Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017 Ran by SYSTEM on MININT-E67F81B (28-12-2017 04:38:24) Running from E:\ Platform: Windows 7 Professional N Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Esprit 2.1] => C:\Program Files\Bruker\Esprit 2.1\Communication\RTCommunication.exe [2891016 2016-07-19] (Bruker Nano GmbH) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-16] (AVAST Software) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-07-16] (Intel Corporation) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [${_APP_NAME}] => C:\Program Files (x86)\WellWeWeb\CheVolume\CheVolume.exe [691200 2016-01-21] (WellWeWeb) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1223168 2016-12-09] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKU\Guest\...\Run: [Spotify Web Helper] => C:\Users\Guest\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-19] (Spotify Ltd) HKU\Guest\...\Run: [Spotify] => C:\Users\Guest\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-19] (Spotify Ltd) HKU\Guest\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\Rebecca\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3102496 2017-10-30] (Valve Corporation) HKU\Rebecca\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7593984 2014-07-16] () HKU\Stalla\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3102496 2017-10-30] (Valve Corporation) HKU\Stalla\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7593984 2014-07-16] () HKU\Stalla\...\Run: [Google Update] => C:\Users\Stalla\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.) HKU\Stalla\...\Run: [Amazon Music] => C:\Users\Stalla\AppData\Local\Amazon Music\Amazon Music Helper.exe [5908968 2016-06-16] () HKU\Stalla\...\Run: [Dropbox Update] => C:\Users\Stalla\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.) HKU\Stalla\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start HKU\Stalla\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1592664 2017-12-05] (Google Inc.) Startup: C:\Users\Stalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-12-06] ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Stalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win7AudioSwitcher_x86_release.exe [2013-08-15] (Nick_AgN) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-16] (AVAST Software) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-16] (AVAST Software) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-12-19] () S2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2015-12-19] () S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology) S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-16] (AVAST Software) S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-16] (AVAST Software s.r.o.) S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-16] (AVAST Software s.r.o.) S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-16] (AVAST Software s.r.o.) S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-16] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-16] (AVAST Software) S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software) S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-16] (AVAST Software) S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-16] (AVAST Software) S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-16] (AVAST Software) S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-16] (AVAST Software) S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-16] (AVAST Software) S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-16] (AVAST Software) S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-16] (AVAST Software) S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-07-16] (Intel Corporation) S3 e1rexpress; C:\Windows\System32\DRIVERS\e1r62x64.sys [488784 2013-07-16] (Intel Corporation) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation) S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] () S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] () S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.) S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] () S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [260096 2014-04-16] () S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp_x64.sys [62464 2014-07-16] () S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [46080 2014-04-16] () S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-11-26] (Cisco Systems, Inc.) S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2017-12-28] () S3 cpuz136; \??\C:\Users\Stalla\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-28 04:37 - 2017-12-28 04:38 - 000000000 ____D C:\FRST 2017-12-28 00:55 - 2017-12-28 02:34 - 000094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp 2017-12-10 12:11 - 2017-12-10 12:11 - 000000000 __SHD C:\found.000 2017-12-10 11:17 - 2017-12-10 11:33 - 000360646 _____ C:\Windows\ntbtlog.txt 2017-12-07 23:15 - 2017-12-07 23:15 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-12-06 16:11 - 2017-12-06 16:11 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software 2017-12-06 16:11 - 2017-12-06 16:11 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2017-12-03 21:30 - 2017-12-03 21:30 - 000043379 _____ C:\Users\Stalla\42nm 2017-12-02 11:16 - 2017-12-02 11:18 - 089245255 _____ C:\Users\Stalla\Downloads\dtsa2_jupiter.jar ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-12-28 02:34 - 2017-04-03 04:44 - 000034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys 2017-12-28 02:34 - 2013-07-16 15:33 - 000000000 ____D C:\ProgramData\NVIDIA 2017-12-08 02:21 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-12-08 02:19 - 2009-07-13 21:12 - 000800854 _____ C:\Windows\System32\PerfStringBackup.INI 2017-12-08 02:19 - 2009-07-13 20:50 - 000020144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-12-08 02:19 - 2009-07-13 20:50 - 000020144 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-12-08 02:19 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf 2017-12-08 00:49 - 2013-09-30 18:08 - 000000000 ____D C:\Users\Stalla\AppData\Roaming\NetSpeedMonitor 2017-12-08 00:23 - 2015-06-15 18:54 - 000000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1353541947-1487197825-3567861493-1000UA.job 2017-12-08 00:23 - 2015-06-15 18:54 - 000000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1353541947-1487197825-3567861493-1000Core.job 2017-12-07 23:47 - 2013-07-16 15:38 - 000000000 ____D C:\Program Files (x86)\Steam 2017-12-07 23:15 - 2013-07-18 11:27 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-12-07 23:14 - 2016-11-22 07:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-12-07 23:14 - 2013-07-28 22:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-07 23:14 - 2013-07-18 11:26 - 000000000 ____D C:\Program Files\Microsoft Office 15 2017-12-06 11:49 - 2013-07-29 07:46 - 000000000 ____D C:\Users\Stalla\AppData\Roaming\Dropbox 2017-12-06 07:21 - 2015-01-20 21:58 - 000000000 ____D C:\Users\Stalla\AppData\Roaming\TeamViewer 2017-12-06 03:17 - 2015-01-20 21:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-12-05 01:41 - 2017-06-11 22:09 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-12-03 21:30 - 2013-07-16 14:49 - 000000000 ____D C:\users\Stalla 2017-12-02 11:19 - 2017-04-18 21:25 - 000000000 ____D C:\Users\Stalla\Documents\NIST DTSA-II Reports 2017-12-02 11:18 - 2017-04-18 21:16 - 000000000 ____D C:\Users\Stalla\AppData\Local\NIST 2017-12-02 00:36 - 2016-11-28 22:06 - 000000000 ____D C:\Users\Stalla\AppData\LocalLow\Mozilla 2017-11-29 23:41 - 2013-08-31 15:14 - 000000000 ____D C:\Users\Stalla\AppData\Local\CrashDumps 2017-11-28 22:52 - 2013-07-30 20:26 - 000000000 ____D C:\Users\Stalla\AppData\Roaming\Azureus Some files in TEMP: ==================== 2014-07-11 13:12 - 2014-07-11 13:12 - 000918952 _____ (Oracle Corporation) C:\Users\Rebecca\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe 2017-09-08 08:27 - 2017-11-28 22:52 - 000035224 _____ () C:\Users\Stalla\AppData\Local\Temp\i4jdel0.exe 2017-12-02 18:58 - 2017-12-02 18:58 - 000116997 ____N () C:\Users\Stalla\AppData\Local\Temp\jffi1946859141492095320.dll 2017-12-03 00:38 - 2017-12-03 00:38 - 000116997 ____N () C:\Users\Stalla\AppData\Local\Temp\jffi3801698767538822105.dll 2017-12-02 11:19 - 2017-12-02 11:19 - 000116997 ____N () C:\Users\Stalla\AppData\Local\Temp\jffi3904515420630150603.dll 2017-12-03 00:15 - 2017-12-03 00:15 - 000116997 ____N () C:\Users\Stalla\AppData\Local\Temp\jffi492139364021687271.dll 2017-12-02 19:02 - 2017-12-02 19:02 - 000116997 ____N () C:\Users\Stalla\AppData\Local\Temp\jffi5769846003097770497.dll 2017-12-03 00:57 - 2017-12-03 00:57 - 000116997 ____N () C:\Users\Stalla\AppData\Local\Temp\jffi7558709329576133460.dll 2017-12-03 01:14 - 2017-12-03 01:14 - 000116997 ____N () C:\Users\Stalla\AppData\Local\Temp\jffi7587560577985393067.dll 2017-12-03 13:21 - 2017-12-03 13:21 - 000116997 ____N () C:\Users\Stalla\AppData\Local\Temp\jffi7878322056127341115.dll 2017-07-30 02:18 - 2017-07-30 02:18 - 000740416 _____ (Oracle Corporation) C:\Users\Stalla\AppData\Local\Temp\jre-8u144-windows-au.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=Y: path \bootmgr description Windows Boot Manager locale en-US inherit {globalsettings} default {default} resumeobject {aaa61851-ee82-11e2-9340-dc17e2ad12e2} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} osdevice partition=C: systemroot \Windows resumeobject {aaa61851-ee82-11e2-9340-dc17e2ad12e2} nx OptIn Windows Boot Loader ------------------- identifier {aaa61853-ee82-11e2-9340-dc17e2ad12e2} device ramdisk=[C:]\Recovery\aaa61853-ee82-11e2-9340-dc17e2ad12e2\Winre.wim,{aaa61854-ee82-11e2-9340-dc17e2ad12e2} path \windows\system32\winload.exe description Windows Recovery Environment (recovered) locale osdevice ramdisk=[C:]\Recovery\aaa61853-ee82-11e2-9340-dc17e2ad12e2\Winre.wim,{aaa61854-ee82-11e2-9340-dc17e2ad12e2} systemroot \windows winpe Yes Resume from Hibernate --------------------- identifier {aaa61851-ee82-11e2-9340-dc17e2ad12e2} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {aaa61854-ee82-11e2-9340-dc17e2ad12e2} ramdisksdidevice partition=C: ramdisksdipath \Recovery\aaa61853-ee82-11e2-9340-dc17e2ad12e2\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16314.71 MB Available physical RAM: 15158.27 MB Total Virtual: 16312.91 MB Available Virtual: 15156.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:16.83 GB) NTFS Drive e: (GSP1RMCNPRXFRER_EN_DVD) (Removable) (Total:7.51 GB) (Free:4.7 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 1B2CCB94) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 0D5B3DBE) Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS) LastRegBack: 2017-11-29 01:51 ==================== End of FRST.txt ============================