Symptoms:
1) Very fast computer (bought so my son could play games) suddenly really slowed down Saturday
2) When I was working with files (editing videos) Saturday night I noticed that files started being sent into my recycle bin "on their own"
3) also started getting administrator consent requests to delete the entire contents of my hard drives -- naturally I said no
4) when looking at a file mysteriously moved into my recycle bin, and trying to restore it, instead got a barrage of the same popup asking if I was sure I wanted to permanently delete that file
5) Ran malwarebytes and Windows Defender in normal mode -- nothing
6) Ran Defender in safe mode -- nothing
7) downloaded Avira and ran it in normal mode -- one piece of adware which was quarantined
8) The deletion has stopped but the computer still runs very slowly. Also the PC sometimes randomly starts "powerdirector" without my intervention.
Thank you in advance.
FRST64 log (because DDS "will not run in compatibility mode")
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Lawrence (administrator) on SABERTOOTHZ97 (24-02-2016 22:31:35)
Running from C:\Users\Lawrence\Desktop
Loaded Profiles: Lawrence & (Available Profiles: Lawrence & Alex)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [804168 2016-02-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14960 2016-02-01] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 167.206.10.178 167.206.10.179
Tcpip\..\Interfaces\{09064FEB-F4F7-44FC-B44B-9115B27931CB}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{09064FEB-F4F7-44FC-B44B-9115B27931CB}: [DhcpNameServer] 167.206.10.178 167.206.10.179
Internet Explorer:
==================
HKU\S-1-5-21-2898730217-3902260506-2628214603-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-2898730217-3902260506-2628214603-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF ProfilePath: C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2898730217-3902260506-2628214603-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-01-03] ()
FF Extension: Avira Browser Safety - C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default\Extensions\abs@avira.com.xpi [2016-02-20]
FF Extension: Video DownloadHelper - C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-19]
Chrome:
=======
CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-21]
CHR Extension: (Google Docs Offline) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2016-02-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1417592 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-04] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24224 2016-02-01] (Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 61883; C:\Windows\System32\drivers\61883.sys [59904 2013-08-22] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2016-02-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146704 2016-02-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2016-02-17] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 22:30 - 2016-02-24 22:30 - 02371072 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST64.exe
2016-02-24 22:19 - 2016-02-24 22:19 - 00688992 _____ (Swearware) C:\Users\Lawrence\Desktop\dds.scr
2016-02-24 20:01 - 2016-02-24 20:01 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lawrence\Downloads\avira_en_asu60_3014771554_opgyxyv4bf80vlrypg46_wd.exe
2016-02-24 20:01 - 2016-02-24 20:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-24 19:54 - 2016-02-24 20:10 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-02-24 19:54 - 2016-02-24 19:54 - 00003364 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray
2016-02-24 19:54 - 2016-02-24 19:54 - 00001159 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-02-24 19:54 - 2016-02-24 19:54 - 00000000 ____D C:\Users\Lawrence\AppData\Local\AviraSpeedup
2016-02-24 19:54 - 2016-02-24 19:54 - 00000000 ____D C:\Users\Lawrence\AppData\Local\Avira
2016-02-24 19:42 - 2016-02-24 19:42 - 02491264 _____ C:\Users\Lawrence\Downloads\GwxControlPanelSetup (1).exe
2016-02-24 19:42 - 2016-02-24 19:42 - 00001094 _____ C:\Users\Public\Desktop\GWX Control Panel.lnk
2016-02-24 19:42 - 2016-02-24 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2016-02-24 19:42 - 2016-02-24 19:42 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider
2016-02-24 19:41 - 2016-02-24 19:41 - 02491264 _____ C:\Users\Lawrence\Downloads\GwxControlPanelSetup.exe
2016-02-23 21:09 - 2016-02-23 21:09 - 00000000 ____D C:\Windows\system32\appmgmt
2016-02-21 23:12 - 2016-02-21 23:12 - 00000000 ____D C:\Users\Lawrence\Desktop\beekibeads
2016-02-21 16:00 - 2016-02-21 16:00 - 00509440 _____ (Tech Support Guy System) C:\Users\Lawrence\Downloads\SysInfo.exe
2016-02-21 15:54 - 2016-02-21 15:54 - 00002232 _____ C:\Users\Lawrence\Desktop\aswMBR.txt
2016-02-21 15:54 - 2016-02-21 15:54 - 00000512 _____ C:\Users\Lawrence\Desktop\MBR.dat
2016-02-21 14:53 - 2016-02-21 14:53 - 05198336 _____ (AVAST Software) C:\Users\Lawrence\Desktop\aswMBR.exe
2016-02-21 14:51 - 2016-02-21 14:52 - 00035050 _____ C:\Users\Lawrence\Desktop\Addition.txt
2016-02-21 14:50 - 2016-02-24 22:31 - 00015342 _____ C:\Users\Lawrence\Desktop\FRST.txt
2016-02-21 14:50 - 2016-02-24 22:31 - 00000000 ____D C:\FRST
2016-02-21 13:57 - 2016-02-21 13:59 - 14830935 _____ C:\Users\Lawrence\Downloads\480P_600K_69180901.mp4
2016-02-20 22:07 - 2016-02-20 22:07 - 00000000 ____D C:\Users\Lawrence\AppData\Roaming\Avira
2016-02-20 22:02 - 2016-02-17 08:41 - 00146704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-02-20 21:58 - 2016-02-24 20:02 - 00001226 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-02-20 21:58 - 2016-02-24 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-20 21:57 - 2016-02-24 19:54 - 00000000 ____D C:\ProgramData\Avira
2016-02-20 21:57 - 2016-02-24 19:54 - 00000000 ____D C:\Program Files (x86)\Avira
2016-02-20 21:57 - 2016-02-20 21:57 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lawrence\Downloads\avira_en_av_56c92773e0498__ws.exe
2016-02-20 15:35 - 2016-02-20 15:35 - 00001155 _____ C:\Users\Lawrence\Downloads\vl_480P_505.0k_57627851.mp4
2016-02-14 18:19 - 2016-02-14 18:20 - 13554380 _____ C:\Users\Lawrence\Downloads\vl_240P_294.0k_33149891.mp4
2016-02-14 18:18 - 2016-02-14 18:21 - 28207317 _____ C:\Users\Lawrence\Downloads\vl_480P_378.0k_37989471.mp4
2016-02-13 15:02 - 2016-02-13 15:22 - 00002750 _____
2016-02-11 21:24 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 21:24 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 21:24 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 21:24 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 21:24 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 21:24 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 21:24 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 20:40 - 2016-01-22 03:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 20:40 - 2016-01-22 02:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 20:40 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 20:40 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 20:40 - 2016-01-22 01:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 20:40 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 20:40 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 20:40 - 2016-01-22 00:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-10 20:40 - 2016-01-22 00:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 20:40 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 20:40 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 20:40 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 20:40 - 2016-01-22 00:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 20:40 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 20:40 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 20:40 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 20:40 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 20:40 - 2016-01-22 00:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-10 20:40 - 2016-01-22 00:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-10 20:40 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 20:40 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 20:40 - 2016-01-22 00:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-10 20:40 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 20:40 - 2016-01-22 00:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 20:40 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 20:40 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 20:40 - 2016-01-21 23:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 20:40 - 2016-01-19 14:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 20:40 - 2016-01-19 14:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 20:40 - 2016-01-19 14:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 20:40 - 2016-01-19 14:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 20:40 - 2016-01-19 14:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 20:40 - 2016-01-19 13:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 20:40 - 2016-01-19 12:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 20:40 - 2016-01-19 11:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-02-10 20:40 - 2016-01-14 20:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 20:40 - 2016-01-14 15:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 20:40 - 2016-01-10 14:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 20:40 - 2016-01-10 14:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 20:40 - 2016-01-10 13:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 20:40 - 2016-01-10 13:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 20:40 - 2016-01-10 13:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 20:40 - 2016-01-10 12:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-10 20:40 - 2016-01-10 12:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-10 20:40 - 2016-01-10 12:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 20:40 - 2016-01-10 12:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 20:40 - 2016-01-10 12:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-10 20:40 - 2016-01-10 12:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 20:40 - 2016-01-10 12:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 20:40 - 2016-01-10 12:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-10 20:40 - 2016-01-10 12:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 20:40 - 2016-01-10 11:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 20:40 - 2016-01-10 11:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-02-10 20:40 - 2016-01-10 11:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 20:40 - 2016-01-10 11:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 20:40 - 2016-01-10 11:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 20:40 - 2016-01-10 11:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 20:40 - 2016-01-10 11:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 20:40 - 2016-01-10 11:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 20:40 - 2016-01-10 11:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 20:40 - 2016-01-10 11:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-02-10 20:40 - 2016-01-10 11:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 20:40 - 2016-01-10 11:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 20:40 - 2016-01-10 11:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 20:40 - 2016-01-10 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 20:40 - 2016-01-10 11:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 20:40 - 2016-01-10 11:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 20:40 - 2016-01-10 11:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 20:40 - 2016-01-07 13:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 20:40 - 2016-01-06 13:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 20:40 - 2015-12-29 10:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 20:40 - 2015-12-29 10:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-02-10 20:40 - 2015-12-29 10:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-02-10 20:40 - 2015-12-29 10:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 20:40 - 2015-12-28 16:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-10 20:40 - 2015-12-28 15:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-10 20:40 - 2015-12-17 13:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 20:40 - 2015-12-17 11:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-06 02:20 - 2016-02-06 02:20 - 01117566 _____ C:\Users\Lawrence\Downloads\Ghoul_Turret_STLs.zip
2016-01-28 23:39 - 2016-01-28 23:39 - 59103114 _____
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 22:24 - 2014-10-04 20:26 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 22:17 - 2014-03-18 05:04 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-24 22:17 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-02-24 21:24 - 2014-10-04 20:26 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-24 21:18 - 2014-09-23 17:02 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2898730217-3902260506-2628214603-1001
2016-02-24 21:12 - 2014-09-23 17:09 - 00003814 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E6D0C200-9FE7-496D-8C5E-B6BCC5A71C4D}
2016-02-24 21:11 - 2014-10-11 06:49 - 00000000 ____D C:\Users\Lawrence\AppData\Roaming\HandBrake
2016-02-24 19:56 - 2016-01-01 19:07 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-02-24 19:56 - 2015-12-19 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-24 19:56 - 2015-12-09 18:07 - 00000000 ____D C:\Windows\Minidump
2016-02-24 19:56 - 2015-07-19 19:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\FEZ
2016-02-24 19:56 - 2014-10-04 17:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-24 19:56 - 2014-09-23 17:45 - 00000000 ____D C:\Windows\Panther
2016-02-24 19:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\MsDtc
2016-02-24 19:16 - 2014-10-16 23:18 - 00000000 ____D C:\Users\Lawrence\AppData\Local\Adobe
2016-02-24 19:14 - 2014-10-04 20:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-23 21:19 - 2014-09-23 17:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-23 21:19 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-20 21:27 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-20 15:26 - 2014-10-04 20:26 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 15:26 - 2014-10-04 20:26 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 14:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-02-14 18:44 - 2014-09-23 16:48 - 00000000 ____D C:\Users\Lawrence
2016-02-13 13:38 - 2013-08-22 09:44 - 00346856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 00:30 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-02-11 21:58 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-11 21:27 - 2014-12-10 00:44 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-11 21:26 - 2014-10-05 05:41 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 21:26 - 2014-03-18 04:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 21:24 - 2014-10-05 05:41 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 21:24 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-10 20:53 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-01 21:37 - 2013-08-22 10:38 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-01 21:37 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 21:19 - 2014-10-04 20:26 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 21:19 - 2014-10-04 20:26 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 00:02 - 2014-11-23 15:29 - 00001456 _____ C:\Users\Lawrence\AppData\Local\Adobe Save for Web 13.0 Prefs
==================== Files in the root of some directories =======
2014-11-11 14:18 - 2014-12-06 02:12 - 0000132 _____ () C:\Users\Lawrence\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-23 15:29 - 2016-01-29 00:02 - 0001456 _____ () C:\Users\Lawrence\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-11 05:27 - 2014-10-11 05:39 - 0000700 ___SH () C:\Users\Lawrence\AppData\Local\systemFL7.dat
2014-09-23 16:52 - 2014-09-23 16:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-10 21:20 - 2015-10-10 21:20 - 0005076 _____ () C:\ProgramData\vczcspay.tpu
Files to move or delete:
====================
C:\Users\Lawrence\PhotoshopElements_13_LS25_win64(2).exe
C:\Users\Lawrence\PhotoshopElements_13_LS25_win64.exe
Some files in TEMP:
====================
C:\Users\Lawrence\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-20 16:42
==================== End of FRST.txt ============================
1) Very fast computer (bought so my son could play games) suddenly really slowed down Saturday
2) When I was working with files (editing videos) Saturday night I noticed that files started being sent into my recycle bin "on their own"
3) also started getting administrator consent requests to delete the entire contents of my hard drives -- naturally I said no
4) when looking at a file mysteriously moved into my recycle bin, and trying to restore it, instead got a barrage of the same popup asking if I was sure I wanted to permanently delete that file
5) Ran malwarebytes and Windows Defender in normal mode -- nothing
6) Ran Defender in safe mode -- nothing
7) downloaded Avira and ran it in normal mode -- one piece of adware which was quarantined
8) The deletion has stopped but the computer still runs very slowly. Also the PC sometimes randomly starts "powerdirector" without my intervention.
Thank you in advance.
FRST64 log (because DDS "will not run in compatibility mode")
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Lawrence (administrator) on SABERTOOTHZ97 (24-02-2016 22:31:35)
Running from C:\Users\Lawrence\Desktop
Loaded Profiles: Lawrence & (Available Profiles: Lawrence & Alex)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [804168 2016-02-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14960 2016-02-01] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 167.206.10.178 167.206.10.179
Tcpip\..\Interfaces\{09064FEB-F4F7-44FC-B44B-9115B27931CB}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{09064FEB-F4F7-44FC-B44B-9115B27931CB}: [DhcpNameServer] 167.206.10.178 167.206.10.179
Internet Explorer:
==================
HKU\S-1-5-21-2898730217-3902260506-2628214603-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-2898730217-3902260506-2628214603-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF ProfilePath: C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2898730217-3902260506-2628214603-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-01-03] ()
FF Extension: Avira Browser Safety - C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default\Extensions\abs@avira.com.xpi [2016-02-20]
FF Extension: Video DownloadHelper - C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\mk2tpf0d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-19]
Chrome:
=======
CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-21]
CHR Extension: (Google Docs Offline) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2016-02-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1417592 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-04] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24224 2016-02-01] (Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 61883; C:\Windows\System32\drivers\61883.sys [59904 2013-08-22] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2016-02-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146704 2016-02-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2016-02-17] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-13] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 22:30 - 2016-02-24 22:30 - 02371072 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST64.exe
2016-02-24 22:19 - 2016-02-24 22:19 - 00688992 _____ (Swearware) C:\Users\Lawrence\Desktop\dds.scr
2016-02-24 20:01 - 2016-02-24 20:01 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lawrence\Downloads\avira_en_asu60_3014771554_opgyxyv4bf80vlrypg46_wd.exe
2016-02-24 20:01 - 2016-02-24 20:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-24 19:54 - 2016-02-24 20:10 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-02-24 19:54 - 2016-02-24 19:54 - 00003364 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray
2016-02-24 19:54 - 2016-02-24 19:54 - 00001159 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-02-24 19:54 - 2016-02-24 19:54 - 00000000 ____D C:\Users\Lawrence\AppData\Local\AviraSpeedup
2016-02-24 19:54 - 2016-02-24 19:54 - 00000000 ____D C:\Users\Lawrence\AppData\Local\Avira
2016-02-24 19:42 - 2016-02-24 19:42 - 02491264 _____ C:\Users\Lawrence\Downloads\GwxControlPanelSetup (1).exe
2016-02-24 19:42 - 2016-02-24 19:42 - 00001094 _____ C:\Users\Public\Desktop\GWX Control Panel.lnk
2016-02-24 19:42 - 2016-02-24 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2016-02-24 19:42 - 2016-02-24 19:42 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider
2016-02-24 19:41 - 2016-02-24 19:41 - 02491264 _____ C:\Users\Lawrence\Downloads\GwxControlPanelSetup.exe
2016-02-23 21:09 - 2016-02-23 21:09 - 00000000 ____D C:\Windows\system32\appmgmt
2016-02-21 23:12 - 2016-02-21 23:12 - 00000000 ____D C:\Users\Lawrence\Desktop\beekibeads
2016-02-21 16:00 - 2016-02-21 16:00 - 00509440 _____ (Tech Support Guy System) C:\Users\Lawrence\Downloads\SysInfo.exe
2016-02-21 15:54 - 2016-02-21 15:54 - 00002232 _____ C:\Users\Lawrence\Desktop\aswMBR.txt
2016-02-21 15:54 - 2016-02-21 15:54 - 00000512 _____ C:\Users\Lawrence\Desktop\MBR.dat
2016-02-21 14:53 - 2016-02-21 14:53 - 05198336 _____ (AVAST Software) C:\Users\Lawrence\Desktop\aswMBR.exe
2016-02-21 14:51 - 2016-02-21 14:52 - 00035050 _____ C:\Users\Lawrence\Desktop\Addition.txt
2016-02-21 14:50 - 2016-02-24 22:31 - 00015342 _____ C:\Users\Lawrence\Desktop\FRST.txt
2016-02-21 14:50 - 2016-02-24 22:31 - 00000000 ____D C:\FRST
2016-02-21 13:57 - 2016-02-21 13:59 - 14830935 _____ C:\Users\Lawrence\Downloads\480P_600K_69180901.mp4
2016-02-20 22:07 - 2016-02-20 22:07 - 00000000 ____D C:\Users\Lawrence\AppData\Roaming\Avira
2016-02-20 22:02 - 2016-02-17 08:41 - 00146704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-02-20 22:02 - 2016-02-17 08:41 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-02-20 21:58 - 2016-02-24 20:02 - 00001226 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-02-20 21:58 - 2016-02-24 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-20 21:57 - 2016-02-24 19:54 - 00000000 ____D C:\ProgramData\Avira
2016-02-20 21:57 - 2016-02-24 19:54 - 00000000 ____D C:\Program Files (x86)\Avira
2016-02-20 21:57 - 2016-02-20 21:57 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lawrence\Downloads\avira_en_av_56c92773e0498__ws.exe
2016-02-20 15:35 - 2016-02-20 15:35 - 00001155 _____ C:\Users\Lawrence\Downloads\vl_480P_505.0k_57627851.mp4
2016-02-14 18:19 - 2016-02-14 18:20 - 13554380 _____ C:\Users\Lawrence\Downloads\vl_240P_294.0k_33149891.mp4
2016-02-14 18:18 - 2016-02-14 18:21 - 28207317 _____ C:\Users\Lawrence\Downloads\vl_480P_378.0k_37989471.mp4
2016-02-13 15:02 - 2016-02-13 15:22 - 00002750 _____
2016-02-11 21:24 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 21:24 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 21:24 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 21:24 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 21:24 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 21:24 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 21:24 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 20:40 - 2016-01-22 03:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 20:40 - 2016-01-22 02:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 20:40 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 20:40 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 20:40 - 2016-01-22 01:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 20:40 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 20:40 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 20:40 - 2016-01-22 00:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-10 20:40 - 2016-01-22 00:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 20:40 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 20:40 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 20:40 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 20:40 - 2016-01-22 00:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 20:40 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 20:40 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 20:40 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 20:40 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 20:40 - 2016-01-22 00:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-10 20:40 - 2016-01-22 00:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-10 20:40 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 20:40 - 2016-01-22 00:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 20:40 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 20:40 - 2016-01-22 00:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-10 20:40 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 20:40 - 2016-01-22 00:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 20:40 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 20:40 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 20:40 - 2016-01-21 23:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 20:40 - 2016-01-19 14:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 20:40 - 2016-01-19 14:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 20:40 - 2016-01-19 14:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 20:40 - 2016-01-19 14:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 20:40 - 2016-01-19 14:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 20:40 - 2016-01-19 13:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 20:40 - 2016-01-19 13:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 20:40 - 2016-01-19 12:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 20:40 - 2016-01-19 11:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-02-10 20:40 - 2016-01-14 20:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 20:40 - 2016-01-14 15:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 20:40 - 2016-01-14 15:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 20:40 - 2016-01-10 14:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 20:40 - 2016-01-10 14:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 20:40 - 2016-01-10 13:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 20:40 - 2016-01-10 13:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 20:40 - 2016-01-10 13:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 20:40 - 2016-01-10 12:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-10 20:40 - 2016-01-10 12:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-10 20:40 - 2016-01-10 12:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 20:40 - 2016-01-10 12:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 20:40 - 2016-01-10 12:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-10 20:40 - 2016-01-10 12:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 20:40 - 2016-01-10 12:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 20:40 - 2016-01-10 12:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-10 20:40 - 2016-01-10 12:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 20:40 - 2016-01-10 11:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 20:40 - 2016-01-10 11:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-02-10 20:40 - 2016-01-10 11:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 20:40 - 2016-01-10 11:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 20:40 - 2016-01-10 11:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 20:40 - 2016-01-10 11:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 20:40 - 2016-01-10 11:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 20:40 - 2016-01-10 11:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 20:40 - 2016-01-10 11:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 20:40 - 2016-01-10 11:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-02-10 20:40 - 2016-01-10 11:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 20:40 - 2016-01-10 11:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 20:40 - 2016-01-10 11:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 20:40 - 2016-01-10 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 20:40 - 2016-01-10 11:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 20:40 - 2016-01-10 11:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 20:40 - 2016-01-10 11:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 20:40 - 2016-01-07 13:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 20:40 - 2016-01-06 13:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 20:40 - 2015-12-29 10:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 20:40 - 2015-12-29 10:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-02-10 20:40 - 2015-12-29 10:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-02-10 20:40 - 2015-12-29 10:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 20:40 - 2015-12-28 16:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-10 20:40 - 2015-12-28 15:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-10 20:40 - 2015-12-17 13:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 20:40 - 2015-12-17 11:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-06 02:20 - 2016-02-06 02:20 - 01117566 _____ C:\Users\Lawrence\Downloads\Ghoul_Turret_STLs.zip
2016-01-28 23:39 - 2016-01-28 23:39 - 59103114 _____
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 22:24 - 2014-10-04 20:26 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 22:17 - 2014-03-18 05:04 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-24 22:17 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-02-24 21:24 - 2014-10-04 20:26 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-24 21:18 - 2014-09-23 17:02 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2898730217-3902260506-2628214603-1001
2016-02-24 21:12 - 2014-09-23 17:09 - 00003814 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E6D0C200-9FE7-496D-8C5E-B6BCC5A71C4D}
2016-02-24 21:11 - 2014-10-11 06:49 - 00000000 ____D C:\Users\Lawrence\AppData\Roaming\HandBrake
2016-02-24 19:56 - 2016-01-01 19:07 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-02-24 19:56 - 2015-12-19 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-24 19:56 - 2015-12-09 18:07 - 00000000 ____D C:\Windows\Minidump
2016-02-24 19:56 - 2015-07-19 19:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\FEZ
2016-02-24 19:56 - 2014-10-04 17:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-24 19:56 - 2014-09-23 17:45 - 00000000 ____D C:\Windows\Panther
2016-02-24 19:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\MsDtc
2016-02-24 19:16 - 2014-10-16 23:18 - 00000000 ____D C:\Users\Lawrence\AppData\Local\Adobe
2016-02-24 19:14 - 2014-10-04 20:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-23 21:19 - 2014-09-23 17:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-23 21:19 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-20 21:27 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-20 15:26 - 2014-10-04 20:26 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 15:26 - 2014-10-04 20:26 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 14:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-02-14 18:44 - 2014-09-23 16:48 - 00000000 ____D C:\Users\Lawrence
2016-02-13 13:38 - 2013-08-22 09:44 - 00346856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 00:30 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-02-11 21:58 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-11 21:27 - 2014-12-10 00:44 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-11 21:26 - 2014-10-05 05:41 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 21:26 - 2014-03-18 04:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 21:24 - 2014-10-05 05:41 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 21:24 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-10 20:53 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-01 21:37 - 2013-08-22 10:38 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-01 21:37 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 21:19 - 2014-10-04 20:26 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 21:19 - 2014-10-04 20:26 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 00:02 - 2014-11-23 15:29 - 00001456 _____ C:\Users\Lawrence\AppData\Local\Adobe Save for Web 13.0 Prefs
==================== Files in the root of some directories =======
2014-11-11 14:18 - 2014-12-06 02:12 - 0000132 _____ () C:\Users\Lawrence\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-23 15:29 - 2016-01-29 00:02 - 0001456 _____ () C:\Users\Lawrence\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-11 05:27 - 2014-10-11 05:39 - 0000700 ___SH () C:\Users\Lawrence\AppData\Local\systemFL7.dat
2014-09-23 16:52 - 2014-09-23 16:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-10 21:20 - 2015-10-10 21:20 - 0005076 _____ () C:\ProgramData\vczcspay.tpu
Files to move or delete:
====================
C:\Users\Lawrence\PhotoshopElements_13_LS25_win64(2).exe
C:\Users\Lawrence\PhotoshopElements_13_LS25_win64.exe
Some files in TEMP:
====================
C:\Users\Lawrence\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-20 16:42
==================== End of FRST.txt ============================