Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03 Ran by Sharon (12-11-2017 16:25:55) Running from C:\Users\Sharon\Desktop Windows 7 Professional Service Pack 1 (X64) (2017-10-23 02:51:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3754133454-3766197736-2095081909-500 - Administrator - Disabled) Guest (S-1-5-21-3754133454-3766197736-2095081909-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3754133454-3766197736-2095081909-1002 - Limited - Enabled) Sharon (S-1-5-21-3754133454-3766197736-2095081909-1001 - Administrator - Enabled) => C:\Users\Sharon ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.62 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.) Intel(R) Network Connections 22.7.18.0 (HKLM\...\PROSetDX) (Version: 22.7.18.0 - Intel) IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan) iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.) Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla) Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3754133454-3766197736-2095081909-1001\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-11] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-11] (AVAST Software) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-11] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-11] (AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {19C443AE-94E7-4601-9820-F3B694245637} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-11] (AVAST Software) Task: {1BA9BCCE-2D44-4774-B741-35CD8FAF7EB1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {20B7664E-F38F-4C90-9C0B-9FFDB408FC4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd) Task: {213640EE-C7F9-4D20-A40E-F447F9193E8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-22] (Google Inc.) Task: {6CD6103D-3991-402C-87CF-5EB4CEB3B25D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated) Task: {CFC7A65D-45E5-4C87-BF16-B544B8F221A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-22] (Google Inc.) Task: {DE8C2646-8E57-4DBA-95EC-AAFE3D4A9C18} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb ==================== Loaded Modules (Whitelisted) ============== 2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-10-18 23:51 - 2017-10-18 23:51 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll 2017-10-24 17:55 - 2017-10-04 12:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll 2017-11-11 18:08 - 2017-11-11 18:08 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll 2017-11-12 11:16 - 2017-11-12 11:16 - 005883064 _____ () C:\Program Files\AVAST Software\Avast\defs\17111200\algo.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-11-11 18:09 - 2017-11-11 18:09 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2017-10-23 06:45 - 2017-10-23 06:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-11-11 18:08 - 2017-11-11 18:08 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-10-30 19:51 - 2017-11-01 19:01 - 068211824 _____ () C:\Users\Sharon\AppData\Roaming\Spotify\libcef.dll 2017-09-26 20:22 - 2017-09-26 20:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll 2017-10-18 23:52 - 2017-10-18 23:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-10-18 23:52 - 2017-10-18 23:52 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-10-18 23:51 - 2017-10-18 23:51 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3754133454-3766197736-2095081909-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 75.75.76.76 - 75.75.75.75 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{506423B2-755F-4383-AD08-26A68C5739A6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{00D91CF5-8B8D-4313-93B3-E0D542D15839}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{AB2E8C01-4FC8-4F83-81D3-7AA811A13C27}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{07222C57-E865-41B6-8017-C4D2D549F887}C:\users\sharon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sharon\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{AB449CAE-B8BA-47D8-958D-92027F146832}C:\users\sharon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sharon\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{A34D0AE6-57D4-46D7-9162-92647999AAB5}C:\users\sharon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sharon\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{DEF45A91-5C61-4820-BFBD-7CB1FCD76DF9}C:\users\sharon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sharon\appdata\roaming\spotify\spotify.exe FirewallRules: [{3C4DE4AF-9A3F-4D34-8D2F-942EEC7DCFDE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{042C2E35-242D-457E-A5FD-90A83DF96640}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{73DDA556-FBE4-4695-8AE5-9FCF6B74F489}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{72CE9576-9558-4AC6-870F-CBF903E20ED3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B0BCEEE3-2BC0-4689-A61F-0D91BCCB00E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{437AF8A6-CD8E-4C7E-96DF-822D7942FEC3}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 04-11-2017 12:19:26 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 06-11-2017 21:49:58 Installed iTunes 06-11-2017 23:12:29 Installed iCloud ==================== Faulty Device Manager Devices ============= Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Broadcom USH Description: Broadcom USH Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Serial Port Description: PCI Serial Port Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P9700 @ 2.80GHz Percentage of memory in use: 56% Total physical RAM: 3983.9 MB Available physical RAM: 1745.94 MB Total Virtual: 7965.99 MB Available Virtual: 5592.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.94 GB) (Free:21.71 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: A42D04A3) Partition 1: (Active) - (Size=148.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================