WiredWX Hobby Weather ToolsLog in

 


Cleaning Son's Laptop of viruses, malware

2 posters

descriptionSolvedCleaning Son's Laptop of viruses, malware29th November 2017, 3:51 pm

more_horiz
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
Ran by Administrator (administrator) on NEWUSER-PC (29-11-2017 10:40:07)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: New User & Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Administrator\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-29] (AVAST Software)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-03-22] (Apple Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-914808374-759592663-328091246-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd)
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{73748022-E818-48DB-AB21-06430F24F6E5}: [NameServer] 76.73.7.75,107.6.133.7
Tcpip\..\Interfaces\{73748022-E818-48DB-AB21-06430F24F6E5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{94E21882-9300-4201-AB49-B77C93CC0691}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131189595039368748&GUID=FF7E1EFE-CF2D-49A9-BDC9-5BF3665BC833
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131189595039680749&GUID=FF7E1EFE-CF2D-49A9-BDC9-5BF3665BC833
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131189595039680749&GUID=FF7E1EFE-CF2D-49A9-BDC9-5BF3665BC833
HKU\S-1-5-21-914808374-759592663-328091246-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-914808374-759592663-328091246-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://outlook.live.com/owa/?path=/mail/AQMkADAwATIwMTAwAC0wMTI3LWNiNjItMDACLTAwCgAuAAADVVwnRb%2F%2ByUSv%2B010boFkFQEADTaWMq31aES4Uomoz7M4IAAAAgFUAAAA
HKU\S-1-5-21-914808374-759592663-328091246-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/?gws_rd=ssl#q=how+to+make+my+email+page+my+homepage+internet+explorer
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-914808374-759592663-328091246-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-15] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-07] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-914808374-759592663-328091246-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-15] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
FireFox:
========
FF DefaultProfile: se9kv7zw.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\se9kv7zw.default [2017-11-29]
FF Extension: (No Name) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\se9kv7zw.default\extensions\toolbar11367@freshy.com.xpi [not found]
FF Extension: (No Name) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\se9kv7zw.default\extensions\TidyNetwork@TidyNetwork [not found]
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\se9kv7zw.default\searchplugins\bing-avast.xml [2015-05-08]
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\se9kv7zw.default\searchplugins\Yahoo powered search.xml [2016-10-20]
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\se9kv7zw.default\searchplugins\yahoo-avast.xml [2015-03-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2011-09-29] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-09-16] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-29] (Google Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-03-23]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-11-29]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-08]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-08]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-20]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-08]
CHR Extension: (Bookmark Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-08]
CHR Extension: (avast! Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-20]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-08]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-08]
CHR HKLM\...\Chrome\Extension: [anacbkknplojdncnpbhfkkmecdjlmleg] - C:\Program Files\OApps\chrome-sl.crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
StartMenuInternet: Google Chrome.HW4BWTSX2CCN2Y5XYLY67PDS3M - C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5904136 2017-11-29] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-29] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S4 SCManager; C:\Program Files\SafeConnect\scManager.sys [176520 2012-11-19] (Impulse Point, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [157176 2017-11-29] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255616 2017-11-29] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157408 2017-11-29] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276728 2017-11-29] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50376 2017-11-29] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [65344 2017-01-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42848 2017-11-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124952 2017-11-29] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99560 2017-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70864 2017-11-29] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783136 2017-11-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [388760 2017-11-29] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [150848 2017-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [298360 2017-11-29] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-01] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167352 2017-11-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-11-29] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2017-11-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-29] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-11-29] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
S1 afdivuwu; \??\C:\Windows\system32\drivers\afdivuwu.sys [X]
S1 agbgyfat; \??\C:\Windows\system32\drivers\agbgyfat.sys [X]
S1 anspeouj; \??\C:\Windows\system32\drivers\anspeouj.sys [X]
S1 aojjsesl; \??\C:\Windows\system32\drivers\aojjsesl.sys [X]
S1 aonnczhl; \??\C:\Windows\system32\drivers\aonnczhl.sys [X]
S1 aoscdxio; \??\C:\Windows\system32\drivers\aoscdxio.sys [X]
S1 arxuykmj; \??\C:\Windows\system32\drivers\arxuykmj.sys [X]
S1 asmewgdv; \??\C:\Windows\system32\drivers\asmewgdv.sys [X]
S1 auraxxir; \??\C:\Windows\system32\drivers\auraxxir.sys [X]
S1 avafugts; \??\C:\Windows\system32\drivers\avafugts.sys [X]
S1 avsibhjp; \??\C:\Windows\system32\drivers\avsibhjp.sys [X]
S1 axnurzoh; \??\C:\Windows\system32\drivers\axnurzoh.sys [X]
S1 bfobislo; \??\C:\Windows\system32\drivers\bfobislo.sys [X]
S1 bgbooorc; \??\C:\Windows\system32\drivers\bgbooorc.sys [X]
S1 bjccjqpt; \??\C:\Windows\system32\drivers\bjccjqpt.sys [X]
S1 bjvodcyt; \??\C:\Windows\system32\drivers\bjvodcyt.sys [X]
S1 bqjgpqxt; \??\C:\Windows\system32\drivers\bqjgpqxt.sys [X]
S1 brsjhlwy; \??\C:\Windows\system32\drivers\brsjhlwy.sys [X]
S1 btpfgaqv; \??\C:\Windows\system32\drivers\btpfgaqv.sys [X]
S1 btwrjxme; \??\C:\Windows\system32\drivers\btwrjxme.sys [X]
S1 bvechhvl; \??\C:\Windows\system32\drivers\bvechhvl.sys [X]
S1 bxuxpvgn; \??\C:\Windows\system32\drivers\bxuxpvgn.sys [X]
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S1 cczgmozq; \??\C:\Windows\system32\drivers\cczgmozq.sys [X]
S1 cehcdifo; \??\C:\Windows\system32\drivers\cehcdifo.sys [X]
S1 cifofbyc; \??\C:\Windows\system32\drivers\cifofbyc.sys [X]
S1 circuygo; \??\C:\Windows\system32\drivers\circuygo.sys [X]
S1 cmxpfewc; \??\C:\Windows\system32\drivers\cmxpfewc.sys [X]
S1 cnvgnbky; \??\C:\Windows\system32\drivers\cnvgnbky.sys [X]
S1 cqvjmugj; \??\C:\Windows\system32\drivers\cqvjmugj.sys [X]
S1 cscgzzpq; \??\C:\Windows\system32\drivers\cscgzzpq.sys [X]
S1 cynslgqb; \??\C:\Windows\system32\drivers\cynslgqb.sys [X]
S1 dhktjafl; \??\C:\Windows\system32\drivers\dhktjafl.sys [X]
S1 diqsddfa; \??\C:\Windows\system32\drivers\diqsddfa.sys [X]
S1 dnaojagy; \??\C:\Windows\system32\drivers\dnaojagy.sys [X]
S1 dswjbcdh; \??\C:\Windows\system32\drivers\dswjbcdh.sys [X]
S1 dubridng; \??\C:\Windows\system32\drivers\dubridng.sys [X]
S1 ebmoqtri; \??\C:\Windows\system32\drivers\ebmoqtri.sys [X]
S1 ehlnzlyf; \??\C:\Windows\system32\drivers\ehlnzlyf.sys [X]
S1 emieplht; \??\C:\Windows\system32\drivers\emieplht.sys [X]
S1 ewnmtgzh; \??\C:\Windows\system32\drivers\ewnmtgzh.sys [X]
S1 ewvsiclk; \??\C:\Windows\system32\drivers\ewvsiclk.sys [X]
S1 fcbqkbes; \??\C:\Windows\system32\drivers\fcbqkbes.sys [X]
S1 fcegngzu; \??\C:\Windows\system32\drivers\fcegngzu.sys [X]
S1 fcfxcjxx; \??\C:\Windows\system32\drivers\fcfxcjxx.sys [X]
S1 fdlkbcuf; \??\C:\Windows\system32\drivers\fdlkbcuf.sys [X]
S1 fdwrshnk; \??\C:\Windows\system32\drivers\fdwrshnk.sys [X]
S1 ffontlzk; \??\C:\Windows\system32\drivers\ffontlzk.sys [X]
S1 ffqkjdol; \??\C:\Windows\system32\drivers\ffqkjdol.sys [X]
S1 fivxdpjk; \??\C:\Windows\system32\drivers\fivxdpjk.sys [X]
S1 flmfpbha; \??\C:\Windows\system32\drivers\flmfpbha.sys [X]
S1 fsflywfn; \??\C:\Windows\system32\drivers\fsflywfn.sys [X]
S1 gbsslhhy; \??\C:\Windows\system32\drivers\gbsslhhy.sys [X]
S1 gfjpcymu; \??\C:\Windows\system32\drivers\gfjpcymu.sys [X]
S1 ggtqidoi; \??\C:\Windows\system32\drivers\ggtqidoi.sys [X]
S1 ggyferpt; \??\C:\Windows\system32\drivers\ggyferpt.sys [X]
S1 gpockzrf; \??\C:\Windows\system32\drivers\gpockzrf.sys [X]
S1 gtqdpbaq; \??\C:\Windows\system32\drivers\gtqdpbaq.sys [X]
S1 gwuqhdpc; \??\C:\Windows\system32\drivers\gwuqhdpc.sys [X]
S1 hgzhzuuz; \??\C:\Windows\system32\drivers\hgzhzuuz.sys [X]
S1 hljgnucy; \??\C:\Windows\system32\drivers\hljgnucy.sys [X]
S1 hqmxqedq; \??\C:\Windows\system32\drivers\hqmxqedq.sys [X]
S1 idbsxlcs; \??\C:\Windows\system32\drivers\idbsxlcs.sys [X]
S1 iddwqvds; \??\C:\Windows\system32\drivers\iddwqvds.sys [X]
S1 ikzofkiq; \??\C:\Windows\system32\drivers\ikzofkiq.sys [X]
S1 ilsgsotq; \??\C:\Windows\system32\drivers\ilsgsotq.sys [X]
S1 irjrnkof; \??\C:\Windows\system32\drivers\irjrnkof.sys [X]
S1 itgqetir; \??\C:\Windows\system32\drivers\itgqetir.sys [X]
S1 iuaglmsv; \??\C:\Windows\system32\drivers\iuaglmsv.sys [X]
S1 ixushmeh; \??\C:\Windows\system32\drivers\ixushmeh.sys [X]
S1 janjmyrx; \??\C:\Windows\system32\drivers\janjmyrx.sys [X]
S1 jbhanhwq; \??\C:\Windows\system32\drivers\jbhanhwq.sys [X]
S1 jcrrchbm; \??\C:\Windows\system32\drivers\jcrrchbm.sys [X]
S1 jgrkyfrw; \??\C:\Windows\system32\drivers\jgrkyfrw.sys [X]
S1 jiqakcef; \??\C:\Windows\system32\drivers\jiqakcef.sys [X]
S1 jkhamied; \??\C:\Windows\system32\drivers\jkhamied.sys [X]
S1 jobyazcp; \??\C:\Windows\system32\drivers\jobyazcp.sys [X]
S1 jpitlgyr; \??\C:\Windows\system32\drivers\jpitlgyr.sys [X]
S1 jsozmxag; \??\C:\Windows\system32\drivers\jsozmxag.sys [X]
S1 kewgjmvr; \??\C:\Windows\system32\drivers\kewgjmvr.sys [X]
S1 kgjgxgfc; \??\C:\Windows\system32\drivers\kgjgxgfc.sys [X]
S1 kkrizifb; \??\C:\Windows\system32\drivers\kkrizifb.sys [X]
S1 kpcfnajf; \??\C:\Windows\system32\drivers\kpcfnajf.sys [X]
S1 kseupdmb; \??\C:\Windows\system32\drivers\kseupdmb.sys [X]
S1 kwnyscxx; \??\C:\Windows\system32\drivers\kwnyscxx.sys [X]
S1 kyguvgwn; \??\C:\Windows\system32\drivers\kyguvgwn.sys [X]
S1 lcudrefu; \??\C:\Windows\system32\drivers\lcudrefu.sys [X]
S1 lfikjbby; \??\C:\Windows\system32\drivers\lfikjbby.sys [X]
S1 lfodztlv; \??\C:\Windows\system32\drivers\lfodztlv.sys [X]
S1 lhuctkuw; \??\C:\Windows\system32\drivers\lhuctkuw.sys [X]
S1 lirpssca; \??\C:\Windows\system32\drivers\lirpssca.sys [X]
S1 loacqulo; \??\C:\Windows\system32\drivers\loacqulo.sys [X]
S1 lrkiqzpn; \??\C:\Windows\system32\drivers\lrkiqzpn.sys [X]
S1 lzcuyhqp; \??\C:\Windows\system32\drivers\lzcuyhqp.sys [X]
S1 lzhthtle; \??\C:\Windows\system32\drivers\lzhthtle.sys [X]
S1 mbchseag; \??\C:\Windows\system32\drivers\mbchseag.sys [X]
S1 mghdxudt; \??\C:\Windows\system32\drivers\mghdxudt.sys [X]
S1 mnaptwlo; \??\C:\Windows\system32\drivers\mnaptwlo.sys [X]
S1 mxytqmmp; \??\C:\Windows\system32\drivers\mxytqmmp.sys [X]
S1 mxzzbipw; \??\C:\Windows\system32\drivers\mxzzbipw.sys [X]
S1 mzgxmryv; \??\C:\Windows\system32\drivers\mzgxmryv.sys [X]
S1 ndzjaugg; \??\C:\Windows\system32\drivers\ndzjaugg.sys [X]
S1 neucxbpc; \??\C:\Windows\system32\drivers\neucxbpc.sys [X]
S1 nfyysmew; \??\C:\Windows\system32\drivers\nfyysmew.sys [X]
S1 ngralood; \??\C:\Windows\system32\drivers\ngralood.sys [X]
S1 ngrlzwrd; \??\C:\Windows\system32\drivers\ngrlzwrd.sys [X]
S1 nkgbdpyw; \??\C:\Windows\system32\drivers\nkgbdpyw.sys [X]
S1 nkjjcisc; \??\C:\Windows\system32\drivers\nkjjcisc.sys [X]
S1 noyomhol; \??\C:\Windows\system32\drivers\noyomhol.sys [X]
S1 nricvzas; \??\C:\Windows\system32\drivers\nricvzas.sys [X]
S1 ntckxetg; \??\C:\Windows\system32\drivers\ntckxetg.sys [X]
S1 ntcyzgnw; \??\C:\Windows\system32\drivers\ntcyzgnw.sys [X]
S1 nzagpeuk; \??\C:\Windows\system32\drivers\nzagpeuk.sys [X]
S1 obsdpjrz; \??\C:\Windows\system32\drivers\obsdpjrz.sys [X]
S1 obtqdeyu; \??\C:\Windows\system32\drivers\obtqdeyu.sys [X]
S1 obztevfy; \??\C:\Windows\system32\drivers\obztevfy.sys [X]
S1 ongdukcq; \??\C:\Windows\system32\drivers\ongdukcq.sys [X]
S1 ookfmgwl; \??\C:\Windows\system32\drivers\ookfmgwl.sys [X]
S1 oqoxyegi; \??\C:\Windows\system32\drivers\oqoxyegi.sys [X]
S1 owtngtiz; \??\C:\Windows\system32\drivers\owtngtiz.sys [X]
S1 oxvkjyyd; \??\C:\Windows\system32\drivers\oxvkjyyd.sys [X]
S1 pewmadkg; \??\C:\Windows\system32\drivers\pewmadkg.sys [X]
S1 phxtnroa; \??\C:\Windows\system32\drivers\phxtnroa.sys [X]
S1 pypbmsyc; \??\C:\Windows\system32\drivers\pypbmsyc.sys [X]
S1 pzlofker; \??\C:\Windows\system32\drivers\pzlofker.sys [X]
S1 qaxmljko; \??\C:\Windows\system32\drivers\qaxmljko.sys [X]
S1 qcezrzaw; \??\C:\Windows\system32\drivers\qcezrzaw.sys [X]
S1 qchkgadm; \??\C:\Windows\system32\drivers\qchkgadm.sys [X]
S1 qfhilepk; \??\C:\Windows\system32\drivers\qfhilepk.sys [X]
S1 qftfhebo; \??\C:\Windows\system32\drivers\qftfhebo.sys [X]
S1 qhknkfqk; \??\C:\Windows\system32\drivers\qhknkfqk.sys [X]
S1 qtvotjnt; \??\C:\Windows\system32\drivers\qtvotjnt.sys [X]
S1 quwhqura; \??\C:\Windows\system32\drivers\quwhqura.sys [X]
S1 rkferrej; \??\C:\Windows\system32\drivers\rkferrej.sys [X]
S1 rkgxfoov; \??\C:\Windows\system32\drivers\rkgxfoov.sys [X]
S1 rkuxirpn; \??\C:\Windows\system32\drivers\rkuxirpn.sys [X]
S1 rmndjgmd; \??\C:\Windows\system32\drivers\rmndjgmd.sys [X]
S1 rogknzxp; \??\C:\Windows\system32\drivers\rogknzxp.sys [X]
S1 rpqbhdbn; \??\C:\Windows\system32\drivers\rpqbhdbn.sys [X]
S1 rqdepymj; \??\C:\Windows\system32\drivers\rqdepymj.sys [X]
S1 rvolhsih; \??\C:\Windows\system32\drivers\rvolhsih.sys [X]
S1 rvraysee; \??\C:\Windows\system32\drivers\rvraysee.sys [X]
S1 sgghfzer; \??\C:\Windows\system32\drivers\sgghfzer.sys [X]
S1 sltfisdi; \??\C:\Windows\system32\drivers\sltfisdi.sys [X]
S1 spbigqyn; \??\C:\Windows\system32\drivers\spbigqyn.sys [X]
S1 srsbmlzi; \??\C:\Windows\system32\drivers\srsbmlzi.sys [X]
S1 stbasfjy; \??\C:\Windows\system32\drivers\stbasfjy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S1 tdnibiod; \??\C:\Windows\system32\drivers\tdnibiod.sys [X]
S1 thadkseq; \??\C:\Windows\system32\drivers\thadkseq.sys [X]
S1 thccjafx; \??\C:\Windows\system32\drivers\thccjafx.sys [X]
S1 tihmnqrf; \??\C:\Windows\system32\drivers\tihmnqrf.sys [X]
S1 tjxuyiha; \??\C:\Windows\system32\drivers\tjxuyiha.sys [X]
S1 toayjwnz; \??\C:\Windows\system32\drivers\toayjwnz.sys [X]
S1 tqnnagnl; \??\C:\Windows\system32\drivers\tqnnagnl.sys [X]
S1 tqpnjocd; \??\C:\Windows\system32\drivers\tqpnjocd.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S1 tzkzotja; \??\C:\Windows\system32\drivers\tzkzotja.sys [X]
S1 uclztmzh; \??\C:\Windows\system32\drivers\uclztmzh.sys [X]
S1 uidtdlbi; \??\C:\Windows\system32\drivers\uidtdlbi.sys [X]
S1 ujsppubm; \??\C:\Windows\system32\drivers\ujsppubm.sys [X]
S1 ukjbhzjs; \??\C:\Windows\system32\drivers\ukjbhzjs.sys [X]
S1 ushbmqhg; \??\C:\Windows\system32\drivers\ushbmqhg.sys [X]
S1 uwddgrpe; \??\C:\Windows\system32\drivers\uwddgrpe.sys [X]
S1 vaqrqnfr; \??\C:\Windows\system32\drivers\vaqrqnfr.sys [X]
S1 vervcinv; \??\C:\Windows\system32\drivers\vervcinv.sys [X]
S1 vfpluzdv; \??\C:\Windows\system32\drivers\vfpluzdv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 viybnrep; \??\C:\Windows\system32\drivers\viybnrep.sys [X]
S1 vngnmwur; \??\C:\Windows\system32\drivers\vngnmwur.sys [X]
S1 vnhsblqk; \??\C:\Windows\system32\drivers\vnhsblqk.sys [X]
S1 vpkjvrjb; \??\C:\Windows\system32\drivers\vpkjvrjb.sys [X]
S1 vupbwzhm; \??\C:\Windows\system32\drivers\vupbwzhm.sys [X]
S1 vuukbrru; \??\C:\Windows\system32\drivers\vuukbrru.sys [X]
S1 vuzmzvru; \??\C:\Windows\system32\drivers\vuzmzvru.sys [X]
S1 vwfpfvmo; \??\C:\Windows\system32\drivers\vwfpfvmo.sys [X]
S1 wbrapvjc; \??\C:\Windows\system32\drivers\wbrapvjc.sys [X]
S0 wfkeuy; System32\drivers\colxvtng.sys [X]
S1 wkmcbxsn; \??\C:\Windows\system32\drivers\wkmcbxsn.sys [X]
S1 wlcbottc; \??\C:\Windows\system32\drivers\wlcbottc.sys [X]
S1 wmtlgjvs; \??\C:\Windows\system32\drivers\wmtlgjvs.sys [X]
S1 wqwtxpaa; \??\C:\Windows\system32\drivers\wqwtxpaa.sys [X]
S1 wrhnrtrs; \??\C:\Windows\system32\drivers\wrhnrtrs.sys [X]
S1 wxllmhbq; \??\C:\Windows\system32\drivers\wxllmhbq.sys [X]
S1 xakbgcce; \??\C:\Windows\system32\drivers\xakbgcce.sys [X]
S1 xcvaytpk; \??\C:\Windows\system32\drivers\xcvaytpk.sys [X]
S1 xgvusuym; \??\C:\Windows\system32\drivers\xgvusuym.sys [X]
S1 xhcclinj; \??\C:\Windows\system32\drivers\xhcclinj.sys [X]
S1 xjrdofpg; \??\C:\Windows\system32\drivers\xjrdofpg.sys [X]
S1 xkdxpobt; \??\C:\Windows\system32\drivers\xkdxpobt.sys [X]
S1 xrbakghj; \??\C:\Windows\system32\drivers\xrbakghj.sys [X]
S1 xtfsoaxo; \??\C:\Windows\system32\drivers\xtfsoaxo.sys [X]
S1 yausplos; \??\C:\Windows\system32\drivers\yausplos.sys [X]
S1 yiudaent; \??\C:\Windows\system32\drivers\yiudaent.sys [X]
S1 yivzfage; \??\C:\Windows\system32\drivers\yivzfage.sys [X]
S1 yshprhfd; \??\C:\Windows\system32\drivers\yshprhfd.sys [X]
S1 yudvilad; \??\C:\Windows\system32\drivers\yudvilad.sys [X]
S1 zazuzpwo; \??\C:\Windows\system32\drivers\zazuzpwo.sys [X]
S1 zbplivgr; \??\C:\Windows\system32\drivers\zbplivgr.sys [X]
S1 zeomwijg; \??\C:\Windows\system32\drivers\zeomwijg.sys [X]
S1 zmhowvdu; \??\C:\Windows\system32\drivers\zmhowvdu.sys [X]
S1 zsjufcuf; \??\C:\Windows\system32\drivers\zsjufcuf.sys [X]
S1 zwwlgjka; \??\C:\Windows\system32\drivers\zwwlgjka.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-29 10:40 - 2017-11-29 10:43 - 000027568 _____ C:\Users\Administrator\Downloads\FRST.txt
2017-11-29 10:39 - 2017-11-29 10:40 - 000000000 ____D C:\FRST
2017-11-29 10:39 - 2017-11-29 10:39 - 001752064 _____ (Farbar) C:\Users\Administrator\Downloads\FRST (1).exe
2017-11-29 10:37 - 2017-11-29 10:38 - 001752064 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2017-11-29 10:30 - 2017-11-29 10:30 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-29 10:13 - 2017-11-29 10:14 - 008261584 _____ (Malwarebytes) C:\Users\Administrator\Downloads\AdwCleaner (1).exe
2017-11-29 09:46 - 2017-11-29 09:45 - 000157176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-29 09:46 - 2017-11-29 09:44 - 000276728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-11-29 09:46 - 2017-11-29 09:44 - 000255616 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-11-29 09:46 - 2017-11-29 09:44 - 000157408 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-11-29 09:46 - 2017-11-29 09:44 - 000050376 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-11-29 09:45 - 2017-11-29 09:44 - 000305328 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-29 08:52 - 2017-11-29 10:29 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-29 08:52 - 2017-11-29 10:29 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-29 08:52 - 2017-11-29 08:52 - 000167352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-29 08:51 - 2017-11-29 10:29 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-29 08:51 - 2017-11-29 08:51 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-29 08:51 - 2017-11-29 08:51 - 000001976 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-29 08:51 - 2017-11-29 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-29 08:51 - 2017-11-29 08:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-29 08:51 - 2017-11-01 08:54 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2017-11-29 08:50 - 2017-11-29 08:50 - 000000000 ____D C:\ProgramData\MB2Migration
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-29 10:42 - 2009-07-13 23:34 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-29 10:42 - 2009-07-13 23:34 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-29 10:29 - 2015-05-08 10:04 - 000000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-29 10:29 - 2012-10-14 13:29 - 000109864 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2017-11-29 10:27 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-29 10:24 - 2009-07-13 23:33 - 000411664 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-29 10:18 - 2015-01-04 13:58 - 000000000 ____D C:\AdwCleaner
2017-11-29 10:08 - 2013-06-10 18:39 - 000000000 ____D C:\Windows\system32\appmgmt
2017-11-29 10:05 - 2012-08-14 07:55 - 000000000 ____D C:\Program Files\Google
2017-11-29 09:56 - 2011-09-29 16:50 - 000414506 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-29 09:56 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2017-11-29 09:47 - 2011-09-29 17:20 - 000388760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-29 09:45 - 2014-09-15 08:21 - 000150848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-29 09:45 - 2014-09-15 08:21 - 000042848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-29 09:45 - 2013-08-10 14:43 - 000298360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-29 09:45 - 2013-08-10 14:43 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-29 09:45 - 2012-08-14 07:52 - 000099560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-29 09:45 - 2011-09-29 17:20 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-29 09:45 - 2011-09-29 17:19 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-29 09:44 - 2011-09-29 17:20 - 000783136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-29 09:27 - 2014-09-21 11:02 - 000000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000UA.job
2017-11-29 09:05 - 2016-09-21 12:32 - 000000000 _____ C:\Windows\system32\last.dump
2017-11-29 09:01 - 2009-07-13 23:53 - 000032698 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-29 08:51 - 2014-09-14 22:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-29 08:33 - 2017-01-06 18:54 - 000216584 _____ C:\Windows\ntbtlog.txt
2017-11-25 10:16 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\system32\NDF
Some files in TEMP:
====================
2016-12-15 01:06 - 2016-12-15 01:06 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Administrator\AppData\Local\temp\libeay32.dll
2016-12-15 01:06 - 2016-12-15 01:06 - 000970912 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\temp\msvcr120.dll
2016-12-15 01:06 - 2016-12-15 01:06 - 000772672 _____ () C:\Users\Administrator\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 11:19
==================== End of FRST.txt ============================

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware29th November 2017, 3:51 pm

more_horiz
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-11-2017
Ran by Administrator (29-11-2017 10:44:36)
Running from C:\Users\Administrator\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2011-09-29 21:45:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-914808374-759592663-328091246-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-914808374-759592663-328091246-501 - Limited - Disabled)
New User (S-1-5-21-914808374-759592663-328091246-1000 - Administrator - Enabled) => C:\Users\New User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{90B7F915-6343-43CE-9DA7-E79E5BAC6673}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iTunes (HKLM\...\{2F95FFC4-8624-43AB-8256-AA223555C9B7}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 7.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SafeConnect (HKLM\...\SafeConnect) (Version:  - )
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
V1 Home 2.0 (HKLM\...\{E75594A0-B088-4635-B4F6-99654B5DDF96}) (Version: 2.02.60 - Interactive Frontiers) Hidden
V1 Home 2.0 (HKLM\...\InstallShield_{E75594A0-B088-4635-B4F6-99654B5DDF96}) (Version: 2.02.60 - Interactive Frontiers)
VirtualDJ Home FREE (HKLM\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-29] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-29] (AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-29] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-29] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0173EBB3-98DE-453B-8F7C-82ABC8864129} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {105AD2DC-A07E-47C3-B144-54AE56702EBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {163C6419-C9C5-4201-9B87-DF49DD066867} - System32\Tasks\GoogleUpdateTaskMachineCore1d1642323d2d5ca => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
Task: {1A954678-31AF-44DF-8414-03BAC6FDABF7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1D98076D-C03A-4DEE-9E7F-77E9B97C02AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
Task: {3B9FD30D-C448-4B20-AE8A-881D251221CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {65CD980D-91D4-409F-86ED-4BE6DB3DAE9F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {6DB1446B-373A-4A46-9FE0-3EDAEB982C33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000UA => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {80983E01-7A9B-4228-85FF-AB8CE6D3EA4B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-29] (AVAST Software)
Task: {81634002-6FBE-4A09-AE8A-787880F3299F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
Task: {89E7EA40-0E97-424A-9BA9-C397D4EDB5D6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {B05EBA1F-C00F-48C7-BB63-078583C248B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000Core => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {DB5A3FBE-A721-4A71-A26A-51CEC18F8BEB} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {E318C06B-0B0B-4165-8509-E7F675DA4328} - System32\Tasks\SafeZone scheduled Autoupdate 1460942016 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d11c855d2a8437.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000Core.job => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000UA.job => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-11-29 09:44 - 2017-11-29 09:44 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-29 09:00 - 2017-11-29 09:00 - 005881920 _____ () C:\Program Files\AVAST Software\Avast\defs\17112900\algo.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-03-16 15:09 - 2017-03-16 15:09 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 15:09 - 2017-03-16 15:09 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-29 08:51 - 2017-11-01 08:54 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-29 08:51 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-09-29 17:16 - 2011-05-28 21:04 - 000140288 _____ () C:\Program Files\WinRAR\rarext.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 001041720 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-11-29 09:45 - 2017-11-29 09:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2016-03-24 16:56 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-914808374-759592663-328091246-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 76.73.7.75 - 107.6.133.7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SCManager => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SafeConnect.lnk => C:\Windows\pss\SafeConnect.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_DAC62E1DF9428531B98EE6591C69814E => "C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D6425704-1396-4985-B246-8C22051D29A7}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{24C83287-979B-49B5-987B-78E9CF0981CA}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{33C882E8-F1E9-4413-85C2-AC858D0931BB}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{EF80CE47-2EA5-4646-97DC-F65214B1D1D0}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{D988DDC9-E76F-4DB9-B64F-60F84759FE00}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{88A847E4-11FD-46FA-9929-CF7D1A349060}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{21756B1B-9803-4DA3-A3C5-A56A8FB81FE6}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{E29A9459-D883-42EA-AE05-68DA484EE5D4}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{235AD5BD-B8F4-4EB9-B83F-FE3F865B6B24}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{E145B21E-67C8-4052-B077-167C7540E22E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{FACD3676-4D46-495E-A5CD-9A1867AA6754}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{3C79ADE9-567E-4256-A6A0-C833D5BCD768}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{D41F1D47-A9D0-489E-9F2B-2EC95B55F623}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{2FA652B7-E220-458E-8CA0-77B4C84302E3}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{A1EC531A-E399-4CD1-9D86-3AEEA3CA60A9}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{3BC2B5C8-38A1-4C25-990E-32993648FEB7}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{ED4B9E65-13B8-4257-99B4-0E5DE75F2F6F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D1F3C2E6-F41C-45F8-87BF-B5BDC731E6AD}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{ED2D6F09-C80C-4DBE-92A4-D864DB7A5A03}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{70FCC767-8925-4327-AEB1-FF5B3C8DAD95}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9D07B2CF-6820-45F5-89E9-AB4DC25575DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EF52517F-B39D-4408-8623-8CCB6BEFA21D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C199A935-5051-4464-9280-81BC87C4F1EA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{689B7556-28AE-4948-9E9E-7F903CD8B241}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{402BF936-D692-4464-8CD5-261152F6F026}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2EC914D8-DD84-48DD-89FB-B656AA2CB1D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{59A2E2E5-94E8-4DD3-B08E-B172C8FB0810}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{39A21C9C-64EA-4935-94B1-5559B612A52E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
==================== Restore Points =========================
29-11-2017 10:06:56 Removed VirtualDJ Home FREE
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2017 10:06:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-914808374-759592663-328091246-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5d47b935-6cb9-4667-a1c4-c8c26d174f32}
Error: (11/29/2017 09:34:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-C2B8CF376B45A1393D87C14DA44530BD94FABDB6.bin.80 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-C2B8CF376B45A1393D87C14DA44530BD94FABDB6.bin.80
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (11/29/2017 09:34:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.10.209.0, time stamp: 0x582a87a4
Faulting module name: mpengine.dll, version: 1.1.13601.0, time stamp: 0x58c2d2a1
Exception code: 0xc0000006
Fault offset: 0x00568ba2
Faulting process id: 0x318
Faulting application start time: 0x01d36919aa53e89a
Faulting application path: c:\Program Files\Microsoft Security Client\MsMpEng.exe
Faulting module path: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27EA211A-1397-46CA-B18B-97DD4B2030C2}\mpengine.dll
Report Id: 5cee2cda-d512-11e7-911e-a4badb9f5786
Error: (11/29/2017 09:34:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\diagperf.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
Program: Host Process for Windows Services
File: C:\Windows\System32\diagperf.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (11/29/2017 09:34:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DPS, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: diagperf.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7ca
Exception code: 0xc0000006
Fault offset: 0x0001330d
Faulting process id: 0x13c
Faulting application start time: 0x01d36919f09c4fb4
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\system32\diagperf.dll
Report Id: 5c9906bb-d512-11e7-911e-a4badb9f5786
Error: (11/29/2017 09:11:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avastui.exe version 12.3.3154.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 934
Start Time: 01d3691a014b1256
Termination Time: 60000
Application Path: C:\Program Files\AVAST Software\Avast\avastui.exe
Report Id: fa6b5eba-d50e-11e7-911e-a4badb9f5786
Error: (11/29/2017 09:06:17 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\oleaut32.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.
Program: Windows Explorer
File: C:\Windows\System32\oleaut32.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (11/29/2017 09:06:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: OLEAUT32.dll, version: 6.1.7601.23569, time stamp: 0x57f7bb82
Exception code: 0xc0000006
Fault offset: 0x00028012
Faulting process id: 0x72c
Faulting application start time: 0x01d36919ead3b7ca
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\OLEAUT32.dll
Report Id: 76def98f-d50e-11e7-911e-a4badb9f5786
Error: (11/29/2017 08:51:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1247, time stamp: 0x59f37829
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x0018de83
Faulting process id: 0x824
Faulting application start time: 0x01d3691935c6a4ca
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 77ddcd9a-d50c-11e7-911e-a4badb9f5786
Error: (11/25/2017 10:17:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.
.

System errors:
=============
Error: (11/29/2017 10:32:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
Error: (11/29/2017 10:31:12 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{73748022-E818-48DB-AB21-06430F24F6E5}.
The backup browser is stopping.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

CodeIntegrity:
===================================
  Date: 2014-07-07 19:19:44.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-07-01 10:42:19.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-05-24 05:44:38.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-05-06 15:49:37.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-05-06 15:47:26.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-05-03 22:48:31.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-03-27 08:14:24.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-03-16 22:50:22.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-03-05 15:52:56.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-01-18 04:26:44.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 82%
Total physical RAM: 2008.36 MB
Available physical RAM: 342.7 MB
Total Virtual: 4056.36 MB
Available Virtual: 2434.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:330.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Tracy.Morgan.Bona.Fide.2014.HDTV) (CDROM) (Total:2.21 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1A0BF02E)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware29th November 2017, 3:53 pm

more_horiz
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-11-2017
Ran by Administrator (29-11-2017 10:44:36)
Running from C:\Users\Administrator\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2011-09-29 21:45:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-914808374-759592663-328091246-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-914808374-759592663-328091246-501 - Limited - Disabled)
New User (S-1-5-21-914808374-759592663-328091246-1000 - Administrator - Enabled) => C:\Users\New User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{90B7F915-6343-43CE-9DA7-E79E5BAC6673}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iTunes (HKLM\...\{2F95FFC4-8624-43AB-8256-AA223555C9B7}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 7.6.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
SafeConnect (HKLM\...\SafeConnect) (Version:  - )
SafeZone Stable 4.58.2552.909 (HKLM\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
V1 Home 2.0 (HKLM\...\{E75594A0-B088-4635-B4F6-99654B5DDF96}) (Version: 2.02.60 - Interactive Frontiers) Hidden
V1 Home 2.0 (HKLM\...\InstallShield_{E75594A0-B088-4635-B4F6-99654B5DDF96}) (Version: 2.02.60 - Interactive Frontiers)
VirtualDJ Home FREE (HKLM\...\{B515962D-C979-44AC-9912-F7BB499B4B2C}) (Version: 7.3 - Atomix Productions)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-29] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-29] (AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-29] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-29] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0173EBB3-98DE-453B-8F7C-82ABC8864129} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {105AD2DC-A07E-47C3-B144-54AE56702EBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {163C6419-C9C5-4201-9B87-DF49DD066867} - System32\Tasks\GoogleUpdateTaskMachineCore1d1642323d2d5ca => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
Task: {1A954678-31AF-44DF-8414-03BAC6FDABF7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1D98076D-C03A-4DEE-9E7F-77E9B97C02AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
Task: {3B9FD30D-C448-4B20-AE8A-881D251221CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {65CD980D-91D4-409F-86ED-4BE6DB3DAE9F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {6DB1446B-373A-4A46-9FE0-3EDAEB982C33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000UA => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {80983E01-7A9B-4228-85FF-AB8CE6D3EA4B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-29] (AVAST Software)
Task: {81634002-6FBE-4A09-AE8A-787880F3299F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
Task: {89E7EA40-0E97-424A-9BA9-C397D4EDB5D6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {B05EBA1F-C00F-48C7-BB63-078583C248B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000Core => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {DB5A3FBE-A721-4A71-A26A-51CEC18F8BEB} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {E318C06B-0B0B-4165-8509-E7F675DA4328} - System32\Tasks\SafeZone scheduled Autoupdate 1460942016 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d11c855d2a8437.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000Core.job => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-914808374-759592663-328091246-1000UA.job => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-11-29 09:44 - 2017-11-29 09:44 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-29 09:00 - 2017-11-29 09:00 - 005881920 _____ () C:\Program Files\AVAST Software\Avast\defs\17112900\algo.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-03-16 15:09 - 2017-03-16 15:09 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 15:09 - 2017-03-16 15:09 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-11-29 08:51 - 2017-11-01 08:54 - 001798608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-29 08:51 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-09-29 17:16 - 2011-05-28 21:04 - 000140288 _____ () C:\Program Files\WinRAR\rarext.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 001041720 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-11-29 09:45 - 2017-11-29 09:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-29 09:44 - 2017-11-29 09:44 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2016-03-24 16:56 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-914808374-759592663-328091246-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 76.73.7.75 - 107.6.133.7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SCManager => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SafeConnect.lnk => C:\Windows\pss\SafeConnect.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_DAC62E1DF9428531B98EE6591C69814E => "C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D6425704-1396-4985-B246-8C22051D29A7}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{24C83287-979B-49B5-987B-78E9CF0981CA}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{33C882E8-F1E9-4413-85C2-AC858D0931BB}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{EF80CE47-2EA5-4646-97DC-F65214B1D1D0}] => (Allow) C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{D988DDC9-E76F-4DB9-B64F-60F84759FE00}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{88A847E4-11FD-46FA-9929-CF7D1A349060}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{21756B1B-9803-4DA3-A3C5-A56A8FB81FE6}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{E29A9459-D883-42EA-AE05-68DA484EE5D4}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{235AD5BD-B8F4-4EB9-B83F-FE3F865B6B24}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{E145B21E-67C8-4052-B077-167C7540E22E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{FACD3676-4D46-495E-A5CD-9A1867AA6754}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{3C79ADE9-567E-4256-A6A0-C833D5BCD768}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{D41F1D47-A9D0-489E-9F2B-2EC95B55F623}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{2FA652B7-E220-458E-8CA0-77B4C84302E3}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{A1EC531A-E399-4CD1-9D86-3AEEA3CA60A9}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{3BC2B5C8-38A1-4C25-990E-32993648FEB7}] => (Allow) C:\Users\New User\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{ED4B9E65-13B8-4257-99B4-0E5DE75F2F6F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D1F3C2E6-F41C-45F8-87BF-B5BDC731E6AD}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{ED2D6F09-C80C-4DBE-92A4-D864DB7A5A03}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{70FCC767-8925-4327-AEB1-FF5B3C8DAD95}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9D07B2CF-6820-45F5-89E9-AB4DC25575DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EF52517F-B39D-4408-8623-8CCB6BEFA21D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C199A935-5051-4464-9280-81BC87C4F1EA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{689B7556-28AE-4948-9E9E-7F903CD8B241}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{402BF936-D692-4464-8CD5-261152F6F026}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2EC914D8-DD84-48DD-89FB-B656AA2CB1D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{59A2E2E5-94E8-4DD3-B08E-B172C8FB0810}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{39A21C9C-64EA-4935-94B1-5559B612A52E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
==================== Restore Points =========================
29-11-2017 10:06:56 Removed VirtualDJ Home FREE
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2017 10:06:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-914808374-759592663-328091246-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5d47b935-6cb9-4667-a1c4-c8c26d174f32}
Error: (11/29/2017 09:34:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-C2B8CF376B45A1393D87C14DA44530BD94FABDB6.bin.80 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-C2B8CF376B45A1393D87C14DA44530BD94FABDB6.bin.80
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (11/29/2017 09:34:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.10.209.0, time stamp: 0x582a87a4
Faulting module name: mpengine.dll, version: 1.1.13601.0, time stamp: 0x58c2d2a1
Exception code: 0xc0000006
Fault offset: 0x00568ba2
Faulting process id: 0x318
Faulting application start time: 0x01d36919aa53e89a
Faulting application path: c:\Program Files\Microsoft Security Client\MsMpEng.exe
Faulting module path: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27EA211A-1397-46CA-B18B-97DD4B2030C2}\mpengine.dll
Report Id: 5cee2cda-d512-11e7-911e-a4badb9f5786
Error: (11/29/2017 09:34:11 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\diagperf.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
Program: Host Process for Windows Services
File: C:\Windows\System32\diagperf.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (11/29/2017 09:34:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DPS, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: diagperf.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7ca
Exception code: 0xc0000006
Fault offset: 0x0001330d
Faulting process id: 0x13c
Faulting application start time: 0x01d36919f09c4fb4
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\system32\diagperf.dll
Report Id: 5c9906bb-d512-11e7-911e-a4badb9f5786
Error: (11/29/2017 09:11:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avastui.exe version 12.3.3154.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 934
Start Time: 01d3691a014b1256
Termination Time: 60000
Application Path: C:\Program Files\AVAST Software\Avast\avastui.exe
Report Id: fa6b5eba-d50e-11e7-911e-a4badb9f5786
Error: (11/29/2017 09:06:17 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\oleaut32.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.
Program: Windows Explorer
File: C:\Windows\System32\oleaut32.dll
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3
Error: (11/29/2017 09:06:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: OLEAUT32.dll, version: 6.1.7601.23569, time stamp: 0x57f7bb82
Exception code: 0xc0000006
Fault offset: 0x00028012
Faulting process id: 0x72c
Faulting application start time: 0x01d36919ead3b7ca
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\OLEAUT32.dll
Report Id: 76def98f-d50e-11e7-911e-a4badb9f5786
Error: (11/29/2017 08:51:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1247, time stamp: 0x59f37829
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x0018de83
Faulting process id: 0x824
Faulting application start time: 0x01d3691935c6a4ca
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 77ddcd9a-d50c-11e7-911e-a4badb9f5786
Error: (11/25/2017 10:17:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: with error: The data is invalid.
.

System errors:
=============
Error: (11/29/2017 10:32:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
Error: (11/29/2017 10:31:12 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{73748022-E818-48DB-AB21-06430F24F6E5}.
The backup browser is stopping.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (11/29/2017 10:29:35 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

CodeIntegrity:
===================================
  Date: 2014-07-07 19:19:44.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-07-01 10:42:19.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-05-24 05:44:38.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-05-06 15:49:37.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-05-06 15:47:26.776
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-05-03 22:48:31.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-03-27 08:14:24.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-03-16 22:50:22.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-03-05 15:52:56.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-01-18 04:26:44.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 82%
Total physical RAM: 2008.36 MB
Available physical RAM: 342.7 MB
Total Virtual: 4056.36 MB
Available Virtual: 2434.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:330.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Tracy.Morgan.Bona.Fide.2014.HDTV) (CDROM) (Total:2.21 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1A0BF02E)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware29th November 2017, 3:54 pm

more_horiz
He has a Dell Inspiron Laptop 32 bit w/ windows7 ultimate

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware29th November 2017, 4:46 pm

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The log shows that you have two AV's active on your computer; Avast and MicroSoft Security Essentials. One will have to be de-activated/uninstalled.
What makes you think that the computer is infected? What are the warning signs?

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

Cleaning Son's Laptop of viruses, malware AdwCleaner-icon

If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.

Cleaning Son's Laptop of viruses, malware Untitled

AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.

Cleaning Son's Laptop of viruses, malware 3

AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Cleaning Son's Laptop of viruses, malware Mbamicontw5 Download and install: Please download Malwarebytes' scanner to your desktop.
Double Click mbam-setup.exe to install the application.


  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)

*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware29th November 2017, 8:48 pm

more_horiz
Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Avast Antivirus                
Microsoft Security Essentials  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player  10.3.183.10 Flash Player out of Date! 
 Mozilla Firefox 35.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamtray.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast aswidsagent.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware29th November 2017, 8:59 pm

more_horiz
# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 29 15:19:16 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 7 Ultimate (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext|DisableAddonLoadTimePerformanceNotifications

***** [ Firefox (and derivatives) ] *****
SearchProvider deleted: search.findwide.com - Yahoo:

***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************
C:/AdwCleaner/AdwCleaner[C1].txt - [5341 B] - [2016/3/24 21:6:44]
C:/AdwCleaner/AdwCleaner[C2].txt - [4285 B] - [2017/1/7 4:41:42]
C:/AdwCleaner/AdwCleaner[S0].txt - [1071 B] - [2015/1/4 19:1:32]
C:/AdwCleaner/AdwCleaner[S1].txt - [9511 B] - [2015/3/6 23:48:0]
C:/AdwCleaner/AdwCleaner[S2].txt - [3871 B] - [2017/1/7 4:40:48]
C:/AdwCleaner/AdwCleaner[S3].txt - [1720 B] - [2017/11/29 15:18:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware29th November 2017, 9:11 pm

more_horiz
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/29/17
Scan Time: 8:52 AM
Log File: 95c61578-d50c-11e7-92b4-a4badb9f5786.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3372
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: NewUser-PC\Administrator
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357922
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 44 min, 8 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 3
PUP.Optional.PCAcceleratePro, C:\PROGRAM FILES\ARCORE\LAZYFILE.EXE, Quarantined, [1047], [399708],1.0.3372
PUP.Optional.ConvertAd, C:\USERS\NEW USER\DOWNLOADS\FREEPDFTABLETINSTALL.EXE, Quarantined, [376], [107221],1.0.3372
PUP.Optional.ConvertAd, C:\USERS\NEW USER\DOWNLOADS\FREEPDFTABLETINSTALL (1).EXE, Quarantined, [376], [107221],1.0.3372
Physical Sector: 0
(No malicious items detected)

(end)

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware29th November 2017, 11:06 pm

more_horiz
The Security log still shows two AV's active. This can cause problems with your computer. Please disable one or the other.
Please update FireFox.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
***********************************************************
ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

    Download and execute ESET OnlineScan (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
    Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

        Enable detection of potentially unwanted applications;
        Scan archives;
        Scan for potentially unsafe applications;
        Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;

   Cleaning Son's Laptop of viruses, malware Lilp6C2_1

    After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
   
Cleaning Son's Laptop of viruses, malware PbI6QoP_1
    Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
   
Cleaning Son's Laptop of viruses, malware IYk249p_1
    After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
   
Cleaning Son's Laptop of viruses, malware SQWS56I

    Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
   
Cleaning Son's Laptop of viruses, malware OkgGDKc_1

    Once you're done, click on the Back button;
    Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware30th November 2017, 4:52 pm

more_horiz
C:\AdwCleaner\Quarantine\C\Program Files\DefaultTab\DefaultTab.crx.vir a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Local\CRE\cmgpfphnpiiccdfhhcdalfgackcikmgh.crx.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\jmdp\SweetNT.crx.vir Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\NTSetup.exe.vir Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\SKSetup.exe.vir Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Player-Chrome (2).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome (3).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome (4).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome (5).exe a variant of Win32/AdWare.iBryte.AS application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome (6).exe a variant of Win32/AdWare.Agent.NNN application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome.exe a variant of Win32/AdWare.iBryte.AI application cleaned by deleting - quarantined
C:\Users\New User\Downloads\RealNWTSNG.zip.exe Win32/InstalleRex.K potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Rick.exe a variant of Win32/InstalleRex.P potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\setup (1).exe a variant of Win32/Bundlore.B potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\setup (2).exe a variant of Win32/Bundlore.B potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\setup.exe a variant of Win32/Bundlore.B potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Setup_V.171613690c.exe Win32/DomaIQ.L potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\SharebeastDownload (1).exe Win32/InstalleRex.J potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\T I - 24's.exe a variant of Win32/4Shared.C potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Trap_Lord-atrilli.net.zip.exe Win32/InstalleRex.J potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Trey Songz - Fades Away.exe a variant of Win32/4Shared.P potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\trzC12F.tmp Win32/InstalleRex.I potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Unconfirmed 702045.crdownload a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Unconfirmed 830230.crdownload a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Update (1).exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\New User\Downloads\update (2).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Update.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\New User\Downloads\{filedata}.exe a variant of Win32/AdWare.iBryte.Q application cleaned by deleting - quarantined
C:\Users\New User\Music\iTunes\iTunes Media\Automatically Add to iTunes\Not Added\2013-05-11 20.53.05\trz9746.tmp Win32/InstalleRex.I potentially unwanted application deleted - quarantined
C:\Users\New User\Music\iTunes\iTunes Media\Automatically Add to iTunes\Not Added\2013-05-15 18.41.49\09 kevin little - turn me on.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
C:\Users\New User\Music\iTunes\iTunes Media\Automatically Add to iTunes\Not Added\2013-05-15 18.41.49\t-pain - i'm sprung.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
C:\Windows\Installer\1af60197.msi a variant of Win32/SweetIM.L potentially unwanted application deleted - quarantined
C:\Windows\Installer\3ac372.msi a variant of Win32/Toolbar.Babylon.Q potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe Win64/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll Win64/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz146.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz5A31.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz7C60.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz88D8.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz9950.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trzB2BC.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trzB301.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trzBD97.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trzE8C6.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\mjcm\SweetNT.crx Win32/SweetIM.J potentially unwanted application deleted - quarantined

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware30th November 2017, 4:59 pm

more_horiz
Computer seems to be running good. The only thing is that when I boot it up it takes 10-15min. to get to the admin user and user icon Is there a way to fix that?

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware30th November 2017, 7:31 pm

more_horiz
And now can you post the ESET log?

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware30th November 2017, 7:56 pm

more_horiz
I posted log on end of page 1....here it is:

C:\AdwCleaner\Quarantine\C\Program Files\DefaultTab\DefaultTab.crx.vir a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Local\CRE\cmgpfphnpiiccdfhhcdalfgackcikmgh.crx.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\jmdp\SweetNT.crx.vir Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\NTSetup.exe.vir Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\SKSetup.exe.vir Win32/SweetIM.J potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Player-Chrome (2).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome (3).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome (4).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome (5).exe a variant of Win32/AdWare.iBryte.AS application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome (6).exe a variant of Win32/AdWare.Agent.NNN application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Player-Chrome.exe a variant of Win32/AdWare.iBryte.AI application cleaned by deleting - quarantined
C:\Users\New User\Downloads\RealNWTSNG.zip.exe Win32/InstalleRex.K potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Rick.exe a variant of Win32/InstalleRex.P potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\setup (1).exe a variant of Win32/Bundlore.B potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\setup (2).exe a variant of Win32/Bundlore.B potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\setup.exe a variant of Win32/Bundlore.B potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Setup_V.171613690c.exe Win32/DomaIQ.L potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\SharebeastDownload (1).exe Win32/InstalleRex.J potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\T I - 24's.exe a variant of Win32/4Shared.C potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Trap_Lord-atrilli.net.zip.exe Win32/InstalleRex.J potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Trey Songz - Fades Away.exe a variant of Win32/4Shared.P potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\trzC12F.tmp Win32/InstalleRex.I potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Unconfirmed 702045.crdownload a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Unconfirmed 830230.crdownload a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\New User\Downloads\Update (1).exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\New User\Downloads\update (2).exe a variant of Win32/AdWare.iBryte.AA application cleaned by deleting - quarantined
C:\Users\New User\Downloads\Update.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\New User\Downloads\{filedata}.exe a variant of Win32/AdWare.iBryte.Q application cleaned by deleting - quarantined
C:\Users\New User\Music\iTunes\iTunes Media\Automatically Add to iTunes\Not Added\2013-05-11 20.53.05\trz9746.tmp Win32/InstalleRex.I potentially unwanted application deleted - quarantined
C:\Users\New User\Music\iTunes\iTunes Media\Automatically Add to iTunes\Not Added\2013-05-15 18.41.49\09 kevin little - turn me on.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
C:\Users\New User\Music\iTunes\iTunes Media\Automatically Add to iTunes\Not Added\2013-05-15 18.41.49\t-pain - i'm sprung.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
C:\Windows\Installer\1af60197.msi a variant of Win32/SweetIM.L potentially unwanted application deleted - quarantined
C:\Windows\Installer\3ac372.msi a variant of Win32/Toolbar.Babylon.Q potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe Win64/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll Win64/Toolbar.DefaultTab.B potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz146.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz5A31.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz7C60.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz88D8.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trz9950.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trzB2BC.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trzB301.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trzBD97.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\trzE8C6.tmp Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe Win32/Toolbar.DefaultTab.E potentially unwanted application deleted - quarantined
C:\Windows\System32\mjcm\SweetNT.crx Win32/SweetIM.J potentially unwanted application deleted - quarantined

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware30th November 2017, 8:15 pm

more_horiz
Thanks. Please give me an update on your computer?

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware30th November 2017, 8:55 pm

more_horiz
Seems to be running good! Only need to get the 10-15minute boot up fixed.  Not sure why that is happening. Thank you !!!

descriptionSolvedRe: Cleaning Son's Laptop of viruses, malware

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum