Hi I have a Dell E4300 running Windows 7 Pro. It had Win 7(not sure of version) & running fine but tried to do a free upgrade but it crashed & I had to do a whole clean reinstall at the start of the year. Ever since then it's been slow & 'sticky' with everything. It also overheats more than it did before, although I have the power set at 80% ATM, because that is a gen problem with these laptops I have learned. I have Avira virus program & Malwarebytes.
Below are the FRST & aswMBR scan logs;
Below are the FRST & aswMBR scan logs;
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by Anya (administrator) on ANYA-PC (01-03-2017 11:57:39)
Running from C:\Users\Anya\Desktop\PC prework
Loaded Profiles: Anya (Available Profiles: Anya)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Toolwiz) C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Toolwiz.com) C:\Program Files (x86)\ToolwizCareFree\ToolwizTools.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\calc.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\...\Run: [ToolwizCareFree] => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [5274328 2017-01-08] (Toolwiz)
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{12A21B6A-4A1F-42D7-8FE4-67D02DB214E3}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4C627B19-BC24-470C-A374-BA04D5043EF9}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-9fe07138
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp10_adw_hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp10_adw_ch&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: dolfqtls.default
FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default [2017-03-01]
FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default -> mail.yahoo.com
FF Session Restore: Mozilla\Firefox\Profiles\dolfqtls.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\Extensions\abs@avira.com.xpi [2017-02-09]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Profiles\dolfqtls.default\features\{ce52f54d-0d9c-4224-b2d6-5d5791543a5a}\disableSHA1rollout@mozilla.org.xpi [2017-02-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-04] (SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-03-01] (Malwarebytes)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-01 11:54 - 2017-03-01 11:57 - 00000000 ___DC C:\FRST
2017-03-01 11:49 - 2017-03-01 11:57 - 00000000 ___DC C:\Users\Anya\Desktop\PC prework
2017-03-01 10:22 - 2017-02-27 15:02 - 00697053 ____C C:\Users\Anya\Documents\stock%20crate%20needs.doc_1.odt
2017-03-01 09:28 - 2017-03-01 11:14 - 00110536 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-01 09:28 - 2017-03-01 11:14 - 00081696 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-01 09:28 - 2017-03-01 11:14 - 00043968 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-01 09:28 - 2017-03-01 11:13 - 00251848 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 09:28 - 2017-03-01 09:28 - 00176584 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\ProgramData\Malwarebytes
2017-03-01 09:27 - 2017-03-01 09:27 - 00000000 ___DC C:\Program Files\Malwarebytes
2017-03-01 09:27 - 2017-01-20 07:47 - 00077416 ____C C:\Windows\system32\Drivers\mbae64.sys
2017-03-01 09:14 - 2017-03-01 09:14 - 00002786 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-01 09:14 - 2017-03-01 09:14 - 00000822 ____C C:\Users\Public\Desktop\CCleaner.lnk
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-01 09:14 - 2017-03-01 09:14 - 00000000 ___DC C:\Program Files\CCleaner
2017-03-01 09:13 - 2017-03-01 09:14 - 55566792 ____C (Malwarebytes ) C:\Users\Anya\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-03-01 08:53 - 2017-03-01 08:54 - 09261616 ____C (Piriform Ltd) C:\Users\Anya\Downloads\ccsetup527.exe
2017-02-27 10:22 - 2017-02-27 10:22 - 01961016 ____C C:\Users\Anya\Downloads\Ramblings 3 - February 21st 2017.pdf
2017-02-26 22:52 - 2017-02-26 22:52 - 01793086 ____C C:\Users\Anya\Downloads\14475841_975050299290299_6153463609927139328_n.mp4
2017-02-22 19:16 - 2017-02-22 19:16 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100877 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39(1).pdf
2017-02-22 18:58 - 2017-02-22 18:58 - 00100875 ____C C:\Users\Anya\Downloads\AssessmentCoverPage_39.pdf
2017-02-22 18:56 - 2017-02-22 18:56 - 05476663 ____C C:\Users\Anya\Downloads\10th_February_2017.pdf
2017-02-21 21:46 - 2017-02-24 21:16 - 00047120 ____C C:\Users\Anya\Documents\My Places.kmz
2017-02-20 13:47 - 2017-02-20 13:47 - 00543652 ____C C:\Users\Anya\Downloads\parknotesnourlangie.pdf
2017-02-17 20:15 - 2017-02-17 20:15 - 00000000 ___DC C:\Program Files (x86)\Windows Resource Kits
2017-02-17 20:11 - 2017-02-17 20:11 - 00002130 ____C C:\Users\Anya\Downloads\reset_fp.zip
2017-02-17 20:05 - 2017-02-17 20:05 - 00379392 ____C C:\Users\Anya\Downloads\subinacl.msi
2017-02-16 22:02 - 2017-02-16 22:03 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
2017-02-14 23:35 - 2017-02-14 23:35 - 00000000 ___DC C:\Windows\System32\Tasks\Games
2017-02-14 21:44 - 2017-02-14 21:44 - 00000000 ___DC C:\Program Files (x86)\Driver Detective
2017-02-13 16:48 - 2017-02-13 16:50 - 01325535 ____C C:\Users\Anya\Downloads\Ramblings 1a - February 7th 2017.pdf
2017-02-12 23:43 - 2017-02-12 23:43 - 00248541 ____C C:\Users\Anya\Downloads\FlashBrowserVersion.pdf
2017-02-10 10:01 - 2017-02-10 10:01 - 00327713 ____C C:\Users\Anya\Downloads\109.full.pdf
2017-02-10 10:01 - 2017-02-10 10:01 - 00213450 ____C C:\Users\Anya\Downloads\ARRT_Std_Terms.pdf
2017-02-09 12:09 - 2017-02-09 12:09 - 00562254 ____C C:\Users\Anya\Downloads\pdf2doc.zip
2017-02-09 11:56 - 2017-02-09 11:56 - 00118501 ____C C:\Users\Anya\Downloads\R Oosthuizen Response.pdf
2017-02-08 09:55 - 2017-03-01 11:54 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
2017-02-08 09:43 - 2017-02-08 09:52 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
2017-02-07 21:18 - 2017-02-07 21:18 - 00416082 ____C C:\Users\Anya\Documents\L fore paw AP 06-12-2016_52524.JPEG
2017-02-07 21:18 - 2017-02-07 21:18 - 00346479 ____C C:\Users\Anya\Documents\Tilly Lavender Consultation History Notes.pdf
2017-02-07 15:14 - 2017-02-07 15:14 - 00137063 ____C C:\Users\Anya\Documents\civil-claims-app-11854.pdf
2017-02-07 13:41 - 2017-02-07 13:41 - 00000154 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
2017-02-07 13:36 - 2017-02-07 13:36 - 00000290 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
2017-02-07 13:35 - 2017-02-07 13:35 - 00007819 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
2017-02-07 02:12 - 2017-02-08 09:45 - 00569645 ____C C:\Users\Anya\Documents\High detail front right paw 28-11-2016_52524.JPEG
2017-02-06 12:16 - 2017-02-06 12:16 - 00000000 ___DC C:\Program Files (x86)\Display
2017-02-06 11:44 - 2017-02-20 22:59 - 00000000 ___DC C:\Program Files (x86)\SpeedItup Free
2017-02-02 12:10 - 2017-02-02 12:10 - 00005606 ____C C:\Windows\system32\.crusader
2017-02-01 19:45 - 2017-02-01 19:45 - 00508320 ____C C:\Users\Anya\Documents\AL606-12-16 Front Extremity_52524.JPEG
2017-02-01 19:44 - 2017-02-01 19:44 - 00459920 ____C C:\Users\Anya\Documents\AL706-12-16 Front Extremity (3)_52524.JPEG
2017-02-01 19:39 - 2017-02-01 19:39 - 00587748 ____C C:\Users\Anya\Documents\High detail front right paw 3 28-11-2016_52524.JPEG
2017-02-01 19:39 - 2017-02-01 19:39 - 00566078 ____C C:\Users\Anya\Documents\High detail front right paw 2 28-11-2016_52524.JPEG
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-01 11:56 - 2017-01-02 17:56 - 00000264 ____C C:\Windows\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134}.job
2017-03-01 11:21 - 2017-01-02 18:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
2017-03-01 11:21 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-01 11:21 - 2009-07-14 15:45 - 00025680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-01 11:14 - 2017-01-03 16:33 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-01 11:14 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\inf
2017-03-01 11:12 - 2009-07-14 16:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-03-01 10:39 - 2017-01-07 23:55 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\ParetoLogic
2017-03-01 09:25 - 2017-01-25 18:16 - 00000000 ___DC C:\Windows\Minidump
2017-03-01 09:25 - 2017-01-03 09:53 - 00000000 ___DC C:\Windows\Panther
2017-02-26 08:59 - 2017-01-07 23:08 - 00000430 ____C C:\Windows\Tasks\TechUtilities.job
2017-02-24 11:39 - 2017-01-19 15:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 12:18 - 2017-01-02 16:56 - 00000000 ___DC C:\Users\Anya\Documents\tio & telstra
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\finance
2017-02-19 21:36 - 2017-01-02 16:55 - 00000000 ___DC C:\Users\Anya\Documents\family & health
2017-02-19 21:35 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
2017-02-19 21:34 - 2017-01-02 16:54 - 00000000 ___DC C:\Users\Anya\Documents\Anya's phone
2017-02-19 21:34 - 2017-01-02 16:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
2017-02-19 21:33 - 2017-01-02 16:53 - 00000000 ___DC C:\Users\Anya\Documents\Anya
2017-02-17 20:09 - 2017-01-03 16:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
2017-02-17 20:08 - 2017-01-03 16:33 - 00802904 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-17 20:08 - 2017-01-03 16:33 - 00144472 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-17 20:08 - 2017-01-03 16:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-02-17 20:08 - 2017-01-03 16:33 - 00000000 ___DC C:\Windows\system32\Macromed
2017-02-15 10:06 - 2009-07-14 16:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
2017-02-14 13:38 - 2009-07-14 14:20 - 00000000 ___DC C:\Windows\LiveKernelReports
2017-02-08 09:52 - 2017-01-19 19:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
2017-02-06 09:26 - 2017-01-02 18:38 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor
2017-02-02 12:49 - 2017-01-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-02 12:13 - 2017-01-02 18:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-02-02 12:01 - 2017-01-02 19:16 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-02 12:01 - 2017-01-02 18:04 - 00000000 ___DC C:\ProgramData\Package Cache
==================== Files in the root of some directories =======
2017-01-03 14:58 - 2017-01-03 14:58 - 0000044 ____C () C:\Users\Anya\AppData\Roaming\WB.CFG
Files to move or delete:
====================
C:\Windows\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134}.job
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-03 09:54
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Anya (01-03-2017 12:00:30)
Running from C:\Users\Anya\Desktop\PC prework
Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
EasyBluePrint (HKLM-x32\...\{598B5BFB-3491-4C9B-9D20-F6477932FFCE}) (Version: 1.00.0000 - Lazycat Labs LLC)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MVHShellExtension (HKLM\...\{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Quicken CashBook - Version 8 (HKLM-x32\...\Quicken CashBook - Version 8) (Version: - )
situhome (HKLM-x32\...\{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wings 3D 2.1.5 (HKLM-x32\...\Wings 3D 2.1.5) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BBF5E2B-CFF9-4454-B1E5-48FD7878F641} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {33037067-24A4-4C51-9BF4-C93967D001CB} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2017-01-08] (Toolwiz)
Task: {4CD91184-FF75-43A9-AFF0-B0E8793FFEA2} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
Task: {792F89C5-CD6D-420F-B59F-A6FD747F23A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7FCD042A-B1B9-48E0-BCAB-416DD1E526E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-17] (Adobe Systems Incorporated)
Task: {84DD79D9-08FF-42FE-B5A0-F88E208EA467} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3010178862-2183218474-3834878404-1000
Task: {977EEB1A-1D70-420F-8E80-26BACAE87F7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {9E37EBFD-A90E-4D66-AEBC-A4E874CF58F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {A8A2EB79-53E4-43C3-8391-143FC1FC3B23} - System32\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134} => C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe <==== ATTENTION
Task: {CF69B18C-0219-4C72-A7C0-B5155F4BFF07} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-23] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe -t C:\Program Files\TechUtilities\TechUtilities.exe
Task: C:\Windows\Tasks\{3414E28B-7B30-5D60-A18E-73890419B134}.job => C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-03-01 09:27 - 2017-01-20 07:47 - 02264352 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-01 09:27 - 2017-01-20 07:47 - 02254800 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-01 09:27 - 2017-01-20 07:47 - 02829776 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-04 14:53 - 2017-01-04 14:53 - 03052032 ____C () C:\Windows\assembly\NativeImages_v4.0.30319_64\PaintDotNetc8826574#\1231046019f02411806acdb82aa3f17a\PaintDotNet.SystemLayer.Native.x64.ni.dll
2016-12-12 17:01 - 2016-12-12 17:01 - 01083088 ____C () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
2015-10-21 15:50 - 2015-10-21 15:50 - 00988160 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00170496 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00136192 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00303616 ____C () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2017 11:13:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/01/2017 07:49:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/25/2017 09:22:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/23/2017 12:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googleearth.exe, version: 7.1.8.3036, time stamp: 0x587ddf05
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0002f347
Faulting process id: 0x3d4
Faulting application start time: 0x01d28c9daba8551c
Faulting application path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 620c036c-f8ff-11e6-801a-0024e8dc6112
Error: (02/22/2017 09:16:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/20/2017 10:42:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/19/2017 02:17:06 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnPowerEvent(Object sender, PowerBroadcastStatusEventArgs e)
at Avira.OE.WinCore.EventHandlerExtensions.SafeInvoke[T](EventHandler`1 eventHandler, Object sender, T eventArgs)
at Avira.OE.ServiceHost.WindowsService.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).
Error: (02/19/2017 02:05:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/17/2017 08:21:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/14/2017 09:12:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (03/01/2017 07:48:09 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8007bd14e0, 0xfffff88004039cb0, 0x0000000000000000, 0x000000000000000c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030117-29640-01.
Error: (03/01/2017 07:47:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:33 PM on 2/27/2017 was unexpected.
Error: (02/27/2017 09:05:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
Error: (02/25/2017 02:04:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
Error: (02/24/2017 09:09:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (02/24/2017 01:55:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HitmanProScheduler service.
Error: (02/22/2017 07:58:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
Error: (02/22/2017 09:15:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:17:55 AM on 2/22/2017 was unexpected.
Error: (02/21/2017 06:19:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.
Error: (02/20/2017 10:41:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P9400 @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 4047.92 MB
Available physical RAM: 828.74 MB
Total Virtual: 8094.04 MB
Available Virtual: 4544.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.46 GB) (Free:21.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-01 12:10:33
-----------------------------
12:10:33.299 OS Version: Windows x64 6.1.7601 Service Pack 1
12:10:33.299 Number of processors: 2 586 0x170A
12:10:33.301 ComputerName: ANYA-PC UserName: Anya
12:10:36.188 Initialize success
12:10:36.870 VM: initialized successfully
12:10:36.873 VM: Intel CPU BiosDisabled
12:17:41.631 AVAST engine defs: 17010903
12:19:02.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:19:02.670 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
12:19:02.896 Disk 0 MBR read successfully
12:19:02.899 Disk 0 MBR scan
12:19:02.906 Disk 0 Windows 7 default MBR code
12:19:02.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:19:02.926 Disk 0 default boot code
12:19:02.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
12:19:02.973 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
12:19:03.034 Disk 0 scanning C:\Windows\system32\drivers
12:19:15.284 Service scanning
12:19:43.094 Modules scanning
12:19:43.106 Disk 0 trace - called modules:
12:19:43.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:19:43.158 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800439d060]
12:19:43.164 3 CLASSPNP.SYS[fffff880011d143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040b5680]
12:19:44.592 AVAST engine scan C:\Windows
12:19:47.579 AVAST engine scan C:\Windows\system32
12:32:25.222 AVAST engine scan C:\Windows\system32\drivers
12:34:02.728 AVAST engine scan C:\Users\Anya
13:20:58.634 AVAST engine scan C:\ProgramData
13:22:09.962 Disk 0 statistics 4191535/0/0 @ 0.96 MB/s
13:22:10.019 Scan finished successfully
13:37:13.672 Disk 0 MBR has been saved successfully to "C:\Users\Anya\Desktop\PC prework\MBR.dat"
13:37:13.722 The log file has been saved successfully to "C:\Users\Anya\Desktop\PC prework\aswMBR.txt"