Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Win32/Bundled.Toolbar.Google.D


  • This topic is locked This topic is locked
33 replies to this topic

#1 capricorntony13

capricorntony13

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 17 April 2016 - 07:06 PM

Hello,

 

I need help with an infected laptop. It had Vista on it, but I erased it a few times (3x sweep, DoD standard, with WipeDrive). I put Windows 7 on it. I cannot, for the life of me, get updates via Windows Update (same issue on Vista before the wipe, and after a few wipes). Upon scanning after wiping the drive, with ESET Online Scanner reveals 2 lilnes of Win32/Bundled.Toolbar.Google.D . I used Reimage PC Repair, and it found 'medium security' issues. It needed to reboot for the changes to take effect. I still have the virus. I am somehow re-infecting the computer, either with the USB drive that I am using to install Avira in the laptop just after the 7 OS is installed, or I never truly got rid of it. I tried a few programs to get rid of the virus, but I am at my wit's end. Please help. Thanks.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 18 April 2016 - 07:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 18 April 2016 - 11:57 AM

OK. This is the procedure that I followed.

·         I deleted my antivirus program, Avira, and removed my Ethernet cable to the laptop. All scanning programs were updates as of last night. I have no wireless connection to the laptop.

·         I then ran RKill, via a bunch of programs that I installed on a USB drive that I connected to the laptop. I did so on the laptop in Safe Mode ( no networking or command prompt ). I saved the text file, and here it is:

 

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/18/2016 11:08:27 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * BFE (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual
 
 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * NetBT (NetBT) is not Running.
   Startup Type set to: System
 
 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System
 
 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/18/2016 11:08:37 AM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)
 
 

 

·         I then started your suggestions, and ran MBAM, with rootkit scanning enabled. Via History and Application Logs, here is the text file called Scan Log:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/18/2016
Scan Time: 11:09 AM
Logfile: MBAM  - 041816 scan 02.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.17.06
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Carmela
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325203
Time Elapsed: 15 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

·         I then ran AdwCleaner. Yesterday, it picked up a false positive on a program that I used called ReImage PC Scan, or something like that ) this program detected a trouble, and tried to repair the trouble, only for the trouble to come back ). I deleted the program and had AdwCleaner erase the rest of it. Today’s scan found nothing wrong, and here is the text file:

 

 

# AdwCleaner v5.112 - Logfile created 18/04/2016 at 11:30:28
# Updated 17/04/2016 by Xplode
# Database : 2016-04-17.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Carmela - CARMELA-PC
# Running from : E:\adwcleaner_5.112.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S6].txt - [603 bytes] - [18/04/2016 11:30:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [675 bytes] ##########
 

 

 

·         I then downloaded Farberware onto my USB drive. I figured that the program will probably need updates before running, so I restarted the computer in Safe Mode with networking. I installed FRST onto the laptop. The updates were not needed, I guess, since I saw no option to update. After taking the Ethernet cable out of the laptop, I scanned and saved the test results. Here are the scan results, and the addition is in the attachment, by request.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by Carmela (administrator) on CARMELA-PC (18-04-2016 11:45:32)
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.22.41.126
Tcpip\..\Interfaces\{95647E9D-95B5-4C7A-9817-505063EDBBFD}: [DhcpNameServer] 172.22.41.126
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default\Extensions\abs@avira.com.xpi [2016-04-17]
 
Chrome: 
=======
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-17]
CHR Extension: (Google Docs) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-17]
CHR Extension: (Google Drive) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Google Sheets) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Gmail) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2016-04-17] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-17] (REALiX™)
S3 cpuz134; \??\C:\Users\Carmela\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-18 11:45 - 2016-04-18 11:45 - 00006247 _____ C:\Users\Carmela\Desktop\FRST.txt
2016-04-18 11:45 - 2016-04-18 11:39 - 02375680 _____ (Farbar) C:\Users\Carmela\Desktop\FRST64.exe
2016-04-18 11:40 - 2016-04-18 11:45 - 00000000 ____D C:\FRST
2016-04-18 11:06 - 2016-04-18 11:40 - 00078404 _____ C:\Windows\ntbtlog.txt
2016-04-18 11:02 - 2016-04-18 11:02 - 00012725 _____ C:\ComboFix.txt
2016-04-18 10:52 - 2016-04-18 11:44 - 00000000 ____D C:\Users\Carmela\Desktop\041816 scans
2016-04-17 21:14 - 2016-04-17 21:14 - 02870984 _____ (ESET) C:\Users\Carmela\Downloads\esetsmartinstaller_enu (1).exe
2016-04-17 20:33 - 2016-04-17 20:33 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Macromedia
2016-04-17 17:41 - 2009-06-10 16:35 - 00145792 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys
2016-04-17 17:06 - 2016-04-17 19:59 - 00012710 _____ C:\Windows\system32\Native.exe
2016-04-17 16:44 - 2016-04-17 16:44 - 00771736 _____ (Reimage) C:\Users\Carmela\Downloads\ReimageRepair (1).exe
2016-04-17 13:54 - 2016-04-18 11:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-17 13:50 - 2016-04-17 13:50 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-17 13:50 - 2016-04-17 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-17 13:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 13:50 - 2016-04-17 13:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-17 13:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-17 13:50 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-17 13:30 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-17 13:30 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-17 13:30 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-17 13:30 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-17 13:30 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-17 13:30 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-17 13:30 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-17 13:30 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-17 13:26 - 2016-04-18 11:02 - 00000000 ____D C:\Qoobox
2016-04-17 13:25 - 2016-04-17 13:35 - 00000000 ____D C:\Windows\erdnt
2016-04-17 13:02 - 2016-04-17 13:02 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Adobe
2016-04-17 12:57 - 2016-04-18 11:30 - 00000000 ____D C:\AdwCleaner
2016-04-17 12:27 - 2016-04-17 12:27 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-17 12:26 - 2016-04-17 12:26 - 02870984 _____ (ESET) C:\Users\Carmela\Downloads\esetsmartinstaller_enu.exe
2016-04-17 12:09 - 2016-04-17 17:34 - 02621952 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-17 12:09 - 2016-04-17 17:34 - 02420736 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-17 12:09 - 2016-04-17 17:34 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-17 12:09 - 2016-04-17 17:34 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-04-17 12:09 - 2016-04-17 17:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-17 12:09 - 2016-04-17 17:34 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-17 12:09 - 2016-04-17 17:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-17 12:09 - 2016-04-17 17:34 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-04-17 11:57 - 2016-04-17 11:30 - 00000000 ____D C:\Windows\Panther
2016-04-17 11:57 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-04-17 11:57 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-04-17 11:57 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-04-17 11:57 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-04-17 11:57 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-04-17 11:57 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-04-17 11:57 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-04-17 11:57 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-04-17 11:57 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-04-17 11:57 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-04-17 11:57 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-04-17 11:57 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-04-17 11:57 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-04-17 11:57 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-04-17 11:57 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-04-17 11:57 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-04-17 11:57 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-04-17 11:57 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-04-17 11:57 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-04-17 11:57 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-04-17 11:57 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-04-17 11:57 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-04-17 11:57 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-04-17 11:57 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-04-17 11:56 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-04-17 11:56 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-04-17 11:56 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-04-17 11:56 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-04-17 11:56 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-04-17 11:56 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-04-17 11:56 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-04-17 11:56 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-04-17 11:56 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-04-17 11:56 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-04-17 11:56 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-04-17 11:56 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-04-17 11:56 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-04-17 11:56 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-04-17 11:56 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-04-17 11:56 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-04-17 11:56 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-04-17 11:56 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-04-17 11:56 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-04-17 11:56 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-04-17 11:56 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-04-17 11:56 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-04-17 11:56 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-04-17 11:56 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-04-17 11:56 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-04-17 11:56 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-04-17 11:56 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-04-17 11:56 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-04-17 11:56 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-04-17 11:56 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-04-17 11:56 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-04-17 11:56 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-04-17 11:56 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-04-17 11:56 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-04-17 11:56 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-04-17 11:56 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-04-17 11:56 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-04-17 11:56 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-04-17 11:56 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-04-17 11:56 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-04-17 11:56 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-04-17 11:56 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-04-17 11:56 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-04-17 11:56 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-04-17 11:56 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-04-17 11:56 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-04-17 11:56 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-04-17 11:56 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-04-17 11:56 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-04-17 11:56 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-04-17 11:56 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-04-17 11:56 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-04-17 11:56 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-04-17 11:56 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-04-17 11:56 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-04-17 11:56 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-04-17 11:56 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-04-17 11:56 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-04-17 11:56 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-04-17 11:56 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-04-17 11:56 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-04-17 11:56 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-04-17 11:56 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-04-17 11:56 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-04-17 11:56 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-04-17 11:56 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-04-17 11:56 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-04-17 11:56 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-04-17 11:56 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-04-17 11:56 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-04-17 11:56 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-04-17 11:56 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-04-17 11:56 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-04-17 11:56 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-04-17 11:56 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-04-17 11:56 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-04-17 11:56 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-04-17 11:56 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-04-17 11:56 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-04-17 11:56 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-04-17 11:56 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-04-17 11:56 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-04-17 11:56 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-04-17 11:56 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-04-17 11:56 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-04-17 11:56 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-04-17 11:56 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-04-17 11:56 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-04-17 11:56 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-04-17 11:56 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-04-17 11:56 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-04-17 11:56 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-04-17 11:56 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-04-17 11:56 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-04-17 11:56 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-04-17 11:56 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-04-17 11:56 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-04-17 11:56 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-04-17 11:56 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-04-17 11:56 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-04-17 11:56 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-04-17 11:56 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-04-17 11:56 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-04-17 11:56 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-04-17 11:56 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-04-17 11:56 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-04-17 11:56 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-04-17 11:56 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-04-17 11:56 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-04-17 11:56 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-04-17 11:56 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-04-17 11:56 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-04-17 11:56 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-04-17 11:56 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-04-17 11:56 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-04-17 11:56 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-04-17 11:56 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-04-17 11:56 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-04-17 11:56 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-04-17 11:56 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-04-17 11:56 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-04-17 11:56 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-04-17 11:56 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-04-17 11:56 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-04-17 11:56 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-04-17 11:56 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-04-17 11:56 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-04-17 11:56 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-04-17 11:56 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-04-17 11:56 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-04-17 11:56 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-04-17 11:56 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-04-17 11:56 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-04-17 11:56 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-04-17 11:56 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-04-17 11:56 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-04-17 11:56 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-04-17 11:56 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-04-17 11:56 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-04-17 11:56 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-04-17 11:54 - 2016-04-17 18:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 11:54 - 2016-04-17 11:54 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-17 11:54 - 2016-04-17 11:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-17 11:54 - 2016-04-17 11:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-17 11:54 - 2016-04-17 11:54 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-04-17 11:54 - 2016-04-17 11:54 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-17 11:52 - 2016-04-17 17:34 - 02643456 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-04-17 11:52 - 2016-04-17 17:34 - 02134016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-04-17 11:52 - 2016-04-17 17:34 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-04-17 11:52 - 2016-04-17 17:34 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-04-17 11:52 - 2016-04-17 17:34 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-04-17 11:52 - 2016-04-17 17:34 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-04-17 11:52 - 2016-04-17 17:34 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-04-17 11:52 - 2016-04-17 17:34 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-04-17 11:52 - 2013-01-13 17:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-04-17 11:52 - 2013-01-13 17:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-04-17 11:52 - 2013-01-13 17:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-04-17 11:52 - 2013-01-13 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-04-17 11:52 - 2013-01-13 16:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-04-17 11:52 - 2013-01-13 16:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-04-17 11:52 - 2013-01-13 16:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-04-17 11:52 - 2013-01-13 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01267712 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01076736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01030144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 01010688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00870912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00573952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00280576 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2016-04-17 11:51 - 2016-04-17 17:34 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-04-17 11:51 - 2013-01-13 17:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-04-17 11:51 - 2013-01-13 17:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-04-17 11:51 - 2013-01-13 17:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-04-17 11:51 - 2013-01-13 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2016-04-17 11:51 - 2013-01-13 17:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-04-17 11:51 - 2013-01-13 16:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-04-17 11:51 - 2013-01-13 16:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-04-17 11:51 - 2013-01-13 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-04-17 11:51 - 2013-01-13 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-04-17 11:51 - 2013-01-13 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 27646720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64H.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 03300528 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 01999640 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 01986048 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 01161336 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 00876544 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00739328 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO32.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 00688648 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2016-04-17 11:48 - 2016-04-17 11:48 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 00554496 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMTHX32.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64H.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00388096 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 00248952 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64H.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00123512 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64H.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00095352 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00092280 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00086016 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00083968 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64H.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00070776 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPLD64.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 00055416 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2016-04-17 11:48 - 2016-04-17 11:48 - 00053760 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPCN64.DLL
2016-04-17 11:48 - 2016-04-17 11:48 - 00030728 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2016-04-17 11:48 - 2016-04-17 11:48 - 00027768 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2016-04-17 11:48 - 2016-04-17 11:48 - 00000000 ____D C:\Windows\system32\SRSLabs
2016-04-17 11:48 - 2016-04-17 11:48 - 00000000 ____D C:\Program Files\VIA
2016-04-17 11:43 - 2016-04-17 11:43 - 00064040 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\L1E62x64.sys
2016-04-17 11:36 - 2016-04-17 11:36 - 00000000 ____D C:\Windows\IObit
2016-04-17 11:35 - 2016-04-17 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-04-17 11:35 - 2016-04-17 13:11 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\IObit
2016-04-17 11:35 - 2016-04-17 13:11 - 00000000 ____D C:\ProgramData\IObit
2016-04-17 11:35 - 2016-04-17 13:11 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-17 11:35 - 2016-04-17 11:36 - 00000000 ____D C:\Users\Carmela\AppData\LocalLow\IObit
2016-04-17 11:35 - 2016-04-17 11:35 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-04-17 11:31 - 2016-04-17 11:31 - 14982312 _____ (IObit ) C:\Users\Carmela\Downloads\driver_booster_setup.exe
2016-04-17 11:28 - 2016-04-17 11:28 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-17 11:28 - 2016-04-17 11:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-17 11:28 - 2016-04-17 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-17 11:28 - 2016-04-17 11:28 - 00000000 ____D C:\Program Files\CCleaner
2016-04-17 11:15 - 2016-04-17 11:15 - 00771736 _____ (Reimage) C:\Users\Carmela\Downloads\ReimageRepair.exe
2016-04-17 11:11 - 2016-04-17 11:11 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 11:11 - 2016-04-17 11:11 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 11:10 - 2016-04-18 09:58 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 11:10 - 2016-04-17 18:15 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 11:10 - 2016-04-17 11:10 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-17 11:10 - 2016-04-17 11:10 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-17 11:06 - 2016-04-17 11:06 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Mozilla
2016-04-17 11:02 - 2016-04-17 11:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-17 11:01 - 2016-04-17 20:22 - 00001620 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-17 11:01 - 2016-04-17 20:22 - 00001441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-17 11:01 - 2016-04-17 16:40 - 00000000 ____D C:\Users\Carmela\AppData\Local\Google
2016-04-17 10:55 - 2016-04-17 10:55 - 00057560 _____ C:\Users\Carmela\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-17 10:54 - 2016-04-17 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-17 10:54 - 2016-04-17 21:15 - 00000000 ____D C:\ProgramData\Avira
2016-04-17 10:54 - 2016-04-17 11:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-17 10:54 - 2016-04-17 11:05 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-17 10:54 - 2016-04-17 10:54 - 00001206 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-17 10:54 - 2016-04-17 10:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-04-17 10:53 - 2016-04-17 10:53 - 00001409 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-17 10:52 - 2016-04-17 10:53 - 00001443 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 10:52 - 2016-04-17 10:52 - 00000020 ___SH C:\Users\Carmela\ntuser.ini
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\My Documents
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Videos
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Pictures
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Music
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 ____D C:\Users\Carmela\AppData\Local\VirtualStore
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 ____D C:\Users\Carmela
2016-04-17 10:52 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Media Center Programs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-18 11:42 - 2009-07-14 01:13 - 00764528 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-18 11:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-18 11:00 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-04-18 10:03 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-18 10:03 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-18 09:58 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-17 20:22 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-17 17:46 - 2009-07-14 00:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-17 17:41 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-17 17:34 - 2010-11-20 23:25 - 05980672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-17 17:34 - 2010-11-20 23:25 - 00716800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 08995328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 03129344 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-17 17:34 - 2010-11-20 23:24 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00612864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00294400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-17 17:34 - 2010-11-20 23:24 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-17 17:34 - 2009-07-13 19:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-17 17:34 - 2009-07-13 19:42 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-17 13:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-17 11:57 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-17 11:50 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-17 11:01 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-17 11:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-17 10:58
 
==================== End of FRST.txt ============================

 

·         While still in Safe Mode with networking, and no connection, I ran ComboFix. I can post those results upon request. (In fact, I deleted my Avira Antivirus because when I run ComboFix, it sees the antivirus, and I have no way to disable it in a fashion that ComboFix is satisfied with. This is why all scans are done without internetworking capabilities).

 

·         I then had a hankering to run HiJack This. But, before I did, I wanted to run SuperAntiSpyware. I didn’t have it. I downloaded it to the USB drive, and ran it on the laptop. Before I ran scans, I plugged in the Ethernet cable and made sure that virus definitions were up to date. I unplugged the Ethernet cable, and browsed through the program. I found a scan called System Investigator. Results are available upon request.

 

·         I then ran a SuperAntiSpyware Complete Scan. Results available upon request.

 

·         Finally, I ran HiJack This, and saved the log file. Results available upon request. I also want to add that I updated the drivers on this laptop by downloading Iobit’s Driver Booster 3.3 and deleting it after it was done.  

 

Thank you again for helping me with this issue. I appreciate it.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 18 April 2016 - 12:22 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.


p.s.
The Farbar tools gives me all I need to see.

#5 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 18 April 2016 - 11:45 PM

The problem that persists with this computer is as such: when it had Vista, it suddenly could not download from Windows Update, to the degree that a Windows Update scan would start, and continue, for hours on end, and keep spinning. After a few times of the computer being erased and Windows 7 being installed, the issue keeps popping back up.

 

FixLog details below:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by Carmela (2016-04-18 23:41:32) Run:1
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <=======
ATTENTION
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3585697871-321451975-2683442688-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 11.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:41:36 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 19 April 2016 - 06:24 AM

Lets reset and repair important services.

Please Download Tweaking.com - Windows Repair from Here

  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    13 - Repair Winsock & DNS Cache
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===


#7 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 19 April 2016 - 02:00 PM

I did all as told. I forgot to get the log files before restarting. After restarting, it did so in normal operating mode. I opened the Tweaking program, and clicked on Open Log. A new problem arose....the computer slowed down considerably. I restarted in Safe Mode and accesses all logs, Pre-Scan first, then the rest. I tried to make a big post first in Word and then copy-and-paste it here. The file was 147 pages long, so I am attaching it with this reply. .........OK....I tried to upload as a Word doc (docx), but that didn't work, so I made a txt file for attahcment. 

 

Attached File  tweaking program error log files.txt   219.97KB   1 downloads



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 20 April 2016 - 06:59 AM

Many of the reset failed.

Not knowing in what state you computer is at the moment I suggest your restart your computer in Normal mode one more time.

If that does not help please restore your computer using the restore point created the firs time you executed the fix.

Let me know how the computer is running.

p.s.
Since the Windows 7 up grade has possibly failed it might be required that you restore you computer to a date prior to the installation of the Windows 7 upgrade(s).

Keep me posted.

#9 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 20 April 2016 - 12:22 PM

I have started my computer in normal mode one more time. The trouble of slowness disappeared. 
 
In terms of the trouble with the Windows Updates not updating and freezing upon loading, that is an issue that I would still like to try to solve. 
 
I have run System Restore to the earliest point on its list, which was a few days ago, just after Driver Booster installed Adobe Flash Active X. I restarted the computer in Safe Mode with Networking. I ran ESET Online scanner, and it found 2 cases of Win32/Bundled.Toolbar.Google.D. It labelled it as a potentially unsafe application. It was on 2 files: C:\users\Carmela\downloads\ccsetup516.exe, and C:\users\Carmela\downloads\ccsetup516(1).exe. I exported the findings to a text file. When it detected this, a flag popped up in the lower right side of the screen. I clicked on the flag, and it gave me 2 alerts. One was to set up a backup ( which I knew about ), and the new alert was to turn on windows security center. i clicked on it to try that, and it says that the windows security center can't be started.  I then unplugged the Ethernet cable, shut down the computer, unplugged its power, hit the power button a few times, and restarted in Safe Mode with Networking, and re-installed the Ethernet cable to see the condition of it. After about a minute, the 2 flags popped back up. I could re-do the steps from earlier, using FRST and the fix file, then the tweaking program, and see what happens. However, I am awaiting your direction. 

Edited by capricorntony13, 20 April 2016 - 12:24 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 20 April 2016 - 12:39 PM

Run the Farbar tool one more time.
Make sure the box to create a new Addition.txt file is marked.

Post both logs.

Do you have any problems running the computer in Normal Mode?

#11 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 20 April 2016 - 09:11 PM

Running the computer in normal mode, runs fine, with the exception that I cannot get Microsoft updates on it at all, especially after putting in a brand new OS. And, I do not believe that my internet connection between the computer and the router is secure because of the known virus.

 

I decided to try something. I ran FRST 4 times, just the scan, no fix file or anything. Once, in Safe Mode only. Once in Safe Mode with Networking, with an internet connection. Once, in regular mode without an internet connection. Last, in regular mode with an internet connection. I am posting the scan log and the addition log of all 4. The first 4 are the scan logs and the last 4 are the addition logs, for comparison reasons. The order is as such: FRST in Safe Mode, FRST in Safe Mode with Networking, FRST in Regular Mode w/o internet, FRST WITH internet, Addition log in Safe Mode, Addition log in Safe Mode with Networking, Addition log in Regualr Mode w/o internet, Addition log in Regular Mode WITH internet. I bullet-pointed between all entries for organization.  Upon request, I can re-run the scan WITH the fix that you gave me last time and post the results as well.

 

 

 

 

 

  • FRST log file in Safe Mode only:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by Carmela (administrator) on CARMELA-PC (20-04-2016 17:03:42)
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.22.41.126
Tcpip\..\Interfaces\{95647E9D-95B5-4C7A-9817-505063EDBBFD}: [DhcpNameServer] 172.22.41.126

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default\Extensions\abs@avira.com.xpi [2016-04-18]

Chrome:
=======
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Drive) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Google Sheets) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-20]
CHR Extension: (Gmail) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-02-22] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-02-22] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-02-22] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-17] (REALiX™)
S3 cpuz134; \??\C:\Users\Carmela\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:03 - 2016-04-20 17:04 - 00006763 _____ C:\Users\Carmela\Desktop\FRST.txt
2016-04-20 17:03 - 2016-04-18 11:39 - 02375680 _____ (Farbar) C:\Users\Carmela\Desktop\FRST64.exe
2016-04-20 13:03 - 2016-04-20 13:03 - 00000462 _____ C:\Users\Carmela\Desktop\ESET scan 042016.txt
2016-04-20 12:42 - 2016-04-20 12:42 - 02870984 _____ (ESET) C:\Users\Carmela\Downloads\esetsmartinstaller_enu.exe
2016-04-20 12:39 - 2016-04-20 17:02 - 00317128 _____ C:\Windows\ntbtlog.txt
2016-04-20 12:37 - 2016-04-20 12:37 - 00000000 ____D C:\ProgramData\Reimage Protector
2016-04-19 13:48 - 2016-04-19 13:48 - 00000000 ____D C:\Users\Carmela\Desktop\4.19.2016_12.31.53-PM
2016-04-19 12:28 - 2016-04-19 12:28 - 00000000 ____D C:\RegBackup
2016-04-19 12:12 - 2016-04-19 12:12 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-18 12:11 - 2016-04-18 12:11 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\SUPERAntiSpyware.com
2016-04-18 12:10 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-18 12:10 - 2016-04-18 12:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-18 11:40 - 2016-04-20 17:03 - 00000000 ____D C:\FRST
2016-04-18 10:52 - 2016-04-20 17:03 - 00000000 ____D C:\Users\Carmela\Desktop\041816 scans
2016-04-17 20:33 - 2016-04-17 20:33 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Macromedia
2016-04-17 13:50 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-17 13:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 13:26 - 2016-04-18 12:00 - 00000000 ____D C:\Qoobox
2016-04-17 13:25 - 2016-04-17 13:35 - 00000000 ____D C:\Windows\erdnt
2016-04-17 13:02 - 2016-04-17 13:02 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Adobe
2016-04-17 12:57 - 2016-04-20 12:26 - 00000000 ____D C:\AdwCleaner
2016-04-17 12:27 - 2016-04-17 12:27 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-17 11:57 - 2016-04-17 11:30 - 00000000 ____D C:\Windows\Panther
2016-04-17 11:36 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\ProductData
2016-04-17 11:36 - 2016-04-17 11:36 - 00000000 ____D C:\Windows\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Users\Carmela\AppData\LocalLow\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-17 11:35 - 2016-04-17 11:36 - 00002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Carmela)
2016-04-17 11:35 - 2016-04-17 11:36 - 00002152 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-04-17 11:35 - 2016-04-17 11:35 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-04-17 11:35 - 2016-04-17 11:35 - 00003250 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-04-17 11:31 - 2016-04-17 11:31 - 14982312 _____ (IObit ) C:\Users\Carmela\Downloads\driver_booster_setup.exe
2016-04-17 11:28 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-17 11:28 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\CCleaner
2016-04-17 11:28 - 2016-04-17 11:28 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-17 11:28 - 2016-04-17 11:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-17 11:16 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-04-17 11:16 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\Reimage
2016-04-17 11:16 - 2016-04-17 11:16 - 00004282 _____ C:\Windows\System32\Tasks\ReimageUpdater
2016-04-17 11:16 - 2016-04-17 11:16 - 00003446 _____ C:\Windows\System32\Tasks\Reimage Reminder
2016-04-17 11:16 - 2016-04-17 11:16 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-04-17 11:15 - 2016-04-20 12:26 - 00000000 ____D C:\rei
2016-04-17 11:15 - 2016-04-17 11:17 - 00000150 _____ C:\Windows\Reimage.ini
2016-04-17 11:15 - 2016-04-17 11:15 - 00771736 _____ (Reimage) C:\Users\Carmela\Downloads\ReimageRepair.exe
2016-04-17 11:11 - 2016-04-17 11:11 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 11:11 - 2016-04-17 11:11 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 11:10 - 2016-04-20 12:36 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 11:10 - 2016-04-17 11:15 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 11:10 - 2016-04-17 11:10 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-17 11:10 - 2016-04-17 11:10 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-17 11:06 - 2016-04-20 12:01 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Mozilla
2016-04-17 11:05 - 2016-02-22 16:44 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00133168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00069888 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-04-17 11:02 - 2016-04-20 12:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-17 11:02 - 2016-04-17 11:00 - 00987728 _____ (Google Inc.) C:\Users\Carmela\Desktop\ChromeSetup.exe
2016-04-17 11:01 - 2016-04-20 12:01 - 00000000 ____D C:\Users\Carmela\AppData\Local\Google
2016-04-17 11:01 - 2016-04-17 11:01 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-17 11:01 - 2016-04-17 11:01 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-17 10:55 - 2016-04-20 12:37 - 00057560 _____ C:\Users\Carmela\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-17 10:54 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-17 10:54 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-17 10:54 - 2016-04-20 12:01 - 00000000 ____D C:\ProgramData\Avira
2016-04-17 10:54 - 2016-04-20 12:00 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-17 10:54 - 2016-04-17 10:54 - 00001206 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-17 10:54 - 2016-04-17 10:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-04-17 10:53 - 2016-04-17 10:53 - 00001409 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-17 10:52 - 2016-04-20 12:35 - 00000000 ____D C:\Users\Carmela
2016-04-17 10:52 - 2016-04-17 10:53 - 00001443 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 10:52 - 2016-04-17 10:52 - 00000020 ___SH C:\Users\Carmela\ntuser.ini
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\My Documents
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Videos
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Pictures
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Music
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 ____D C:\Users\Carmela\AppData\Local\VirtualStore
2016-04-17 10:52 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:03 - 2009-07-14 01:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-20 17:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-20 12:39 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 12:39 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 12:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ____D C:\Windows\ShellNew
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Setup
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ras
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\oobe
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\manifeststore
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\icsxml
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ias
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\com
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\L2Schemas
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\winrm
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\WCN
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\slmgr
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\SMI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\MUI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\IME
2016-04-20 12:27 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2016-04-20 12:27 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PLA
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Branding
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\MSBuild
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-20 12:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Windows NT
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-04-20 12:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-04-20 12:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Web
2016-04-20 12:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2016-04-20 12:00 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-20 12:00 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-04-17 11:57 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-17 11:02 - 2009-07-14 00:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\Carmela\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-17 10:58

==================== End of FRST.txt ============================

 

 

 

 

  • FRST scan log in Safe Mode with Networking, with an active internet connection:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by Carmela (administrator) on CARMELA-PC (20-04-2016 17:21:55)
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.22.41.126
Tcpip\..\Interfaces\{95647E9D-95B5-4C7A-9817-505063EDBBFD}: [DhcpNameServer] 172.22.41.126

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default\Extensions\abs@avira.com.xpi [2016-04-18]

Chrome:
=======
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Drive) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Google Sheets) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-20]
CHR Extension: (Gmail) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-02-22] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-02-22] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-02-22] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-17] (REALiX™)
S3 cpuz134; \??\C:\Users\Carmela\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:21 - 2016-04-20 17:22 - 00007361 _____ C:\Users\Carmela\Desktop\FRST.txt
2016-04-20 17:18 - 2016-04-20 17:18 - 00000000 ____D C:\Users\Carmela\Desktop\FRST scans
2016-04-20 17:03 - 2016-04-18 11:39 - 02375680 _____ (Farbar) C:\Users\Carmela\Desktop\FRST64.exe
2016-04-20 13:03 - 2016-04-20 13:03 - 00000462 _____ C:\Users\Carmela\Desktop\ESET scan 042016.txt
2016-04-20 12:42 - 2016-04-20 12:42 - 02870984 _____ (ESET) C:\Users\Carmela\Downloads\esetsmartinstaller_enu.exe
2016-04-20 12:39 - 2016-04-20 17:21 - 00389226 _____ C:\Windows\ntbtlog.txt
2016-04-20 12:37 - 2016-04-20 12:37 - 00000000 ____D C:\ProgramData\Reimage Protector
2016-04-19 13:48 - 2016-04-19 13:48 - 00000000 ____D C:\Users\Carmela\Desktop\4.19.2016_12.31.53-PM
2016-04-19 12:28 - 2016-04-19 12:28 - 00000000 ____D C:\RegBackup
2016-04-19 12:12 - 2016-04-19 12:12 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-18 12:11 - 2016-04-18 12:11 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\SUPERAntiSpyware.com
2016-04-18 12:10 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-18 12:10 - 2016-04-18 12:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-18 11:40 - 2016-04-20 17:21 - 00000000 ____D C:\FRST
2016-04-18 10:52 - 2016-04-20 17:03 - 00000000 ____D C:\Users\Carmela\Desktop\041816 scans
2016-04-17 20:33 - 2016-04-17 20:33 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Macromedia
2016-04-17 13:50 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-17 13:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 13:26 - 2016-04-18 12:00 - 00000000 ____D C:\Qoobox
2016-04-17 13:25 - 2016-04-17 13:35 - 00000000 ____D C:\Windows\erdnt
2016-04-17 13:02 - 2016-04-17 13:02 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Adobe
2016-04-17 12:57 - 2016-04-20 12:26 - 00000000 ____D C:\AdwCleaner
2016-04-17 12:27 - 2016-04-17 12:27 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-17 11:57 - 2016-04-17 11:30 - 00000000 ____D C:\Windows\Panther
2016-04-17 11:36 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\ProductData
2016-04-17 11:36 - 2016-04-17 11:36 - 00000000 ____D C:\Windows\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Users\Carmela\AppData\LocalLow\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-17 11:35 - 2016-04-17 11:36 - 00002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Carmela)
2016-04-17 11:35 - 2016-04-17 11:36 - 00002152 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-04-17 11:35 - 2016-04-17 11:35 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-04-17 11:35 - 2016-04-17 11:35 - 00003250 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-04-17 11:31 - 2016-04-17 11:31 - 14982312 _____ (IObit ) C:\Users\Carmela\Downloads\driver_booster_setup.exe
2016-04-17 11:28 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-17 11:28 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\CCleaner
2016-04-17 11:28 - 2016-04-17 11:28 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-17 11:28 - 2016-04-17 11:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-17 11:16 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-04-17 11:16 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\Reimage
2016-04-17 11:16 - 2016-04-17 11:16 - 00004282 _____ C:\Windows\System32\Tasks\ReimageUpdater
2016-04-17 11:16 - 2016-04-17 11:16 - 00003446 _____ C:\Windows\System32\Tasks\Reimage Reminder
2016-04-17 11:16 - 2016-04-17 11:16 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-04-17 11:15 - 2016-04-20 12:26 - 00000000 ____D C:\rei
2016-04-17 11:15 - 2016-04-17 11:17 - 00000150 _____ C:\Windows\Reimage.ini
2016-04-17 11:15 - 2016-04-17 11:15 - 00771736 _____ (Reimage) C:\Users\Carmela\Downloads\ReimageRepair.exe
2016-04-17 11:11 - 2016-04-17 11:11 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 11:11 - 2016-04-17 11:11 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 11:10 - 2016-04-20 17:15 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 11:10 - 2016-04-20 17:14 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 11:10 - 2016-04-17 11:10 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-17 11:10 - 2016-04-17 11:10 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-17 11:06 - 2016-04-20 12:01 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Mozilla
2016-04-17 11:05 - 2016-02-22 16:44 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00133168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00069888 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-04-17 11:02 - 2016-04-20 12:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-17 11:02 - 2016-04-17 11:00 - 00987728 _____ (Google Inc.) C:\Users\Carmela\Desktop\ChromeSetup.exe
2016-04-17 11:01 - 2016-04-20 12:01 - 00000000 ____D C:\Users\Carmela\AppData\Local\Google
2016-04-17 11:01 - 2016-04-17 11:01 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-17 11:01 - 2016-04-17 11:01 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-17 10:55 - 2016-04-20 12:37 - 00057560 _____ C:\Users\Carmela\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-17 10:54 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-17 10:54 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-17 10:54 - 2016-04-20 12:01 - 00000000 ____D C:\ProgramData\Avira
2016-04-17 10:54 - 2016-04-20 12:00 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-17 10:54 - 2016-04-17 10:54 - 00001206 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-17 10:54 - 2016-04-17 10:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-04-17 10:53 - 2016-04-17 10:53 - 00001409 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-17 10:52 - 2016-04-20 12:35 - 00000000 ____D C:\Users\Carmela
2016-04-17 10:52 - 2016-04-17 10:53 - 00001443 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 10:52 - 2016-04-17 10:52 - 00000020 ___SH C:\Users\Carmela\ntuser.ini
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\My Documents
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Videos
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Pictures
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Music
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 ____D C:\Users\Carmela\AppData\Local\VirtualStore
2016-04-17 10:52 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:19 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 17:19 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 17:17 - 2009-07-14 01:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-20 17:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-20 17:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ____D C:\Windows\ShellNew
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Setup
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ras
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\oobe
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\manifeststore
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\icsxml
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ias
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\com
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\L2Schemas
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\winrm
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\WCN
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\slmgr
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\SMI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\MUI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\IME
2016-04-20 12:27 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2016-04-20 12:27 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PLA
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Branding
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\MSBuild
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-20 12:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Windows NT
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-04-20 12:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-04-20 12:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Web
2016-04-20 12:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2016-04-20 12:00 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-20 12:00 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-04-17 11:57 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-17 11:02 - 2009-07-14 00:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\Carmela\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-17 10:58

==================== End of FRST.txt ============================

 

 

 

 

  • FRST scan log in Regular Mode, without active connection:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by Carmela (administrator) on CARMELA-PC (20-04-2016 17:08:32)
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ipmgui.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.22.41.126
Tcpip\..\Interfaces\{95647E9D-95B5-4C7A-9817-505063EDBBFD}: [DhcpNameServer] 172.22.41.126

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default\Extensions\abs@avira.com.xpi [2016-04-18]

Chrome:
=======
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Drive) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Google Sheets) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-20]
CHR Extension: (Gmail) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-02-22] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-17] (REALiX™)
S3 cpuz134; \??\C:\Users\Carmela\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:08 - 2016-04-20 17:08 - 00007535 _____ C:\Users\Carmela\Desktop\FRST.txt
2016-04-20 17:05 - 2016-04-20 17:05 - 00000000 ____D C:\Users\Carmela\Desktop\frst scan 1
2016-04-20 17:03 - 2016-04-18 11:39 - 02375680 _____ (Farbar) C:\Users\Carmela\Desktop\FRST64.exe
2016-04-20 13:03 - 2016-04-20 13:03 - 00000462 _____ C:\Users\Carmela\Desktop\ESET scan 042016.txt
2016-04-20 12:42 - 2016-04-20 12:42 - 02870984 _____ (ESET) C:\Users\Carmela\Downloads\esetsmartinstaller_enu.exe
2016-04-20 12:39 - 2016-04-20 17:02 - 00317128 _____ C:\Windows\ntbtlog.txt
2016-04-20 12:37 - 2016-04-20 12:37 - 00000000 ____D C:\ProgramData\Reimage Protector
2016-04-19 13:48 - 2016-04-19 13:48 - 00000000 ____D C:\Users\Carmela\Desktop\4.19.2016_12.31.53-PM
2016-04-19 12:28 - 2016-04-19 12:28 - 00000000 ____D C:\RegBackup
2016-04-19 12:12 - 2016-04-19 12:12 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-18 12:11 - 2016-04-18 12:11 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\SUPERAntiSpyware.com
2016-04-18 12:10 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-18 12:10 - 2016-04-18 12:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-18 11:40 - 2016-04-20 17:08 - 00000000 ____D C:\FRST
2016-04-18 10:52 - 2016-04-20 17:03 - 00000000 ____D C:\Users\Carmela\Desktop\041816 scans
2016-04-17 20:33 - 2016-04-17 20:33 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Macromedia
2016-04-17 13:50 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-17 13:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 13:26 - 2016-04-18 12:00 - 00000000 ____D C:\Qoobox
2016-04-17 13:25 - 2016-04-17 13:35 - 00000000 ____D C:\Windows\erdnt
2016-04-17 13:02 - 2016-04-17 13:02 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Adobe
2016-04-17 12:57 - 2016-04-20 12:26 - 00000000 ____D C:\AdwCleaner
2016-04-17 12:27 - 2016-04-17 12:27 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-17 11:57 - 2016-04-17 11:30 - 00000000 ____D C:\Windows\Panther
2016-04-17 11:36 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\ProductData
2016-04-17 11:36 - 2016-04-17 11:36 - 00000000 ____D C:\Windows\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Users\Carmela\AppData\LocalLow\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-17 11:35 - 2016-04-17 11:36 - 00002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Carmela)
2016-04-17 11:35 - 2016-04-17 11:36 - 00002152 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-04-17 11:35 - 2016-04-17 11:35 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-04-17 11:35 - 2016-04-17 11:35 - 00003250 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-04-17 11:31 - 2016-04-17 11:31 - 14982312 _____ (IObit ) C:\Users\Carmela\Downloads\driver_booster_setup.exe
2016-04-17 11:28 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-17 11:28 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\CCleaner
2016-04-17 11:28 - 2016-04-17 11:28 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-17 11:28 - 2016-04-17 11:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-17 11:16 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-04-17 11:16 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\Reimage
2016-04-17 11:16 - 2016-04-17 11:16 - 00004282 _____ C:\Windows\System32\Tasks\ReimageUpdater
2016-04-17 11:16 - 2016-04-17 11:16 - 00003446 _____ C:\Windows\System32\Tasks\Reimage Reminder
2016-04-17 11:16 - 2016-04-17 11:16 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-04-17 11:15 - 2016-04-20 12:26 - 00000000 ____D C:\rei
2016-04-17 11:15 - 2016-04-17 11:17 - 00000150 _____ C:\Windows\Reimage.ini
2016-04-17 11:15 - 2016-04-17 11:15 - 00771736 _____ (Reimage) C:\Users\Carmela\Downloads\ReimageRepair.exe
2016-04-17 11:11 - 2016-04-17 11:11 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 11:11 - 2016-04-17 11:11 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 11:10 - 2016-04-20 17:07 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 11:10 - 2016-04-17 11:15 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 11:10 - 2016-04-17 11:10 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-17 11:10 - 2016-04-17 11:10 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-17 11:06 - 2016-04-20 12:01 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Mozilla
2016-04-17 11:05 - 2016-02-22 16:44 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00133168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00069888 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-04-17 11:02 - 2016-04-20 12:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-17 11:02 - 2016-04-17 11:00 - 00987728 _____ (Google Inc.) C:\Users\Carmela\Desktop\ChromeSetup.exe
2016-04-17 11:01 - 2016-04-20 12:01 - 00000000 ____D C:\Users\Carmela\AppData\Local\Google
2016-04-17 11:01 - 2016-04-17 11:01 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-17 11:01 - 2016-04-17 11:01 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-17 10:55 - 2016-04-20 12:37 - 00057560 _____ C:\Users\Carmela\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-17 10:54 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-17 10:54 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-17 10:54 - 2016-04-20 12:01 - 00000000 ____D C:\ProgramData\Avira
2016-04-17 10:54 - 2016-04-20 12:00 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-17 10:54 - 2016-04-17 10:54 - 00001206 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-17 10:54 - 2016-04-17 10:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-04-17 10:53 - 2016-04-17 10:53 - 00001409 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-17 10:52 - 2016-04-20 12:35 - 00000000 ____D C:\Users\Carmela
2016-04-17 10:52 - 2016-04-17 10:53 - 00001443 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 10:52 - 2016-04-17 10:52 - 00000020 ___SH C:\Users\Carmela\ntuser.ini
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\My Documents
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Videos
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Pictures
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Music
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 ____D C:\Users\Carmela\AppData\Local\VirtualStore
2016-04-17 10:52 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-20 17:05 - 2009-07-14 01:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-20 17:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-20 12:39 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 12:39 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ____D C:\Windows\ShellNew
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Setup
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ras
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\oobe
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\manifeststore
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\icsxml
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ias
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\com
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\L2Schemas
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\winrm
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\WCN
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\slmgr
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\SMI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\MUI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\IME
2016-04-20 12:27 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2016-04-20 12:27 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PLA
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Branding
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\MSBuild
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-20 12:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Windows NT
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-04-20 12:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-04-20 12:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Web
2016-04-20 12:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2016-04-20 12:00 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-20 12:00 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-04-17 11:57 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-17 11:02 - 2009-07-14 00:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\Carmela\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-17 10:58

==================== End of FRST.txt ============================

 

 

 

 

 

  • FRST scan log in Regular Mode with an active internet connection:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by Carmela (administrator) on CARMELA-PC (20-04-2016 17:15:43)
Running from C:\Users\Carmela\Desktop
Loaded Profiles: Carmela (Available Profiles: Carmela)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-02-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3585697871-321451975-2683442688-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.22.41.126
Tcpip\..\Interfaces\{95647E9D-95B5-4C7A-9817-505063EDBBFD}: [DhcpNameServer] 172.22.41.126

Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-17] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carmela\AppData\Roaming\Mozilla\Firefox\Profiles\26Z1632a.default\Extensions\abs@avira.com.xpi [2016-04-18]

Chrome:
=======
CHR Profile: C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-20]
CHR Extension: (Google Docs) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-20]
CHR Extension: (Google Drive) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Google Sheets) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-20]
CHR Extension: (Google Docs Offline) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-20]
CHR Extension: (Gmail) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-02-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-02-22] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-04-17] (REALiX™)
S3 cpuz134; \??\C:\Users\Carmela\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:15 - 2016-04-20 17:16 - 00007565 _____ C:\Users\Carmela\Desktop\FRST.txt
2016-04-20 17:10 - 2016-04-20 17:10 - 00000000 ____D C:\Users\Carmela\Desktop\frst scan 2
2016-04-20 17:05 - 2016-04-20 17:05 - 00000000 ____D C:\Users\Carmela\Desktop\frst scan 1
2016-04-20 17:03 - 2016-04-18 11:39 - 02375680 _____ (Farbar) C:\Users\Carmela\Desktop\FRST64.exe
2016-04-20 13:03 - 2016-04-20 13:03 - 00000462 _____ C:\Users\Carmela\Desktop\ESET scan 042016.txt
2016-04-20 12:42 - 2016-04-20 12:42 - 02870984 _____ (ESET) C:\Users\Carmela\Downloads\esetsmartinstaller_enu.exe
2016-04-20 12:39 - 2016-04-20 17:02 - 00317128 _____ C:\Windows\ntbtlog.txt
2016-04-20 12:37 - 2016-04-20 12:37 - 00000000 ____D C:\ProgramData\Reimage Protector
2016-04-19 13:48 - 2016-04-19 13:48 - 00000000 ____D C:\Users\Carmela\Desktop\4.19.2016_12.31.53-PM
2016-04-19 12:28 - 2016-04-19 12:28 - 00000000 ____D C:\RegBackup
2016-04-19 12:12 - 2016-04-19 12:12 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-18 12:11 - 2016-04-18 12:11 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\SUPERAntiSpyware.com
2016-04-18 12:10 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-18 12:10 - 2016-04-18 12:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-18 11:40 - 2016-04-20 17:15 - 00000000 ____D C:\FRST
2016-04-18 10:52 - 2016-04-20 17:03 - 00000000 ____D C:\Users\Carmela\Desktop\041816 scans
2016-04-17 20:33 - 2016-04-17 20:33 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Macromedia
2016-04-17 13:50 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-17 13:50 - 2016-04-17 13:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 13:26 - 2016-04-18 12:00 - 00000000 ____D C:\Qoobox
2016-04-17 13:25 - 2016-04-17 13:35 - 00000000 ____D C:\Windows\erdnt
2016-04-17 13:02 - 2016-04-17 13:02 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Adobe
2016-04-17 12:57 - 2016-04-20 12:26 - 00000000 ____D C:\AdwCleaner
2016-04-17 12:27 - 2016-04-17 12:27 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-17 11:57 - 2016-04-17 11:30 - 00000000 ____D C:\Windows\Panther
2016-04-17 11:36 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\ProductData
2016-04-17 11:36 - 2016-04-17 11:36 - 00000000 ____D C:\Windows\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Users\Carmela\AppData\LocalLow\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\IObit
2016-04-17 11:35 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-17 11:35 - 2016-04-17 11:36 - 00002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Carmela)
2016-04-17 11:35 - 2016-04-17 11:36 - 00002152 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-04-17 11:35 - 2016-04-17 11:35 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-04-17 11:35 - 2016-04-17 11:35 - 00003250 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-04-17 11:31 - 2016-04-17 11:31 - 14982312 _____ (IObit ) C:\Users\Carmela\Downloads\driver_booster_setup.exe
2016-04-17 11:28 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-17 11:28 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\CCleaner
2016-04-17 11:28 - 2016-04-17 11:28 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-17 11:28 - 2016-04-17 11:28 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-17 11:16 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2016-04-17 11:16 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files\Reimage
2016-04-17 11:16 - 2016-04-17 11:16 - 00004282 _____ C:\Windows\System32\Tasks\ReimageUpdater
2016-04-17 11:16 - 2016-04-17 11:16 - 00003446 _____ C:\Windows\System32\Tasks\Reimage Reminder
2016-04-17 11:16 - 2016-04-17 11:16 - 00001901 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2016-04-17 11:15 - 2016-04-20 12:26 - 00000000 ____D C:\rei
2016-04-17 11:15 - 2016-04-17 11:17 - 00000150 _____ C:\Windows\Reimage.ini
2016-04-17 11:15 - 2016-04-17 11:15 - 00771736 _____ (Reimage) C:\Users\Carmela\Downloads\ReimageRepair.exe
2016-04-17 11:11 - 2016-04-17 11:11 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 11:11 - 2016-04-17 11:11 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 11:10 - 2016-04-20 17:15 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 11:10 - 2016-04-20 17:14 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 11:10 - 2016-04-17 11:10 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-17 11:10 - 2016-04-17 11:10 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-17 11:06 - 2016-04-20 12:01 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Mozilla
2016-04-17 11:05 - 2016-02-22 16:44 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00133168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00069888 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-04-17 11:05 - 2016-02-22 16:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-04-17 11:02 - 2016-04-20 12:00 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-17 11:02 - 2016-04-17 11:00 - 00987728 _____ (Google Inc.) C:\Users\Carmela\Desktop\ChromeSetup.exe
2016-04-17 11:01 - 2016-04-20 12:01 - 00000000 ____D C:\Users\Carmela\AppData\Local\Google
2016-04-17 11:01 - 2016-04-17 11:01 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-17 11:01 - 2016-04-17 11:01 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-17 10:55 - 2016-04-20 12:37 - 00057560 _____ C:\Users\Carmela\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-17 10:54 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-17 10:54 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-17 10:54 - 2016-04-20 12:01 - 00000000 ____D C:\ProgramData\Avira
2016-04-17 10:54 - 2016-04-20 12:00 - 00000000 ____D C:\Program Files (x86)\Avira
2016-04-17 10:54 - 2016-04-17 10:54 - 00001206 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-17 10:54 - 2016-04-17 10:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-04-17 10:53 - 2016-04-17 10:53 - 00001409 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-17 10:52 - 2016-04-20 12:35 - 00000000 ____D C:\Users\Carmela
2016-04-17 10:52 - 2016-04-17 10:53 - 00001443 _____ C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-17 10:52 - 2016-04-17 10:52 - 00000020 ___SH C:\Users\Carmela\ntuser.ini
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\My Documents
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Videos
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Pictures
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 _SHDL C:\Users\Carmela\Documents\My Music
2016-04-17 10:52 - 2016-04-17 10:52 - 00000000 ____D C:\Users\Carmela\AppData\Local\VirtualStore
2016-04-17 10:52 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Carmela\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 17:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-20 17:11 - 2009-07-14 01:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-20 17:11 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 17:11 - 2009-07-14 00:45 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 17:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ____D C:\Windows\ShellNew
2016-04-20 12:31 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-20 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\TAPI
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Setup
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ras
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\oobe
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\manifeststore
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\icsxml
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\ias
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\com
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\L2Schemas
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-20 12:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Services
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\winrm
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\WCN
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\slmgr
2016-04-20 12:28 - 2011-04-12 04:17 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\SMI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\MUI
2016-04-20 12:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\IME
2016-04-20 12:27 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2016-04-20 12:27 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PLA
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Branding
2016-04-20 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\MSBuild
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-04-20 12:26 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-20 12:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Windows NT
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-20 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-04-20 12:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-04-20 12:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Web
2016-04-20 12:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2016-04-20 12:00 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-20 12:00 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-04-17 11:57 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-17 11:02 - 2009-07-14 00:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT

Some files in TEMP:
====================
C:\Users\Carmela\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-17 10:58

==================== End of FRST.txt ============================

 

 

 

 

 

 

  • Addition log in Safe Mode only:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by Carmela (2016-04-20 17:04:23)
Running from C:\Users\Carmela\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-04-17 14:52:19)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3585697871-321451975-2683442688-500 - Administrator - Disabled)
Carmela (S-1-5-21-3585697871-321451975-2683442688-1000 - Administrator - Enabled) => C:\Users\Carmela
Guest (S-1-5-21-3585697871-321451975-2683442688-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Driver Booster 3.3 (HKLM-x32\...\Driver Booster_is1) (Version: 3.3 - IObit)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.2 - Reimage) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D8DFE76-4B9C-4259-870C-569BF740353F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-03-28] (IObit)
Task: {436E02A5-8E8D-4EE7-BB78-984481492089} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {718F4BD4-EE31-4936-B87D-270810092CCD} - System32\Tasks\Driver Booster SkipUAC (Carmela) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-04-01] (IObit)
Task: {843B2D14-4179-478E-BA43-C7321A21350A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-04-13] (Reimage ltd.) <==== ATTENTION
Task: {D8BDA65A-80A2-400D-802D-41A620D4430E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F3A6AB0E-C7D0-4675-9B85-3DAF4AA75937} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {F425EA81-AF2B-4AC5-B431-CBECB5BC6CFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3585697871-321451975-2683442688-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8DCDDE24-6BFC-4AFD-8022-B569DA9D3176}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3ACC0991-6B25-409B-8B84-D3D7D588C71C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{00137B63-7F31-4E3C-B4D1-AF66B8BAFD41}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{74BFBD77-144F-45D2-815C-EB5C83177113}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5C787E0F-43EA-4EEF-AB40-380C234F9F9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{9FB08B79-CAB6-4390-AFEF-EA94BEB42E4B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{079A9F3C-F4A7-4435-A1F4-22C25AC8A266}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

==================== Restore Points =========================

17-04-2016 11:42:44 Driver Booster : Adobe Flash Player ActiveX
17-04-2016 11:49:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
17-04-2016 11:51:39 Windows Update
17-04-2016 11:54:51 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
17-04-2016 11:55:33 Installed DirectX
17-04-2016 12:09:03 Windows Update
17-04-2016 13:10:55 JRT Pre-Junkware Removal
17-04-2016 17:06:20 Reimage Repair Restore Point
17-04-2016 18:20:30 Reimage Repair Restore Point

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2016 05:03:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 01:18:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 01:04:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/20/2016 12:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 12:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 12:36:10 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (04/19/2016 12:49:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/19/2016 12:49:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/19/2016 12:49:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/19/2016 12:49:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/20/2016 05:03:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:01:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:01:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/20/2016 05:01:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/20/2016 05:01:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 26%
Total physical RAM: 3037.09 MB
Available physical RAM: 2234.24 MB
Total Virtual: 6072.37 MB
Available Virtual: 5276.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:213.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9C6D3CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

  • Addition log in Safe Mode with Networking, with an active internet connection:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by Carmela (2016-04-20 17:22:39)
Running from C:\Users\Carmela\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-04-17 14:52:19)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3585697871-321451975-2683442688-500 - Administrator - Disabled)
Carmela (S-1-5-21-3585697871-321451975-2683442688-1000 - Administrator - Enabled) => C:\Users\Carmela
Guest (S-1-5-21-3585697871-321451975-2683442688-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Driver Booster 3.3 (HKLM-x32\...\Driver Booster_is1) (Version: 3.3 - IObit)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.2 - Reimage) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D8DFE76-4B9C-4259-870C-569BF740353F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-03-28] (IObit)
Task: {436E02A5-8E8D-4EE7-BB78-984481492089} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {718F4BD4-EE31-4936-B87D-270810092CCD} - System32\Tasks\Driver Booster SkipUAC (Carmela) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-04-01] (IObit)
Task: {843B2D14-4179-478E-BA43-C7321A21350A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-04-13] (Reimage ltd.) <==== ATTENTION
Task: {D8BDA65A-80A2-400D-802D-41A620D4430E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F3A6AB0E-C7D0-4675-9B85-3DAF4AA75937} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {F425EA81-AF2B-4AC5-B431-CBECB5BC6CFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3585697871-321451975-2683442688-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.22.41.126
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8DCDDE24-6BFC-4AFD-8022-B569DA9D3176}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3ACC0991-6B25-409B-8B84-D3D7D588C71C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{00137B63-7F31-4E3C-B4D1-AF66B8BAFD41}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{74BFBD77-144F-45D2-815C-EB5C83177113}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5C787E0F-43EA-4EEF-AB40-380C234F9F9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{9FB08B79-CAB6-4390-AFEF-EA94BEB42E4B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{079A9F3C-F4A7-4435-A1F4-22C25AC8A266}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

==================== Restore Points =========================

17-04-2016 11:42:44 Driver Booster : Adobe Flash Player ActiveX
17-04-2016 11:49:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
17-04-2016 11:51:39 Windows Update
17-04-2016 11:54:51 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
17-04-2016 11:55:33 Installed DirectX
17-04-2016 12:09:03 Windows Update
17-04-2016 13:10:55 JRT Pre-Junkware Removal
17-04-2016 17:06:20 Reimage Repair Restore Point
17-04-2016 18:20:30 Reimage Repair Restore Point

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2016 05:13:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 05:13:51 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (04/20/2016 05:07:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 05:07:14 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (04/20/2016 05:03:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 01:18:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 01:04:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/20/2016 12:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 12:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 12:36:10 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!


System errors:
=============
Error: (04/20/2016 05:21:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:21:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:21:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:21:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/20/2016 05:21:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/20/2016 05:21:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/20/2016 05:21:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/20/2016 05:21:26 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (04/20/2016 05:21:26 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (04/20/2016 05:21:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr
discache
HWiNFO32
spldr
Wanarpv6


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 27%
Total physical RAM: 3037.09 MB
Available physical RAM: 2188.71 MB
Total Virtual: 6072.37 MB
Available Virtual: 5229.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:213.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9C6D3CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

  • Addition log in Regular Mode, no active internet connection:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by Carmela (2016-04-20 17:09:13)
Running from C:\Users\Carmela\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-04-17 14:52:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3585697871-321451975-2683442688-500 - Administrator - Disabled)
Carmela (S-1-5-21-3585697871-321451975-2683442688-1000 - Administrator - Enabled) => C:\Users\Carmela
Guest (S-1-5-21-3585697871-321451975-2683442688-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Driver Booster 3.3 (HKLM-x32\...\Driver Booster_is1) (Version: 3.3 - IObit)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.2 - Reimage) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D8DFE76-4B9C-4259-870C-569BF740353F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-03-28] (IObit)
Task: {436E02A5-8E8D-4EE7-BB78-984481492089} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {718F4BD4-EE31-4936-B87D-270810092CCD} - System32\Tasks\Driver Booster SkipUAC (Carmela) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-04-01] (IObit)
Task: {843B2D14-4179-478E-BA43-C7321A21350A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-04-13] (Reimage ltd.) <==== ATTENTION
Task: {D8BDA65A-80A2-400D-802D-41A620D4430E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F3A6AB0E-C7D0-4675-9B85-3DAF4AA75937} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {F425EA81-AF2B-4AC5-B431-CBECB5BC6CFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-19 04:56 - 2015-08-19 04:56 - 06908904 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2016-03-30 09:41 - 2016-03-30 09:41 - 00245760 _____ () C:\Program Files (x86)\Avira\Launcher\System.ComponentModel.Composition.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3585697871-321451975-2683442688-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8DCDDE24-6BFC-4AFD-8022-B569DA9D3176}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3ACC0991-6B25-409B-8B84-D3D7D588C71C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{00137B63-7F31-4E3C-B4D1-AF66B8BAFD41}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{74BFBD77-144F-45D2-815C-EB5C83177113}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5C787E0F-43EA-4EEF-AB40-380C234F9F9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{9FB08B79-CAB6-4390-AFEF-EA94BEB42E4B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{079A9F3C-F4A7-4435-A1F4-22C25AC8A266}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

==================== Restore Points =========================

17-04-2016 11:42:44 Driver Booster : Adobe Flash Player ActiveX
17-04-2016 11:49:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
17-04-2016 11:51:39 Windows Update
17-04-2016 11:54:51 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
17-04-2016 11:55:33 Installed DirectX
17-04-2016 12:09:03 Windows Update
17-04-2016 13:10:55 JRT Pre-Junkware Removal
17-04-2016 17:06:20 Reimage Repair Restore Point
17-04-2016 18:20:30 Reimage Repair Restore Point

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2016 05:07:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 05:07:14 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (04/20/2016 05:03:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 01:18:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 01:04:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/20/2016 12:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 12:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 12:36:10 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (04/19/2016 12:49:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/19/2016 12:49:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/20/2016 05:07:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/20/2016 05:03:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:01:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:01:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/20/2016 05:01:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 25%
Total physical RAM: 3037.09 MB
Available physical RAM: 2250.37 MB
Total Virtual: 6072.37 MB
Available Virtual: 5165.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:213.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9C6D3CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

  • Addition log in Regular Mode with an active internet connection:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by Carmela (2016-04-20 17:16:24)
Running from C:\Users\Carmela\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-04-17 14:52:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3585697871-321451975-2683442688-500 - Administrator - Disabled)
Carmela (S-1-5-21-3585697871-321451975-2683442688-1000 - Administrator - Enabled) => C:\Users\Carmela
Guest (S-1-5-21-3585697871-321451975-2683442688-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Driver Booster 3.3 (HKLM-x32\...\Driver Booster_is1) (Version: 3.3 - IObit)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.2 - Reimage) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D8DFE76-4B9C-4259-870C-569BF740353F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-03-28] (IObit)
Task: {436E02A5-8E8D-4EE7-BB78-984481492089} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {718F4BD4-EE31-4936-B87D-270810092CCD} - System32\Tasks\Driver Booster SkipUAC (Carmela) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-04-01] (IObit)
Task: {843B2D14-4179-478E-BA43-C7321A21350A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-04-13] (Reimage ltd.) <==== ATTENTION
Task: {D8BDA65A-80A2-400D-802D-41A620D4430E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {F3A6AB0E-C7D0-4675-9B85-3DAF4AA75937} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {F425EA81-AF2B-4AC5-B431-CBECB5BC6CFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-19 04:56 - 2015-08-19 04:56 - 06908904 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2016-03-30 09:41 - 2016-03-30 09:41 - 00245760 _____ () C:\Program Files (x86)\Avira\Launcher\System.ComponentModel.Composition.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3585697871-321451975-2683442688-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carmela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.22.41.126
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8DCDDE24-6BFC-4AFD-8022-B569DA9D3176}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3ACC0991-6B25-409B-8B84-D3D7D588C71C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{00137B63-7F31-4E3C-B4D1-AF66B8BAFD41}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{74BFBD77-144F-45D2-815C-EB5C83177113}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5C787E0F-43EA-4EEF-AB40-380C234F9F9E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{9FB08B79-CAB6-4390-AFEF-EA94BEB42E4B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{079A9F3C-F4A7-4435-A1F4-22C25AC8A266}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

==================== Restore Points =========================

17-04-2016 11:42:44 Driver Booster : Adobe Flash Player ActiveX
17-04-2016 11:49:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
17-04-2016 11:51:39 Windows Update
17-04-2016 11:54:51 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
17-04-2016 11:55:33 Installed DirectX
17-04-2016 12:09:03 Windows Update
17-04-2016 13:10:55 JRT Pre-Junkware Removal
17-04-2016 17:06:20 Reimage Repair Restore Point
17-04-2016 18:20:30 Reimage Repair Restore Point

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2016 05:13:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 05:13:51 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (04/20/2016 05:07:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 05:07:14 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (04/20/2016 05:03:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 01:18:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 01:04:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/20/2016 12:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 12:37:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2016 12:36:10 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!


System errors:
=============
Error: (04/20/2016 05:13:23 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (04/20/2016 05:13:23 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (04/20/2016 05:13:22 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (04/20/2016 05:13:21 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (04/20/2016 05:13:20 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (04/20/2016 05:13:19 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (04/20/2016 05:13:18 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (04/20/2016 05:07:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/20/2016 05:03:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/20/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 26%
Total physical RAM: 3037.09 MB
Available physical RAM: 2232.78 MB
Total Virtual: 6072.37 MB
Available Virtual: 5150.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:213.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9C6D3CD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 21 April 2016 - 07:28 AM


Please execute the instructions in the order listed.


Remove these programs in bold via the Control Panel > Programs > Programs and Features applet.
Driver Booster 3.3 (HKLM-x32\...\Driver Booster_is1) (Version: 3.3 - IObit)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.2 - Reimage) <==== ATTENTION
===

AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


I suggest you remove Avira using their uninstaller tool.
Go to this page.
https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/902
Download the free Avira RegistryCleaner tool (Remember the saving location)
Follow the instructions on the page.

Restart the computer when completed.

Close all running programs and re-install Avira.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-20]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
S3 cpuz134; \??\C:\Users\Carmela\AppData\Local\Temp\cpuz134\cpuz134_x64.sys
Task: {843B2D14-4179-478E-BA43-C7321A21350A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-04-13] (Reimage ltd.) <==== ATTENTION
Task: {F3A6AB0E-C7D0-4675-9B85-3DAF4AA75937} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
C:\Program Files\Reimage
C:\Users\Carmela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please navivate to this page after the restart of the computer.
https://newsignature.com/articles/network-location-awareness-service-can-ruin-day-fix
Refer to this section of the page.
Simply change the startup type from the default setting of Automatic and now set it to Automatic (Delayed Start).
Try the setting Automatic and Automatic (delayes Start).
Change the setting both settings one by one and make sure that you click the Apply button.
You need to test the system in normal mode after each change.
--

Please let me know what problem persists with this computer.

#13 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 21 April 2016 - 06:19 PM

OK. This is what happened.

 

I deleted Driver Booster 3.3 and ReImage Repair. I removed the Avira software with their instructions and tools. All done is Safe Mode.

I tried to reload Avira, but it gave me an error upon install. Error # 0x80070641. Windows Installer Service could not be accessed. This can occur if Windows Installer is not currently installed ( per the error page). So, I instead installed AVAST. That worked fine. That was done in Safe Mode with Networking.

 

I put your Fixlog file onto the laptop via a USB stick. I ran FRST, and it worked. I restarted the computer normally. I opened Windows Update in Admin mode. Auto Updates were disabled. I selected to ‘Check Updates but let me decide….’. I ran Update. IT said that before I could get updates, I had to install new Windows Update software. It downloaded fine and continued to check for updates. It went on and on….same problem I’ve been having. It does nothing but spin and spin with no reaction.

 

I then changed my NLA setting to Auto (Delayed Start) and restarted in normal mode. Same problem….Update goes on and on and on and does nothing. I check for the installed update. It successful installed Windows Update Agent 7.6.7600.320, and that’s all it could find.

 

And that is where I am at now.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 22 April 2016 - 08:15 AM

Run the Windows Update and install only one update at time.
If one of the updates fails make a note of it and continue with the others.

Let me know which update(s) fails.

#15 capricorntony13

capricorntony13
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 22 April 2016 - 03:55 PM

Every update did not appear.

 

Started computer around 10am. Walked away from it. Got it out of sleep mode around 10:30, and noticed that it said that it could not verify my Windows OS as genuine. A week or so ago, when I put in the new OS, I chose to not make it automatically check for authentication, and I had no internet connection to the computer anyway. So, now that the computer is asking, I chose to ‘enter a different’ product key, and typed in the key that came with the new OS. It verified it and was happy with the key. I then ran Windows Update from 10:40am to 1:10pm. I ran it as an Administrator. It says Windows Update, checking for updates, and the green bar goes from left to right like an ocean wave. It says that the most recent updates: never, and that updates were installed: never. It says that I receive updates for Windows only. And that green bar keeps on going, and going, and going, with no change on the page. I went to command prompt and I ran it as an administrator. I entered net stop wuauserv, and then net start wuauserv. I then went back to Windows Update and started the process again from 1:30pm until 4:15pm.  No change. I tried this in Safe Mode with Networking, but it says that it cannot be done in Safe Mode. So, I am stuck. I have IE 8, and God knows what other out of date Windows programs on here. Technically, every Windows program, short of the Windows Update Agent, is out of date. I check for installed updates, and it says 2 of them. Hotfix for Microsoft Windows (KB2534111), installed on 4/17/16, and Update for Microsoft Windows (KB976902), installed on 11/20/2010. On a separate page of updates, it only shows Windows Update Agent 7.6.7600.320.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users