TechSpot

Computer shuts-down when i run Avira

By rafaafar
Oct 16, 2016
  1. Hi, so everytime I run software to get rid malware my computer abruptly shuts off. I tried several anti malware software and eventually got frustrated so I decided to reinstall windows 7. When I re-downloaded and ran Avira the problem still persisted. I've been looking through the forum here to find ways to fix my computer so I may have made the problem worse and I apologize in advance if I made this harder to fix, I just recently found this website/community and I didn't want to be a bother without trying to solve the problem myself.

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2016
    Ran by Compu (administrator) on COMPU-PC (16-10-2016 16:51:09)
    Running from C:\Users\Compu\Downloads
    Loaded Profiles: Compu (Available Profiles: Compu)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
    (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
    HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
    HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
    HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61648 2016-09-26] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917584 2016-09-27] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4240684613-2426197484-500059973-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{37537371-079B-4CF8-A894-B1831F444846}: [DhcpNameServer] 192.168.1.250
    Tcpip\..\Interfaces\{85E5FA87-F213-4509-8EF1-252F0CBF177E}: [DhcpNameServer] 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-4240684613-2426197484-500059973-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4240684613-2426197484-500059973-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4240684613-2426197484-500059973-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Compu\AppData\Roaming\Mozilla\Firefox\Profiles\7YSXLMIo.default [2016-10-15]
    FF Extension: (No Name) - C:\Users\Compu\AppData\Roaming\Mozilla\Firefox\Profiles\7YSXLMIo.default\Extensions\abs@avira.com [2016-10-15]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-15] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default [2016-10-16]
    CHR Extension: (Google Slides) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-15]
    CHR Extension: (Google Docs) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-15]
    CHR Extension: (Google Drive) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15]
    CHR Extension: (YouTube) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-15]
    CHR Extension: (Google Sheets) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-15]
    CHR Extension: (Google Docs Offline) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-15]
    CHR Extension: (AdBlock) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-15]
    CHR Extension: (Gmail) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-15]
    CHR Extension: (Chrome Media Router) - C:\Users\Compu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-15]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1086040 2016-09-27] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-09-27] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-09-27] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1489240 2016-09-27] (Avira Operations GmbH & Co. KG)
    R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350584 2016-09-26] (Avira Operations GmbH & Co. KG)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [177432 2016-09-27] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145536 2016-09-27] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-09-27] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-09-27] (Avira Operations GmbH & Co. KG)
    R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [31720 2016-09-27] (Avira Operations GmbH & Co. KG)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-16] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-10-16] ()
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-16 16:51 - 2016-10-16 16:51 - 00015482 _____ C:\Users\Compu\Downloads\FRST.txt
    2016-10-16 16:50 - 2016-10-16 16:51 - 00000000 ____D C:\FRST
    2016-10-16 16:50 - 2016-10-16 16:50 - 02406912 _____ (Farbar) C:\Users\Compu\Downloads\FRST64.exe
    2016-10-16 10:48 - 2016-10-16 10:49 - 00165854 _____ C:\Windows\ntbtlog.txt
    2016-10-16 10:35 - 2016-10-16 10:35 - 00004768 _____ C:\ProgramData\SMRResults501.dat
    2016-10-16 09:19 - 2016-10-16 09:19 - 00000000 ____D C:\Users\Compu\AppData\Roaming\Avira
    2016-10-16 09:17 - 2016-09-27 14:19 - 00031720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
    2016-10-16 09:16 - 2016-09-27 14:19 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
    2016-10-16 09:16 - 2016-09-27 14:19 - 00145536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2016-10-16 09:16 - 2016-09-27 14:19 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
    2016-10-16 09:16 - 2016-09-27 14:19 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
    2016-10-16 09:11 - 2016-10-16 09:11 - 00016934 _____ C:\ComboFix.txt
    2016-10-16 09:02 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-10-16 09:02 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-10-16 09:02 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-10-16 09:02 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-10-16 09:02 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-10-16 09:02 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
    2016-10-16 09:02 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
    2016-10-16 09:02 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
    2016-10-16 08:58 - 2016-10-16 09:11 - 00000000 ____D C:\Qoobox
    2016-10-16 08:58 - 2016-10-16 09:09 - 00000000 ____D C:\Windows\erdnt
    2016-10-16 00:43 - 2016-10-16 07:41 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-10-15 23:51 - 2016-10-15 23:51 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-10-15 23:51 - 2016-10-15 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-10-15 23:51 - 2016-10-15 23:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-10-15 23:51 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-10-15 23:51 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-10-15 17:17 - 2016-10-15 17:17 - 00000000 ____D C:\Users\Compu\AppData\LocalLow\Adobe
    2016-10-15 17:17 - 2016-10-15 17:17 - 00000000 ____D C:\Users\Compu\AppData\Local\Adobe
    2016-10-15 17:16 - 2016-10-15 17:16 - 00098562 _____ C:\Users\Compu\Documents\Amazon.pdf
    2016-10-15 15:18 - 2016-10-16 15:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-10-15 15:18 - 2016-10-15 23:51 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-10-15 15:18 - 2016-10-15 15:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-10-15 15:03 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-10-15 14:44 - 2016-10-15 14:54 - 00000000 ____D C:\ProgramData\Auslogics
    2016-10-15 14:23 - 2016-10-16 10:34 - 00000000 ____D C:\Users\Compu\AppData\Local\NPE
    2016-10-15 14:23 - 2016-10-15 14:23 - 00000000 ____D C:\ProgramData\Norton
    2016-10-15 13:58 - 2016-10-15 13:58 - 00000000 ____D C:\Users\Compu\AppData\Roaming\Mozilla
    2016-10-15 13:57 - 2016-10-15 13:57 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
    2016-10-15 13:57 - 2016-10-15 13:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
    2016-10-15 13:57 - 2012-07-25 21:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
    2016-10-15 13:57 - 2012-07-25 21:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
    2016-10-15 13:57 - 2012-07-25 19:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
    2016-10-15 13:57 - 2012-06-02 07:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2016-10-15 12:47 - 2016-10-15 12:47 - 00000000 ____D C:\e8fc6abcc6adb4d04a
    2016-10-15 12:42 - 2016-10-16 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2016-10-15 12:42 - 2016-10-16 09:16 - 00000000 ____D C:\ProgramData\Avira
    2016-10-15 12:42 - 2016-10-16 09:16 - 00000000 ____D C:\Program Files (x86)\Avira
    2016-10-15 12:42 - 2016-10-15 12:42 - 00000000 ____D C:\ProgramData\Package Cache
    2016-10-15 12:35 - 2016-10-15 12:35 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-10-15 12:35 - 2016-10-15 12:35 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-10-15 12:34 - 2016-10-16 16:40 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-15 12:34 - 2016-10-16 15:49 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-15 12:34 - 2016-10-15 12:50 - 00000000 ____D C:\Users\Compu\AppData\Local\Google
    2016-10-15 12:34 - 2016-10-15 12:35 - 00000000 ____D C:\Program Files (x86)\Google
    2016-10-15 12:34 - 2016-10-15 12:34 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-10-15 12:34 - 2016-10-15 12:34 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-10-15 12:34 - 2016-10-15 12:34 - 00000000 ____D C:\Users\Compu\AppData\Local\Deployment
    2016-10-15 12:34 - 2016-10-15 12:34 - 00000000 ____D C:\Users\Compu\AppData\Local\Apps\2.0
    2016-10-15 12:31 - 2016-10-16 15:50 - 00000000 ____D C:\ProgramData\clear.fi
    2016-10-15 12:31 - 2016-10-15 17:17 - 00000000 ____D C:\Users\Compu\AppData\Roaming\Adobe
    2016-10-15 12:27 - 2016-10-15 12:27 - 00000000 ____D C:\Windows\NAPP_Dism_Log
    2016-10-15 12:25 - 2016-10-15 12:25 - 00000000 ____D C:\Users\Compu\AppData\Local\EgisTec IPS
    2016-10-15 12:19 - 2016-10-15 12:19 - 00001447 _____ C:\Users\Compu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-10-15 12:19 - 2016-10-15 12:19 - 00001413 _____ C:\Users\Compu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2016-10-15 12:16 - 2016-10-15 12:18 - 00000000 ____D C:\Users\Compu\AppData\Local\PowerCinema
    2016-10-15 12:16 - 2016-10-15 12:16 - 00059968 _____ C:\Users\Compu\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-10-15 12:16 - 2016-10-15 12:16 - 00000000 ____D C:\Users\Compu\AppData\Roaming\CyberLink
    2016-10-15 12:16 - 2016-10-15 12:16 - 00000000 ____D C:\Users\Compu\AppData\Local\Acer
    2016-10-15 12:16 - 2016-10-15 12:16 - 00000000 ____D C:\ProgramData\OEM_E471269A730D
    2016-10-15 12:16 - 2016-10-15 12:16 - 00000000 ____D C:\Program Files (x86)\OEM
    2016-10-15 12:16 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-10-15 12:16 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-10-15 12:16 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-10-15 12:16 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-10-15 12:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-10-15 12:16 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-10-15 12:16 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2016-10-15 12:16 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2016-10-15 12:16 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2016-10-15 12:16 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-10-15 12:16 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-10-15 12:16 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-10-15 12:16 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-10-15 12:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-10-15 12:15 - 2016-10-15 12:19 - 00000000 ____D C:\Users\Compu
    2016-10-15 12:15 - 2016-10-15 12:15 - 00000020 ___SH C:\Users\Compu\ntuser.ini
    2016-10-15 12:15 - 2016-10-15 12:15 - 00000000 _SHDL C:\Users\Compu\My Documents
    2016-10-15 12:15 - 2016-10-15 12:15 - 00000000 _SHDL C:\Users\Compu\Documents\My Videos
    2016-10-15 12:15 - 2016-10-15 12:15 - 00000000 _SHDL C:\Users\Compu\Documents\My Pictures
    2016-10-15 12:15 - 2016-10-15 12:15 - 00000000 _SHDL C:\Users\Compu\Documents\My Music
    2016-10-15 12:15 - 2016-10-15 12:15 - 00000000 ____D C:\Users\Compu\AppData\Local\VirtualStore
    2016-10-15 12:15 - 2012-04-05 02:33 - 00000000 ____D C:\Users\Compu\AppData\Roaming\Macromedia
    2016-10-15 12:15 - 2010-11-21 00:16 - 00000000 ____D C:\Users\Compu\AppData\Roaming\Media Center Programs
    2016-10-15 11:53 - 2016-10-15 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
    2016-10-15 11:53 - 2016-10-15 11:53 - 00000000 ____D C:\Program Files (x86)\Barnes & Noble
    2016-10-15 11:52 - 2016-10-15 11:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
    2016-10-15 11:48 - 2016-10-15 11:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
    2016-10-15 11:48 - 2016-10-15 11:49 - 00000000 ____D C:\ProgramData\CLSK
    2016-10-15 11:48 - 2016-10-15 11:48 - 00003418 _____ C:\Windows\System32\Tasks\clear.fi
    2016-10-15 11:48 - 2016-10-15 11:48 - 00003366 _____ C:\Windows\System32\Tasks\DMREngine
    2016-10-15 11:48 - 2016-10-15 11:48 - 00003348 _____ C:\Windows\System32\Tasks\clear.fiAgent
    2016-10-15 11:48 - 2016-10-15 11:48 - 00000000 ____D C:\Program Files (x86)\Cyberlink
    2016-10-15 11:47 - 2016-10-16 16:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-10-15 11:47 - 2016-10-16 16:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-10-15 11:47 - 2016-10-15 11:52 - 00000000 ____D C:\ProgramData\Temp
    2016-10-15 11:47 - 2016-10-15 11:49 - 00000000 ____D C:\ProgramData\CyberLink
    2016-10-15 11:47 - 2016-10-15 11:47 - 00417440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-10-15 11:47 - 2016-10-15 11:47 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-15 11:47 - 2016-10-15 11:47 - 00000000 ____D C:\ProgramData\NTI Launcher
    2016-10-15 11:47 - 2016-10-15 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
    2016-10-15 11:46 - 2016-10-15 11:46 - 00000000 ____D C:\ProgramData\FLEXnet
    2016-10-15 11:45 - 2016-10-15 11:45 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
    2016-10-15 11:45 - 2016-10-15 11:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-10-15 11:43 - 2016-10-15 12:16 - 00000000 ____D C:\Program Files\Preload
    2016-10-15 11:43 - 2016-10-15 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
    2016-10-15 11:41 - 2016-10-15 11:41 - 00000000 ____D C:\Program Files\Elantech
    2016-10-15 11:38 - 2016-10-15 11:38 - 00000000 ___HD C:\Program Files (x86)\Temp
    2016-10-15 11:38 - 2016-10-15 11:38 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
    2016-10-15 11:38 - 2016-10-15 11:38 - 00000000 ____D C:\Program Files\Realtek
    2016-10-15 11:38 - 2012-02-07 22:32 - 00115256 _____ C:\Windows\system32\Drivers\RtPCEE4.DAT
    2016-10-15 11:38 - 2012-02-06 03:41 - 04740456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2016-10-15 11:38 - 2012-02-05 23:45 - 02528832 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2016-10-15 11:38 - 2012-02-05 19:55 - 03846248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
    2016-10-15 11:38 - 2012-02-03 03:16 - 00227876 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2016-10-15 11:38 - 2012-02-02 20:33 - 02728960 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2016-10-15 11:38 - 2012-01-31 02:32 - 02652264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2016-10-15 11:38 - 2012-01-29 20:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2016-10-15 11:38 - 2012-01-23 07:30 - 00537456 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2016-10-15 11:38 - 2012-01-23 07:30 - 00524656 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2016-10-15 11:38 - 2012-01-23 07:30 - 00449392 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2016-10-15 11:38 - 2012-01-09 23:48 - 00958296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2016-10-15 11:38 - 2012-01-09 19:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2016-10-15 11:38 - 2011-12-22 22:30 - 00823912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2016-10-15 11:38 - 2011-12-20 00:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2016-10-15 11:38 - 2011-12-19 14:43 - 00220776 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2016-10-15 11:38 - 2011-12-18 02:58 - 05996376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
    2016-10-15 11:38 - 2011-12-18 02:58 - 02603864 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
    2016-10-15 11:38 - 2011-12-18 02:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
    2016-10-15 11:38 - 2011-12-18 02:58 - 01247576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2016-10-15 11:38 - 2011-12-14 21:39 - 00100968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2016-10-15 11:38 - 2011-12-13 01:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2016-10-15 11:38 - 2011-12-12 20:01 - 01698408 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2016-10-15 11:38 - 2011-11-22 01:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2016-10-15 11:38 - 2011-09-26 07:41 - 00000024 _____ C:\Windows\system32\Drivers\rtkhdaud.dat
    2016-10-15 11:38 - 2011-09-01 23:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2016-10-15 11:38 - 2011-09-01 23:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2016-10-15 11:38 - 2011-09-01 23:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2016-10-15 11:38 - 2011-08-23 02:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2016-10-15 11:38 - 2011-07-22 04:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2016-10-15 11:38 - 2011-05-30 18:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2016-10-15 11:38 - 2011-05-01 23:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2016-10-15 11:38 - 2011-05-01 23:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2016-10-15 11:38 - 2011-05-01 23:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2016-10-15 11:38 - 2011-05-01 23:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2016-10-15 11:38 - 2011-05-01 23:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2016-10-15 11:38 - 2011-03-16 21:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2016-10-15 11:38 - 2011-03-07 02:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2016-10-15 11:38 - 2010-11-07 16:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2016-10-15 11:38 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2016-10-15 11:38 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2016-10-15 11:38 - 2010-11-07 16:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2016-10-15 11:38 - 2010-11-07 16:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2016-10-15 11:38 - 2010-11-07 16:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2016-10-15 11:38 - 2010-11-03 03:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2016-10-15 11:38 - 2010-10-02 22:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2016-10-15 11:38 - 2010-09-26 18:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2016-10-15 11:38 - 2010-09-23 02:21 - 00039672 _____ C:\Windows\system32\Drivers\RtPCEE3.DAT
    2016-10-15 11:38 - 2010-07-22 01:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
    2016-10-15 11:38 - 2010-07-22 01:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2016-10-15 11:38 - 2010-05-06 02:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2016-10-15 11:38 - 2010-03-21 22:21 - 00247560 _____ C:\Windows\system32\Drivers\RTConvEQ.dat
    2016-10-15 11:38 - 2010-03-21 22:21 - 00001448 _____ C:\Windows\system32\Drivers\RtHdatEx.dat
    2016-10-15 11:38 - 2010-02-11 00:45 - 00000176 _____ C:\Windows\system32\Drivers\RTHDAEQ1.dat
    2016-10-15 11:38 - 2010-01-26 06:52 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX3.dat
    2016-10-15 11:38 - 2009-12-23 08:26 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX0.dat
    2016-10-15 11:38 - 2009-11-23 18:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2016-10-15 11:38 - 2009-11-23 18:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2016-10-15 11:38 - 2009-11-23 18:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2016-10-15 11:38 - 2009-11-23 18:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2016-10-15 11:38 - 2009-11-17 03:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2016-10-15 11:38 - 2008-08-20 22:43 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX2.dat
    2016-10-15 11:38 - 2005-06-26 14:29 - 00000520 _____ C:\Windows\system32\Drivers\RTEQEX1.dat
    2016-10-15 11:37 - 2016-10-15 11:37 - 00015698 _____ C:\Windows\results.xml
    2016-10-15 11:37 - 2016-10-15 11:37 - 00000000 ____D C:\Program Files\Intel
    2016-10-15 11:36 - 2016-10-15 11:36 - 00000184 _____ C:\Windows\LMv4.UNI
    2016-10-15 11:36 - 2016-10-15 11:36 - 00000000 ____D C:\Program Files (x86)\Launch Manager
    2016-10-15 11:35 - 2016-10-15 11:35 - 00000000 ____D C:\Program Files\Common Files\Intel
    2016-10-15 11:33 - 2016-10-15 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
    2016-10-15 11:33 - 2016-10-15 11:33 - 00000000 ____D C:\ProgramData\EgisTec
    2016-10-15 11:33 - 2016-10-15 11:33 - 00000000 ____D C:\book

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-10-16 15:57 - 2009-07-13 21:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-16 15:57 - 2009-07-13 21:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-16 15:54 - 2009-07-13 22:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-10-16 15:54 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2016-10-16 15:49 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-16 09:08 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
    2016-10-15 18:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\security
    2016-10-15 18:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Registration
    2016-10-15 18:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
    2016-10-15 12:29 - 2012-04-05 02:14 - 00000000 ____D C:\ProgramData\McAfee
    2016-10-15 12:29 - 2012-04-05 02:14 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-10-15 12:24 - 2009-07-13 22:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
    2016-10-15 12:19 - 2012-04-05 02:25 - 00000000 ____D C:\ProgramData\oem
    2016-10-15 12:18 - 2012-04-05 02:03 - 00000000 ____D C:\OEM
    2016-10-15 12:15 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
    2016-10-15 12:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2016-10-15 12:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
    2016-10-15 12:09 - 2007-07-11 18:49 - 00000000 ____D C:\Windows\Panther
    2016-10-15 11:55 - 2012-04-05 02:16 - 00000000 ____D C:\Program Files (x86)\Acer
    2016-10-15 11:53 - 2012-04-05 02:16 - 00000000 ____D C:\Program Files\Acer
    2016-10-15 11:53 - 2012-04-05 01:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-10-15 11:52 - 2012-04-05 02:24 - 00000000 ____D C:\ProgramData\EgisTec IPS
    2016-10-15 11:47 - 2012-04-05 02:32 - 00070304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-15 11:46 - 2012-04-05 02:28 - 00000000 ____D C:\Program Files (x86)\NTI
    2016-10-15 11:38 - 2012-04-05 01:29 - 00000000 ____D C:\Program Files (x86)\Realtek
    2016-10-15 11:35 - 2012-04-05 01:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2016-10-15 11:35 - 2012-04-05 01:27 - 00000000 ____D C:\Program Files (x86)\Intel
    2016-10-15 11:35 - 2012-04-05 01:27 - 00000000 ____D C:\Intel
    2016-10-15 11:33 - 2011-02-11 20:12 - 00000000 ____D C:\Windows\DeployWinRE2
    2016-10-15 11:30 - 2009-07-13 21:45 - 00282960 _____ C:\Windows\system32\FNTCACHE.DAT

    ==================== Files in the root of some directories =======

    2016-10-15 11:47 - 2016-10-15 11:49 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
    2016-10-16 10:35 - 2016-10-16 10:35 - 0004768 _____ () C:\ProgramData\SMRResults501.dat

    Files to move or delete:
    ====================
    C:\ProgramData\SMRResults501.dat


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2012-04-05 01:12

    ==================== End of FRST.txt ============================
    .
     
  2. rafaafar

    rafaafar TS Rookie Topic Starter

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2016
    Ran by Compu (16-10-2016 16:51:57)
    Running from C:\Users\Compu\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2016-10-15 19:15:35)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4240684613-2426197484-500059973-500 - Administrator - Disabled)
    Compu (S-1-5-21-4240684613-2426197484-500059973-1001 - Administrator - Enabled) => C:\Users\Compu
    Guest (S-1-5-21-4240684613-2426197484-500059973-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4240684613-2426197484-500059973-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
    Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
    Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
    Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.222 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.22.54 - Avira Operations GmbH & Co. KG)
    Avira Connect (HKLM-x32\...\{ee247a19-722f-4096-884b-47ec3b7ec396}) (Version: 1.2.73.15322 - Avira Operations GmbH & Co. KG)
    Avira Connect (x32 Version: 1.2.73.15322 - Avira Operations GmbH & Co. KG) Hidden
    Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
    Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
    clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
    clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
    clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
    clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
    ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
    Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
    Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
    Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.59 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
    MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
    newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
    newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
    NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
    NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
    NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
    Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
    Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
    WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {3CB4967B-3B56-434C-A309-9E5C308436B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
    Task: {4DD9239E-DA64-4CBB-8967-A76CB2276A70} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
    Task: {54A6877E-CF4F-42AA-BFF5-13A7B8161A11} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
    Task: {5507AD76-28CB-4616-A7F0-DD63D6CD8010} - \SidebarExecute -> No File <==== ATTENTION
    Task: {7FBB7FC8-A78C-4DFE-92BB-78456B511429} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
    Task: {8B09E09F-ECB0-41FA-8D71-EE799EDEA038} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
    Task: {CA13506D-E4C0-4FA2-AC37-AF7989291C44} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-15] (Adobe Systems Incorporated)
    Task: {E3272247-110B-4C8A-9C95-E37602617AA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
    Task: {FC9BA497-7396-47BA-93B5-A462A10C7BA6} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
    Task: {FFFB5B23-4DF1-4F2C-9314-C3E943978221} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
    2016-10-15 12:35 - 2016-10-11 22:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\libglesv2.dll
    2016-10-15 12:35 - 2016-10-11 22:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.59\libegl.dll
    2016-10-15 12:45 - 2016-09-30 10:54 - 31064768 _____ () C:\Users\Compu\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.185\pepflashplayer.dll
    2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
    2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
    2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
    2016-09-26 08:55 - 2016-09-26 08:55 - 00255952 _____ () C:\Program Files (x86)\Avira\Launcher\System.ComponentModel.Composition.dll
    2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
    2012-04-05 01:27 - 2012-04-05 01:27 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5a083ff46f3b3440fe4d35ce40b66443\IsdiInterop.ni.dll
    2012-04-05 01:27 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2016-10-16 09:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4240684613-2426197484-500059973-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Compu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{BFED4FE2-A4D6-454F-A8C3-C41C6F5B8E44}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{60A8480A-142D-42BD-A432-3F8728ADBF88}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{8547A016-CFB0-4078-A2C2-FBF9A4E45F32}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{BA61FB75-EDB2-4BCE-B8CD-83654220671F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{9A94FEBB-8D73-489E-A76B-848109C5498A}] => (Allow) LPort=2869
    FirewallRules: [{F6E5AE2B-2774-44C2-B952-69149CE1A47C}] => (Allow) LPort=1900
    FirewallRules: [{DE664FCB-09B2-4E2A-BB7B-082056F65CBA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{EAC1C190-F2D4-4F5A-A27B-3E8EBC428113}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{9B5E14BE-9726-4241-B921-4503A22F62C6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
    FirewallRules: [{B2EB161F-FC38-45F6-B4A8-496E03237B42}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    FirewallRules: [{8B080676-91C3-45C8-BD2A-1478249A996E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{79C2F18B-2884-4D4C-8512-D829E54F4ECF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
    FirewallRules: [{59D89784-58A6-4ADE-806E-BB2685992FAB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
    FirewallRules: [{1697A750-56EF-4D37-90A2-079D47234467}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
    FirewallRules: [{10C7B3DE-9BEF-4945-81B1-D0A72B2A2B73}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
    FirewallRules: [{1DF17E4B-5D5F-44CE-8535-7C8F6A447985}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
    FirewallRules: [{1BEDF9B5-AC4E-407A-A4C4-6EADEE648EF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    15-10-2016 12:15:47 Windows Update
    16-10-2016 08:45:23 JRT Pre-Junkware Removal
    16-10-2016 10:33:55 Norton_Power_Eraser_20161016103351574

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/16/2016 03:50:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 01:42:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 12:10:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 11:57:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 10:58:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 10:50:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 10:36:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 10:30:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 09:58:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/16/2016 09:44:14 AM) (Source: VSS) (EventID: 12298) (User: )
    Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume C:\.
    The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
    ], Flush[0x00000000, The operation completed successfully.
    ], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
    ], OnRun[0x00000000, The operation completed successfully.
    ].


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet


    System errors:
    =============
    Error: (10/16/2016 03:50:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (10/16/2016 03:49:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (10/16/2016 03:49:21 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 2:20:03 PM on ‎10/‎16/‎2016 was unexpected.

    Error: (10/16/2016 01:43:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (10/16/2016 01:42:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (10/16/2016 01:42:07 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:24:08 PM on ‎10/‎16/‎2016 was unexpected.

    Error: (10/16/2016 12:11:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (10/16/2016 12:10:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (10/16/2016 12:10:12 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:05:55 PM on ‎10/‎16/‎2016 was unexpected.

    Error: (10/16/2016 11:57:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom


    CodeIntegrity:
    ===================================
    Date: 2016-10-16 09:07:47.299
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-10-16 09:07:47.268
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
    Percentage of memory in use: 60%
    Total physical RAM: 7862.7 MB
    Available physical RAM: 3113.35 MB
    Total Virtual: 15723.59 MB
    Available Virtual: 10876.37 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:404.63 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 37220D56)
    Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Since you reinstalled Windows I don't see how it could be still infected.
    I suggest trying some other AV program.
    Uninstall Avira and...

    Install ONE of these:

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    Note for Windows 8 and 10 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
    You can keep it or you have to disable it before installing another AV program. How to...

    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Update, run full scan, report on any findings.

    Good luck :)
     
  4. rafaafar

    rafaafar TS Rookie Topic Starter

    Hey so when I ran comodo it found one threat

    TrojWare.Win32.TorjanDownloader.Upatre.EBO@362020340
    C:\Program Files (x86)\NTI\NTI Media Maker 9\Live Update\INstaller.exe

    Its strange since sometimes my laptop turned off by itself even when I didn't run avira (after I reinstalled windows) and that didn't happen before, I do notice that my laptop gets really warm so maybe its overheating. Im not quite sure what the problem is or if there is a problem.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    It looks like false positive to me.
    As for your other questions I suggest new topic in Windows forum.
     
  6. rafaafar

    rafaafar TS Rookie Topic Starter

    Okay thanks.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    You're very welcome [​IMG]
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...