2017-11-05 22:39 . 2017-11-05 22:39 0 ----a-w- c:\windows\ativpsrm.bin
2017-11-05 22:38 . 2017-11-05 22:38 -------- d-----w- c:\windows\Migration
2017-11-05 22:32 . 2017-11-05 22:36 -------- d-----w- c:\windows\system32\MRT
2017-11-05 22:32 . 2017-11-05 22:32 124059592 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2017-11-05 22:31 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2017-11-05 22:31 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-11-05 22:31 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2017-11-05 22:31 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2017-11-05 22:31 . 2016-06-25 15:43 301056 ----a-w- c:\windows\system32\EOSNotify.exe
2017-11-05 22:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2017-11-05 22:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2017-11-05 22:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2017-11-05 22:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2017-11-05 22:27 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2017-11-05 22:27 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2017-11-05 22:27 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2017-11-05 22:27 . 2012-06-02 23:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2017-11-05 22:27 . 2012-06-02 23:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2017-11-05 22:22 . 2017-11-07 02:13 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-11-05 22:22 . 2017-11-05 22:37 -------- d-----w- c:\programdata\RogueKiller
2017-11-05 22:22 . 2017-11-06 00:53 -------- d-----w- c:\program files\RogueKiller
2017-11-05 22:20 . 2017-11-07 01:57 221112 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-11-05 22:17 . 2017-11-07 02:48 -------- d-----w- C:\AdwCleaner
2017-11-05 21:52 . 2017-11-05 21:52 166848 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-11-05 21:52 . 2017-11-05 21:52 65824 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-11-05 21:52 . 2017-11-05 21:52 40352 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-11-05 21:51 . 2017-11-05 22:19 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-11-05 21:51 . 2017-11-05 21:51 -------- d-----w- c:\programdata\Malwarebytes
2017-11-05 21:51 . 2017-11-05 21:51 -------- d-----w- c:\program files\Malwarebytes
2017-11-05 21:51 . 2017-11-05 21:51 -------- d-----w- c:\users\Dell Vostro 1000\AppData\Local\Programs
2017-11-05 21:21 . 2017-11-05 21:21 -------- d-----w- c:\users\Dell Vostro 1000\AppData\Roaming\SUPERAntiSpyware.com
2017-11-05 21:20 . 2017-11-05 21:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2017-11-05 21:20 . 2017-11-05 21:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2017-11-05 21:19 . 2017-11-05 21:19 11282328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BFD8D9B-77E3-432E-A97F-B210B81F456F}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-07 00:40 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2017-11-05 23:18 . 2015-01-19 05:04 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-11-05 23:18 . 2013-01-17 02:24 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-11-05 23:01 1395224 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2017-10-18 7814656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-11-05 253344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2017-11-07 280576]
.
c:\users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-11-05 149824]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2017-11-05 5828816]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-11-05 42856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-11-05 255624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-11-05 783648]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-11-05 499560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2017-01-30 143776]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-11-05 124952]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-08-07 4430792]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2017-11-07 221112]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - TrueSight
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.iplay.com/?o=shp
mStart Page = hxxp://www.yahoo.com/?fr=fp-msgr
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dell Vostro 1000\AppData\Roaming\Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7ffa5f54-1c4f-46de-8576-c271a0dd482f} - c:\program files\iplay_en\encyclopediabritannicagamesbarX.dll
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{7ffa5f54-1c4f-46de-8576-c271a0dd482f} - c:\program files\iplay_en\encyclopediabritannicagamesbarX.dll
.

learninmypc · Nov 6, 2017

-------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_183_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_183_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-11-06 19:31:48
ComboFix-quarantined-files.txt 2017-11-07 03:31
.
Pre-Run: 39,707,619,328 bytes free
Post-Run: 39,643,930,624 bytes free
.
- - End Of File - - 27A94BDFE06B7FF0D055B1C0279FFC4C
A36C5E4F47E84449FF07ED3517B43A31

Broni · Nov 6, 2017

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

learninmypc · Nov 6, 2017

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Dell Vostro 1000 (06-11-2017 20:05:06)
Running from C:\Users\Dell Vostro 1000\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-01-16 14:10:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2096075369-1562336306-3977701488-500 - Administrator - Disabled)
Dell Vostro 1000 (S-1-5-21-2096075369-1562336306-3977701488-1000 - Administrator - Enabled) => C:\Users\Dell Vostro 1000
Guest (S-1-5-21-2096075369-1562336306-3977701488-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.11 - Belarc Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chainz 2 (remove only) (HKLM\...\Chainz 2) (Version: - )
Google Chrome (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Mahjongg XP Championship (HKLM\...\Mahjongg XP Championship) (Version: 1.0.0.0 - Selectsoft Publishing)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
RogueKiller version 12.11.22.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.22.0 - Adlice Software)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Wizard101 (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1214AFA4-0193-4FC1-8985-16987DD08DF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-05] (Adobe Systems Incorporated)
Task: {2E21B8FC-1E54-4FFA-BDAB-5683A018EAF7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-05] (AVAST Software)
Task: {989E8014-BCCC-45D8-B8E0-63350F68BF90} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2096075369-1562336306-3977701488-1000UA => C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D7F2F094-BF62-4110-8F97-4ABCC589A754} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {E59C7D5A-AF05-4418-A4B2-3D0C93F5B5BC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {F6A065CC-7C18-47EF-8DF8-95C196FED7A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2096075369-1562336306-3977701488-1000Core => C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FF04FCEF-94E1-46A9-BE3E-40680DC34237} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-11-05 15:01 - 2017-11-05 15:01 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-06 09:04 - 2017-11-06 09:04 - 005882552 _____ () C:\Program Files\AVAST Software\Avast\defs\17110602\algo.dll
2017-11-05 15:01 - 2017-11-05 15:02 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-11-05 13:51 - 2017-11-05 14:19 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-05 15:02 - 2017-11-05 15:02 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 000985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2009-06-10 13:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5A25D2B7-AC5B-4827-885F-29CE2BBCD4D5}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{17329B63-6CE0-4582-9854-5D058201EC5D}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B4A35576-0415-4E97-93C7-EEF37528577B}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{29771AFE-927E-47F3-8F54-38E0E20B633E}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{392A9535-3528-4A5A-8065-E56300CFB281}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{8C326535-4DEB-4DE7-8E6B-4CD39F1DD1BB}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{AD756112-0C14-426E-9E65-FC8E0AB7E7C2}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{F0F94A85-AF5C-4EA9-B636-8ED25998EFF3}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{D8A99544-AC3F-402D-8D13-69421B133529}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{835E6BED-5922-4310-923F-F0FB31F70C4F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{536E88D5-86E0-4D2E-86B3-205EC6E099D4}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D6A683A0-02CF-4BE4-BAFE-3404E8CF622F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{8794FBD0-8C35-4651-A8D4-9303945D1838}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{336BE5F0-6063-44D5-8C23-2C0538110C5A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B19A756E-1F8E-4D47-8668-199E1416D3B8}C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{BC31CD29-6714-4EE8-B120-88324804C0BD}C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe

==================== Restore Points =========================

06-11-2017 16:36:08 Windows 7 Service Pack 1
06-11-2017 16:54:32 Windows Update
06-11-2017 16:59:35 Windows Update
06-11-2017 17:44:27 Windows Update

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2017 04:52:58 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (1812) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (11/06/2017 04:42:26 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SENS Logon Subscription
Object description:
The HRESULT was 80070005.

Error: (11/06/2017 04:36:08 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4,0xc0000000,0x00000003,...).

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (11/06/2017 02:30:23 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SENS Logon Subscription
Object description:
The HRESULT was 80070005.

Error: (11/06/2017 10:38:25 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11 - 0000012C,0x00560034,0024CFC0,0,0024BFB8,4096,[0]).

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (11/05/2017 06:41:53 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (11/06/2017 07:29:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/06/2017 07:23:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/06/2017 07:19:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/06/2017 06:48:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2017 06:48:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2017 06:45:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2017 06:45:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2017 05:44:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (11/06/2017 04:59:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (11/06/2017 04:55:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 45%
Total physical RAM: 1918.05 MB
Available physical RAM: 1038.59 MB
Total Virtual: 3836.09 MB
Available Virtual: 2972.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:36.98 GB) NTFS
Drive d: (MAHJONGG XP) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

learninmypc · Nov 6, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Dell Vostro 1000 (administrator) on DELLVOSTRO1000 (06-11-2017 20:03:49)
Running from C:\Users\Dell Vostro 1000\Desktop
Loaded Profiles: Dell Vostro 1000 (Available Profiles: Dell Vostro 1000)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-05] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814656 2017-10-18] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2017-11-06] (Microsoft Corporation)
Startup: C:\Users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-08-19]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBF3435B-C76A-42D1-852D-9A863CF9543F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?fr=fp-msgr
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iplay.com/?o=shp
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {84AF6053-CBF5-4E3D-B2DD-C09F693A207D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=chr-msgr
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={CB85FC95-1FC2-42A5-8B0F-3EEC10E93E9E}&mid=677ec3b8565747d09fa7d16836984445-0609466699721699054b6aae37a8f7d5486a672c&lang=en&ds=AVG&pr=fr&d=2013-01-16 18:37:52&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-06-01] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dell Vostro 1000\AppData\Roaming\Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 [2017-11-06]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 -> Google
FF NetworkProxy: Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-30] (Adobe Systems, Inc.)
FF Plugin: @Oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dell Vostro 1000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-01-15] (mozilla.org)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-01-15]

learninmypc · Nov 6, 2017

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Slides) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-05]
CHR Extension: (Docs) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-05]
CHR Extension: (Google Drive) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Adguard AdBlocker) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-05]
CHR Extension: (YouTube) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Sheets) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-05]
StartMenuInternet: Google Chrome.TYRE6KKZI4WAYA4S2SQAD7ADIA - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-11-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-05] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255624 2017-11-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-11-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-11-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-11-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-11-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-11-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99560 2017-11-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-11-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [783648 2017-11-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [499560 2017-11-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [149824 2017-11-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [297840 2017-11-05] (AVAST Software)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-06] (Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 catchme; \??\C:\Users\DELLVO~1\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

learninmypc · Nov 6, 2017

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 19:31 - 2017-11-06 19:31 - 000012602 _____ C:\ComboFix.txt
2017-11-06 19:17 - 2017-11-06 19:31 - 000000000 ____D C:\Qoobox
2017-11-06 19:17 - 2017-11-06 19:30 - 000000000 ____D C:\Windows\erdnt
2017-11-06 19:17 - 2011-06-25 22:45 - 000256000 _____ C:\Windows\PEV.exe
2017-11-06 19:17 - 2010-11-07 09:20 - 000208896 _____ C:\Windows\MBR.exe
2017-11-06 19:17 - 2009-04-19 20:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-11-06 19:17 - 2000-08-30 16:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-11-06 19:17 - 2000-08-30 16:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-11-06 19:17 - 2000-08-30 16:00 - 000098816 _____ C:\Windows\sed.exe
2017-11-06 19:17 - 2000-08-30 16:00 - 000080412 _____ C:\Windows\grep.exe
2017-11-06 19:17 - 2000-08-30 16:00 - 000068096 _____ C:\Windows\zip.exe
2017-11-06 19:15 - 2017-11-06 19:15 - 005660403 ____R (Swearware) C:\Users\Dell Vostro 1000\Desktop\ComboFix.exe
2017-11-06 17:24 - 2017-11-06 17:24 - 000000000 __SHD C:\Windows\system32\%APPDATA%
2017-11-06 16:36 - 2017-11-06 16:36 - 000000000 ____D C:\Windows\system32\SPReview
2017-11-06 14:04 - 2017-11-06 14:05 - 000026984 _____ C:\Users\Dell Vostro 1000\Desktop\Addition.txt
2017-11-06 14:03 - 2017-11-06 20:04 - 000012340 _____ C:\Users\Dell Vostro 1000\Desktop\FRST.txt
2017-11-06 10:37 - 2017-11-06 10:37 - 000000000 ____D C:\Windows\system32\EventProviders
2017-11-06 10:32 - 2017-11-06 20:03 - 000000000 ____D C:\FRST
2017-11-06 10:32 - 2017-11-06 10:32 - 001799680 _____ (Farbar) C:\Users\Dell Vostro 1000\Desktop\FRST.exe
2017-11-06 09:50 - 2010-11-20 04:32 - 005066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2017-11-06 09:50 - 2010-11-20 04:30 - 001290112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-11-06 09:50 - 2010-11-20 04:30 - 001211264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-06 09:50 - 2010-11-20 04:30 - 000712576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-11-06 09:50 - 2010-11-20 04:30 - 000245632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2017-11-06 09:50 - 2010-11-20 04:30 - 000233344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-11-06 09:50 - 2010-11-20 04:30 - 000143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2017-11-06 09:50 - 2010-11-20 04:30 - 000117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2017-11-06 09:50 - 2010-11-20 04:29 - 000728448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-06 09:50 - 2010-11-20 04:29 - 000520064 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2017-11-06 09:50 - 2010-11-20 04:29 - 000014208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2017-11-06 09:50 - 2010-11-20 04:24 - 001288488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-11-06 09:50 - 2010-11-20 04:24 - 000508904 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-11-06 09:50 - 2010-11-20 04:21 - 012872192 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 011410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001667584 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001619456 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-11-06 09:50 - 2010-11-20 04:21 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001229824 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001175040 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001128448 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001115136 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001086976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 001010688 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000980992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000974336 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000870912 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000750592 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000626176 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000597504 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000521216 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000505856 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000492032 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000412160 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000376832 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000351232 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000283648 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000270848 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000253952 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000204800 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000136704 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2017-11-06 09:50 - 2010-11-20 04:21 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 001414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 001328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000988160 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000573440 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000547840 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2017-11-06 09:50 - 2010-11-20 04:20 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 010990080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 005977600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 003215872 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 003207680 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 002291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 002151936 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 002064384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 001698816 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 001493504 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 001401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 001038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000857600 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000804864 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000768512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000674304 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-11-06 09:50 - 2010-11-20 04:19 - 000606208 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000593408 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000566272 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000389120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-11-06 09:50 - 2010-11-20 04:19 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 002522624 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 001828352 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 001792000 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 001371136 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 001334272 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 001171456 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 001154048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 001076736 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000863744 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000546304 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000494592 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2017-11-06 09:50 - 2010-11-20 04:18 - 000485888 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000252928 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-11-06 09:50 - 2010-11-20 04:18 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2017-11-06 09:50 - 2010-11-20 04:17 - 003367424 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 002616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 001203200 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 001049600 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 001025536 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000322048 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000302592 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000286720 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000280576 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000267776 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2017-11-06 09:50 - 2010-11-20 04:17 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PushPrinterConnections.exe
2017-11-06 09:50 - 2010-11-20 02:24 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-11-06 09:50 - 2010-11-20 02:22 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2017-11-06 09:50 - 2010-11-20 02:22 - 000183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2017-11-06 09:50 - 2010-11-20 01:09 - 002329088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-06 09:50 - 2010-11-20 00:45 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-11-06 09:50 - 2010-11-20 00:44 - 000388096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-11-06 09:50 - 2010-11-20 00:44 - 000309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-11-06 09:50 - 2010-11-19 19:52 - 000419880 _____ C:\Windows\system32\locale.nls
2017-11-06 09:50 - 2010-11-04 18:20 - 000146852 _____ C:\Windows\system32\systemsf.ebd

learninmypc · Nov 6, 2017

I messed up & will have to re run & re post it.

learninmypc · Nov 6, 2017

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Dell Vostro 1000 (06-11-2017 20:34:59)
Running from C:\Users\Dell Vostro 1000\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-01-16 14:10:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2096075369-1562336306-3977701488-500 - Administrator - Disabled)
Dell Vostro 1000 (S-1-5-21-2096075369-1562336306-3977701488-1000 - Administrator - Enabled) => C:\Users\Dell Vostro 1000
Guest (S-1-5-21-2096075369-1562336306-3977701488-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.11 - Belarc Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chainz 2 (remove only) (HKLM\...\Chainz 2) (Version: - )
Google Chrome (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Mahjongg XP Championship (HKLM\...\Mahjongg XP Championship) (Version: 1.0.0.0 - Selectsoft Publishing)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
RogueKiller version 12.11.22.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.22.0 - Adlice Software)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Wizard101 (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwareby

learninmypc · Nov 6, 2017

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Dell Vostro 1000 (06-11-2017 20:34:59)
Running from C:\Users\Dell Vostro 1000\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-01-16 14:10:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2096075369-1562336306-3977701488-500 - Administrator - Disabled)
Dell Vostro 1000 (S-1-5-21-2096075369-1562336306-3977701488-1000 - Administrator - Enabled) => C:\Users\Dell Vostro 1000
Guest (S-1-5-21-2096075369-1562336306-3977701488-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.11 - Belarc Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chainz 2 (remove only) (HKLM\...\Chainz 2) (Version: - )
Google Chrome (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Mahjongg XP Championship (HKLM\...\Mahjongg XP Championship) (Version: 1.0.0.0 - Selectsoft Publishing)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
RogueKiller version 12.11.22.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.22.0 - Adlice Software)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Wizard101 (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021})

learninmypc · Nov 6, 2017

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Dell Vostro 1000 (06-11-2017 20:34:59)
Running from C:\Users\Dell Vostro 1000\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-01-16 14:10:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2096075369-1562336306-3977701488-500 - Administrator - Disabled)
Dell Vostro 1000 (S-1-5-21-2096075369-1562336306-3977701488-1000 - Administrator - Enabled) => C:\Users\Dell Vostro 1000
Guest (S-1-5-21-2096075369-1562336306-3977701488-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

learninmypc · Nov 6, 2017

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.11 - Belarc Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Chainz 2 (remove only) (HKLM\...\Chainz 2) (Version: - )
Google Chrome (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Mahjongg XP Championship (HKLM\...\Mahjongg XP Championship) (Version: 1.0.0.0 - Selectsoft Publishing)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
RogueKiller version 12.11.22.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.22.0 - Adlice Software)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Wizard101 (HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

learninmypc · Nov 6, 2017

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1214AFA4-0193-4FC1-8985-16987DD08DF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-05] (Adobe Systems Incorporated)
Task: {2E21B8FC-1E54-4FFA-BDAB-5683A018EAF7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-05] (AVAST Software)
Task: {989E8014-BCCC-45D8-B8E0-63350F68BF90} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2096075369-1562336306-3977701488-1000UA => C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D7F2F094-BF62-4110-8F97-4ABCC589A754} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {E59C7D5A-AF05-4418-A4B2-3D0C93F5B5BC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {F6A065CC-7C18-47EF-8DF8-95C196FED7A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2096075369-1562336306-3977701488-1000Core => C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FF04FCEF-94E1-46A9-BE3E-40680DC34237} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)

learninmypc · Nov 6, 2017

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-11-05 15:01 - 2017-11-05 15:01 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-06 09:04 - 2017-11-06 09:04 - 005882552 _____ () C:\Program Files\AVAST Software\Avast\defs\17110602\algo.dll
2017-11-05 15:01 - 2017-11-05 15:02 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-11-05 13:51 - 2017-11-05 14:19 - 001924552 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-05 15:02 - 2017-11-05 15:02 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 000985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2017-11-05 15:01 - 2017-11-05 15:01 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2009-06-10 13:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

learninmypc · Nov 6, 2017

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5A25D2B7-AC5B-4827-885F-29CE2BBCD4D5}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{17329B63-6CE0-4582-9854-5D058201EC5D}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B4A35576-0415-4E97-93C7-EEF37528577B}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{29771AFE-927E-47F3-8F54-38E0E20B633E}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{392A9535-3528-4A5A-8065-E56300CFB281}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{8C326535-4DEB-4DE7-8E6B-4CD39F1DD1BB}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{AD756112-0C14-426E-9E65-FC8E0AB7E7C2}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{F0F94A85-AF5C-4EA9-B636-8ED25998EFF3}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{D8A99544-AC3F-402D-8D13-69421B133529}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{835E6BED-5922-4310-923F-F0FB31F70C4F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{536E88D5-86E0-4D2E-86B3-205EC6E099D4}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D6A683A0-02CF-4BE4-BAFE-3404E8CF622F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{8794FBD0-8C35-4651-A8D4-9303945D1838}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{336BE5F0-6063-44D5-8C23-2C0538110C5A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B19A756E-1F8E-4D47-8668-199E1416D3B8}C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{BC31CD29-6714-4EE8-B120-88324804C0BD}C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell vostro 1000\appdata\local\google\chrome\application\chrome.exe

==================== Restore Points =========================

06-11-2017 16:36:08 Windows 7 Service Pack 1
06-11-2017 16:54:32 Windows Update
06-11-2017 16:59:35 Windows Update
06-11-2017 17:44:27 Windows Update

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2017 04:52:58 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (1812) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (11/06/2017 04:42:26 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SENS Logon Subscription
Object description:
The HRESULT was 80070005.

Error: (11/06/2017 04:36:08 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4,0xc0000000,0x00000003,...).

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (11/06/2017 02:30:23 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SENS Logon Subscription
Object description:
The HRESULT was 80070005.

Error: (11/06/2017 10:38:25 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11 - 0000012C,0x00560034,0024CFC0,0,0024BFB8,4096,[0]).

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/05/2017 06:41:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (11/05/2017 06:41:53 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (11/06/2017 07:29:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/06/2017 07:23:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/06/2017 07:19:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/06/2017 06:48:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2017 06:48:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2017 06:45:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2017 06:45:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2017 05:44:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (11/06/2017 04:59:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (11/06/2017 04:55:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 40%
Total physical RAM: 1918.05 MB
Available physical RAM: 1141.17 MB
Total Virtual: 3836.09 MB
Available Virtual: 2989.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:36.99 GB) NTFS
Drive d: (MAHJONGG XP) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: ED1F86F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

learninmypc · Nov 6, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Dell Vostro 1000 (administrator) on DELLVOSTRO1000 (06-11-2017 20:34:04)
Running from C:\Users\Dell Vostro 1000\Desktop
Loaded Profiles: Dell Vostro 1000 (Available Profiles: Dell Vostro 1000)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-05] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7814656 2017-10-18] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2017-11-06] (Microsoft Corporation)
Startup: C:\Users\Dell Vostro 1000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-08-19]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

learninmypc · Nov 6, 2017

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBF3435B-C76A-42D1-852D-9A863CF9543F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?fr=fp-msgr
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2096075369-1562336306-3977701488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iplay.com/?o=shp
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {84AF6053-CBF5-4E3D-B2DD-C09F693A207D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=chr-msgr
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={CB85FC95-1FC2-42A5-8B0F-3EEC10E93E9E}&mid=677ec3b8565747d09fa7d16836984445-0609466699721699054b6aae37a8f7d5486a672c&lang=en&ds=AVG&pr=fr&d=2013-01-16 18:37:52&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2096075369-1562336306-3977701488-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-06-01] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dell Vostro 1000\AppData\Roaming\Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 [2017-11-06]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 -> Google
FF NetworkProxy: Mozilla\Firefox\Profiles\ew85w4lr.default-1443471164890 -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-30] (Adobe Systems, Inc.)
FF Plugin: @Oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dell Vostro 1000\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2096075369-1562336306-3977701488-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dell Vostro 1000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-01-15] (mozilla.org)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2010-01-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2010-01-15]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/

learninmypc · Nov 6, 2017

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Slides) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-05]
CHR Extension: (Docs) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-05]
CHR Extension: (Google Drive) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Adguard AdBlocker) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-05]
CHR Extension: (YouTube) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Sheets) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-05]
StartMenuInternet: Google Chrome.TYRE6KKZI4WAYA4S2SQAD7ADIA - C:\Users\Dell Vostro 1000\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-30] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5828816 2017-11-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-05] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [255624 2017-11-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-11-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-11-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-11-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-11-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-11-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [99560 2017-11-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-11-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [783648 2017-11-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [499560 2017-11-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [149824 2017-11-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [297840 2017-11-05] (AVAST Software)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-06] (Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 catchme; \??\C:\Users\DELLVO~1\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Solved Infected W7 Pro

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 56,041 +516

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Posts: 9,679 +724

Similar threads