Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop keeps freezing for several minutes at a time !


  • This topic is locked This topic is locked

#1
Slime

Slime

    Member

  • Member
  • PipPipPip
  • 115 posts

Hi all.

I have an Acer Aspire 6930Z running on Vista Home Premium SP2.

I know it's old, but has been running reasonably well up until a few days ago.

It now takes far, far longer to boot up and often freezes for several minutes, even when doing simple tasks such as opening

a new tab or clicking on an email.

After a few minutes it just springs back to life and carries on until the next freeze!

This has not been a gradual thing ................ it just started happening a few days ago.

I'm assuming I have an infection, but what do I know?

Please help.

Yours,

 

Slime

 

Here are my FRST logs;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2017
Ran by user (administrator) on USER-PC (08-02-2017 18:15:21)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Realtek Semiconductor Corp.) C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\MountPoints2: {1308fcb7-1979-11e6-ac59-806e6f6e6963} - D:\DriverPackSolution.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-05] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{086F9650-8545-49BA-A672-71D56BEDB0B7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3}: [DhcpNameServer] 212.159.13.49 212.159.13.50

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0516&m=aspire_6930z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0516&m=aspire_6930z
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.msn.com/?ocid=EIE9HP&PC=UP50
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://uk.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> DefaultScope {863E6E81-B714-4682-A268-8E0567066424} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {863E6E81-B714-4682-A268-8E0567066424} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> No File
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\partner.dll [2016-05-13] (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 [2017-02-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> Google
FF Homepage: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> hxxps://www.google.co.uk/
FF Keyword.URL: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> hxxps://www.google.com/search?q=
FF Extension: (New Tab Override (browser.newtab.url replacement)) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594\Extensions\[email protected] [2016-12-27]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-05-15]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-15]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-15]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-05] (AVAST Software)
S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
S4 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
S4 Partner Service; C:\ProgramData\Partner\partner.exe [110576 2016-05-13] (Google Inc.)
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-05] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-10-05] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [850472 2008-08-05] (Bison Electronics. Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-05] (Intel Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [54824 2010-03-29] (Atheros Communications, Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2474200 2014-03-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27888 2013-07-30] (Synaptics Incorporated)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-08 18:15 - 2017-02-08 18:16 - 00015758 _____ C:\Users\user\Desktop\FRST.txt
2017-02-08 18:15 - 2017-02-08 18:15 - 00000000 ____D C:\FRST
2017-02-08 18:13 - 2017-02-08 18:13 - 00001930 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-02-08 18:13 - 2017-02-08 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-02-08 18:11 - 2017-02-08 18:12 - 01763328 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2017-02-06 22:43 - 2017-02-06 22:44 - 00146064 _____ C:\Windows\Minidump\Mini020617-01.dmp
2017-02-05 23:09 - 2017-02-05 23:09 - 00146064 _____ C:\Windows\Minidump\Mini020517-01.dmp
2017-02-02 20:07 - 2017-02-02 20:07 - 00146040 _____ C:\Windows\Minidump\Mini020217-01.dmp
2017-02-02 13:21 - 2017-02-02 13:26 - 00000000 ____D C:\Users\user\Desktop\Ebay listings
2017-01-31 14:22 - 2017-01-31 14:22 - 00146040 _____ C:\Windows\Minidump\Mini013117-01.dmp
2017-01-29 14:46 - 2017-01-29 14:46 - 00146040 _____ C:\Windows\Minidump\Mini012917-01.dmp
2017-01-27 16:59 - 2017-01-27 16:59 - 00146040 _____ C:\Windows\Minidump\Mini012717-02.dmp
2017-01-27 09:34 - 2017-01-27 09:34 - 00146040 _____ C:\Windows\Minidump\Mini012717-01.dmp
2017-01-25 23:28 - 2017-01-25 23:28 - 00146064 _____ C:\Windows\Minidump\Mini012517-02.dmp
2017-01-25 15:25 - 2017-01-25 15:25 - 00146064 _____ C:\Windows\Minidump\Mini012517-01.dmp
2017-01-24 23:16 - 2017-01-24 23:16 - 00146064 _____ C:\Windows\Minidump\Mini012417-01.dmp
2017-01-24 20:20 - 2017-01-05 16:57 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-24 19:47 - 2017-01-26 16:03 - 00000000 ____D C:\Users\user\Desktop\Honda Civic LA12GWW
2017-01-23 23:33 - 2017-01-23 23:33 - 00146064 _____ C:\Windows\Minidump\Mini012317-01.dmp
2017-01-22 23:57 - 2017-01-22 23:57 - 00146064 _____ C:\Windows\Minidump\Mini012217-01.dmp
2017-01-22 17:17 - 2017-01-22 17:20 - 00000000 ____D C:\Users\user\Desktop\Golf Travel Case
2017-01-22 13:42 - 2017-01-22 13:42 - 00000000 ____D C:\Users\user\Desktop\Wurlitzer 4080R
2017-01-18 23:54 - 2017-01-18 23:54 - 00146064 _____ C:\Windows\Minidump\Mini011817-01.dmp
2017-01-17 23:40 - 2017-01-17 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-17 23:29 - 2017-01-17 23:29 - 00146064 _____ C:\Windows\Minidump\Mini011717-01.dmp
2017-01-13 18:13 - 2017-01-13 18:14 - 00146056 _____ C:\Windows\Minidump\Mini011317-01.dmp
2017-01-12 19:07 - 2017-01-12 19:07 - 00146040 _____ C:\Windows\Minidump\Mini011217-01.dmp
2017-01-12 10:35 - 2017-01-12 10:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Template
2017-01-12 10:35 - 2017-01-12 10:35 - 00000000 _____ C:\Users\user\AppData\Roaming\wklnhst.dat
2017-01-11 23:16 - 2017-01-11 23:16 - 00146064 _____ C:\Windows\Minidump\Mini011117-01.dmp
2017-01-10 23:35 - 2017-01-10 23:35 - 00146080 _____ C:\Windows\Minidump\Mini011017-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-08 18:13 - 2016-10-28 16:33 - 00000000 ____D C:\ProgramData\Foxit Software
2017-02-08 18:11 - 2008-11-18 17:49 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-08 18:09 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-08 18:09 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-08 10:56 - 2016-11-18 20:59 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-02-08 10:55 - 2016-06-21 20:00 - 00000000 ____D C:\Program Files\Steam
2017-02-08 10:55 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-02-08 10:54 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-06 22:56 - 2006-11-02 13:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-06 22:43 - 2016-05-14 20:35 - 307547631 _____ C:\Windows\MEMORY.DMP
2017-02-06 22:43 - 2016-05-14 20:35 - 00000000 ____D C:\Windows\Minidump
2017-01-29 10:25 - 2016-11-21 22:37 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2017-01-27 17:04 - 2016-10-21 17:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 20:58 - 2016-05-13 21:57 - 00000000 ____D C:\Windows\system32\MRT
2017-01-24 20:53 - 2006-11-02 10:24 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-01-22 13:41 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-01-22 13:41 - 2006-11-02 10:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 19:16 - 2016-05-15 00:34 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-01-17 23:41 - 2016-12-18 14:47 - 00000000 ____D C:\Program Files\Garmin
2017-01-17 23:41 - 2016-05-14 20:42 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-16 08:58 - 2016-05-16 23:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-15 09:25 - 2016-05-16 23:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-15 09:25 - 2016-05-16 23:23 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-15 09:25 - 2016-05-14 10:45 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2017-01-15 09:25 - 2008-11-18 17:55 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2017-01-12 10:35 - 2017-01-12 10:35 - 0000000 _____ () C:\Users\user\AppData\Roaming\wklnhst.dat
2016-09-22 17:17 - 2016-09-22 17:17 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2016-05-14 10:57 - 2016-06-02 16:49 - 0007680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-09 16:53 - 2016-09-09 16:54 - 0146645 _____ () C:\Users\user\AppData\Local\edsinstaller.txt-20160909.log
2016-05-13 20:02 - 2016-05-13 20:06 - 0006030 _____ () C:\ProgramData\ArcadeDeluxe2.log
2016-05-14 11:02 - 2016-05-14 11:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-09 20:29 - 2016-09-09 20:30 - 0000090 _____ () C:\ProgramData\PS.log

Some files in TEMP:
====================
2016-05-14 20:51 - 2016-09-05 11:16 - 0000000 ____D () C:\Users\user\AppData\Local\Temp\avgnt.exe
2016-10-28 16:32 - 2016-11-08 11:15 - 5571272 _____ (Foxit Corporation) C:\Users\user\AppData\Local\Temp\FoxitUpdater.exe
2016-10-15 22:04 - 2016-10-15 22:04 - 0204800 _____ (Realtek Semiconductor Corp.) C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-08 11:02

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2017
Ran by user (08-02-2017 18:16:40)
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2016-05-14 02:16:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1701030405-4185235007-3865900534-500 - Administrator - Disabled)
Guest (S-1-5-21-1701030405-4185235007-3865900534-501 - Limited - Enabled)
user (S-1-5-21-1701030405-4185235007-3865900534-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (Version: 2.6.1.4 - Intel) Hidden
Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13 - Acer Crystal Eye webcam)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Elevated Installer (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
FM Genie Scout 16 version 1.0 16.3.2 (HKLM\...\FM Genie Scout 16_is1) (Version: 1.0 16.3.2 - )
Football Manager 2015 (HKLM\...\Steam App 295270) (Version:  - Sports Interactive)
Football Manager 2016 (HKLM\...\Steam App 378120) (Version:  - SPORTS INTERACTIVE)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Garmin Express (HKLM\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 45.7.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 45.7.0 (x86 en-GB)) (Version: 45.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
OpenOffice 4.1.3 (HKLM\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7285 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Winbond CIR Device Drivers (HKLM\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EED783D-1319-49E7-9CDF-4281BF30AD1A} - System32\Tasks\SafeZone scheduled Autoupdate 1475705443 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {4052F64A-3C36-4ADC-ABEC-4E682AC99A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-15] (Google Inc.)
Task: {4586B4A8-F988-44B6-9B9B-3104737D48F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-15] (Google Inc.)
Task: {561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} - System32\Tasks\ASC9_SkipUac_user => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
Task: {6152A8EA-1114-4618-A791-645834141FA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-05] (AVAST Software)
Task: {72D07E84-5306-44BF-9BB2-308F5ECB9412} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {886DC9BA-1489-4B50-AB47-96635C170608} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {97621A41-1806-4118-8F88-85DBB26BD4DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated)
Task: {9816DCE8-5643-41FB-8C3F-558FFD439798} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {D5BAE814-0569-4D1C-A1EE-9C81F4522256} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 22:07 - 2016-10-05 22:07 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-06 20:09 - 2017-02-06 20:09 - 05731328 _____ () C:\Program Files\AVAST Software\Avast\defs\17020603\algo.dll
2016-10-05 22:07 - 2016-10-05 22:07 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-05 22:07 - 2016-10-05 22:07 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2016-10-15 21:53 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Control Panel\Desktop\\Wallpaper -> c:\Windows\Web\wallpaper\Acer01.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Avira.ServiceHost => 2
MSCONFIG\Services: BUNAgentSvc => 2
MSCONFIG\Services: CLHNService => 2
MSCONFIG\Services: eDataSecurity Service => 2
MSCONFIG\Services: ETService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MobilityService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTIBackupSvc => 2
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: eAudio => "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{40F36B7F-D3B5-42FB-81CE-A3826F9C5C64}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{A4651429-0CE0-4717-82DC-6A4475E65562}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{62C7C5A7-0003-453A-9D07-8267719F577D}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{8460336C-0B01-4766-AAC8-FDB494FDA7A1}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{671C30DE-701E-4409-9B6A-B081096D1893}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{C88CA162-B6B3-4F71-80FB-899659F940B0}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{58029D2E-3712-44B1-9408-F6F4CE656905}] => C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{2053AA6E-3B70-4B28-AF72-1E460C44041B}] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{8B7B8104-6D5E-4629-BD4D-4903C7D41ED4}] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{FAEB1A12-7A18-4E3F-8A2F-6EEC7EF1A2D9}] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{C023D78C-B691-4DAF-A6AF-FEBEB95BF6D2}] => C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{ED82A523-F70B-4A0A-BC11-2B674D3F6CFC}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C2436529-D4A9-4A9F-AF80-946E447DC9CE}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{96B9A24C-3048-4815-BCF5-5E3149FB0235}] => LPort=80
FirewallRules: [{B50F4441-8419-496E-88EB-73705EF9C505}] => LPort=80
FirewallRules: [{B049F4BE-9E99-4F9E-84A5-33EDE130D83B}] => LPort=80
FirewallRules: [{909C2457-C8E9-4810-9164-377372C440ED}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => LPort=80
FirewallRules: [{82A36E42-5F40-4241-9FD7-1CCAE51AE0F7}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{43C8D2F3-D4AF-4DE6-A8A9-3814B3090B70}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{3F2C8215-6DA7-4F56-ADBC-8C902A511236}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{C49AD7F8-3BE0-4547-9401-4248CE3D3C37}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F02DF9E-6B23-411E-99B1-CFE407A8F2A9}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{4B4F6562-8756-4F0B-887B-5AD4CC19B031}] => C:\Program Files\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{D6DA7217-30C2-435E-91F5-49234D81034A}] => C:\Program Files\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{56857F5C-EDBF-4C24-83B5-227306B73539}] => C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe
FirewallRules: [{996F35D2-24EF-4C1E-B45A-3CE4690546E2}] => C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Atheros AR5B91 Wireless Network Adapter
Description: Atheros AR5B91 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2017 02:45:38 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8000ffff).

Error: (02/08/2017 02:45:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).

Error: (02/08/2017 02:45:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80004002.


Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (02/08/2017 02:45:38 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (02/08/2017 02:45:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (02/08/2017 02:45:38 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (02/08/2017 10:33:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\THUNDERBIRD\PROFILES\SJYO38KT.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/08/2017 10:33:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\THUNDERBIRD\PROFILES\SJYO38KT.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/08/2017 10:33:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\THUNDERBIRD\PROFILES\SJYO38KT.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/08/2017 10:33:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\THUNDERBIRD\PROFILES\SJYO38KT.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (02/08/2017 06:13:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Foxit Reader Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/08/2017 05:52:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:52:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:52:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:52:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:44:36 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:44:32 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:44:29 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:44:27 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:44:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
  Date: 2017-02-05 23:12:52.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-05 23:12:51.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-05 23:12:50.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-05 23:12:50.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-05 23:12:49.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-05 23:12:48.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-05 23:12:47.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-05 23:12:47.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-31 14:26:08.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-31 14:26:08.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 67%
Total physical RAM: 3000.12 MB
Available physical RAM: 968.97 MB
Total Virtual: 6208.48 MB
Available Virtual: 4284.96 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:219.34 GB) (Free:160.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 9E76DF21)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=219.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Slime, 08 February 2017 - 12:22 PM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Possible hard drive issue as indicated from the errors below in the log report. Lets run check disk


Error: (02/08/2017 05:44:36 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:44:32 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/08/2017 05:44:29 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


To run a hard drive scan please follow along,
Click start, in the search box type cmd, now up towards the top right click on cmd and choose "Run as Adminstrator"
In the Command Prompt window type chkdsk c:/r and press Enter.
Please Note the space between k c:/r
  • The next dialog box will now show the following:
    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? <Y/N>
  • Type Y
  • and reboot the computer.
  • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete. To find the log that is produced please do the following:

    Please download ListChkdskResult by SleepyDude to the desktop.
  • Double click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open. Please copy and paste the results in your next reply.

  • 0

#3
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Thanks for helping me with this zep516 :spoton:

Here's the log of my scan which took a good two hours or more;

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 09/02/2017 13:59:20 >------
Category: 0
Computer Name: user-PC
Event Code: 1001
Record Number: 16540
Source Name: Microsoft-Windows-Wininit
Time Written: 02-09-2017 @ 13:52:32
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is ACER.

A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up instance tags for file 0x1efc.
  240896 file records processed.                                  

  733 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  44 reparse records processed.                               

  285760 index entries processed.                                 

  0 unindexed files processed.                               

  240896 security descriptors processed.                          

Cleaning up 1090 unused index entries from index $SII of file 0x9.
Cleaning up 1090 unused index entries from index $SDH of file 0x9.
Cleaning up 1090 unused security descriptors.
  22433 data files processed.                                    

CHKDSK is verifying Usn Journal...
  36818568 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0x1610c8000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1610cd000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x1610ce000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x1610ce000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x16117f000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x16117f000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x161180000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x161180000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x161181000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x161181000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x161232000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x161232000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x161233000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x161233000 for 0x1000 bytes.
Windows replaced bad clusters in file 4879
of name \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8IK01S~1.DEF\ADBLOC~1\patterns.ini.
Read failure with status 0xc000009c at offset 0x160d31000 for 0xa000 bytes.
Read failure with status 0xc000009c at offset 0x160d39000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160d3a000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160deb000 for 0x7000 bytes.
Read failure with status 0xc000009c at offset 0x160deb000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160dec000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160ded000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160e9a000 for 0xb000 bytes.
Read failure with status 0xc000009c at offset 0x160e9e000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160e9f000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160ea0000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160f50000 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0x160f51000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x160f52000 for 0x1000 bytes.
Windows replaced bad clusters in file 16105
of name \PROGRA~1\AVASTS~1\Avast\setup\AIS_RE~1.VPX.
Read failure with status 0xc000009c at offset 0x15f74c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x15f74f000 for 0x1000 bytes.
Windows replaced bad clusters in file 88164
of name \PROGRA~2\AVASTS~1\Avast\log\AvastUI.log.
Read failure with status 0xc000009c at offset 0x15f7fa000 for 0xc000 bytes.
Read failure with status 0xc000009c at offset 0x15f804000 for 0x1000 bytes.
Windows replaced bad clusters in file 224792
of name \Windows\MICROS~1.NET\FRAMEW~1\V40~1.303\SETUPC~1\V45~1.512\sqmapi.dll.
  240880 files processed.                                         

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  42174468 free clusters processed.                                 

Free space verification is complete.
Adding 19 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 229995519 KB total disk space.
  60842960 KB in 200512 files.
    101044 KB in 22434 indexes.
        80 KB in bad sectors.
    353563 KB in use by the system.
     65536 KB occupied by the log file.
 168697872 KB available on disk.

      4096 bytes in each allocation unit.
  57498879 total allocation units on disk.
  42174468 allocation units available on disk.

Internal Info:
00 ad 03 00 ee 66 03 00 9a 77 05 00 00 00 00 00  .....f...w......
3b 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ;...,...........
42 00 00 00 a2 74 60 77 98 87 25 00 98 7f 25 00  B....t`w..%...%.

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: user-PC
Event Code: 1001
Record Number: 10943
Source Name: Microsoft-Windows-Wininit
Time Written: 10-15-2016 @ 18:18:49
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is ACER.

A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up instance tags for file 0x1efc.
  240896 file records processed.                                  

  596 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  44 reparse records processed.                               

  284674 index entries processed.                                 

  0 unindexed files processed.                               

  240896 security descriptors processed.                          

Cleaning up 6259 unused index entries from index $SII of file 0x9.
Cleaning up 6259 unused index entries from index $SDH of file 0x9.
Cleaning up 6259 unused security descriptors.
CHKDSK is compacting the security descriptor stream...
  21890 data files processed.                                    

CHKDSK is verifying Usn Journal...
  35690864 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 229995519 KB total disk space.
  88940100 KB in 198068 files.
     94712 KB in 21893 indexes.
         4 KB in bad sectors.
    350047 KB in use by the system.
     65536 KB occupied by the log file.
 140610656 KB available on disk.

      4096 bytes in each allocation unit.
  57498879 total allocation units on disk.
  35152664 allocation units available on disk.

Internal Info:
00 ad 03 00 43 5b 03 00 29 60 05 00 00 00 00 00  ....C[..)`......
2f 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  /...,...........
42 00 00 00 a2 74 f3 76 f8 86 35 00 f8 7e 35 00  B....t.v..5..~5.

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: user-PC
Event Code: 26212
Record Number: 10928
Source Name: Chkdsk
Time Written: 10-15-2016 @ 18:08:48
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.  

Checking file system on C:
The type of the file system is NTFS.
Volume label is ACER.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
Cleaning up instance tags for file 0x1efc.
  240896 file records processed.                                  

  596 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  44 reparse records processed.                               

  284676 index entries processed.                                 

  0 unindexed files processed.                               

  240896 security descriptors processed.                          

Cleaning up 6259 unused index entries from index $SII of file 0x9.
Cleaning up 6259 unused index entries from index $SDH of file 0x9.
Cleaning up 6259 unused security descriptors.
  21891 data files processed.                                    

CHKDSK is verifying Usn Journal...
  35443160 USN bytes processed.                                     

Usn Journal verification completed.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

 229995519 KB total disk space.
  93615052 KB in 200524 files.
     95752 KB in 21892 indexes.
         4 KB in bad sectors.
    355135 KB in use by the system.
     65536 KB occupied by the log file.
 135929576 KB available on disk.

      4096 bytes in each allocation unit.
  57498879 total allocation units on disk.
  33982394 allocation units available on disk.

-----------------------------------------------------------------------
 

Many thanks ..................... I hope you find something tangible!

 

Slime.


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> DefaultScope {863E6E81-B714-4682-A268-8E0567066424} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {863E6E81-B714-4682-A268-8E0567066424} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2016-05-14 20:51 - 2016-09-05 11:16 - 0000000 ____D () C:\Users\user\AppData\Local\Temp\avgnt.exe
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#5
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Here is the log that you asked for.

I must also say, I'ts just occured to me, that for a while now my machine doesn't shut down correctly!

When shutting down the programs will close and the screen will go black, but the power button remains illuminated.

It's like this for a few mins before going to a BSOD for about 30 seconds, after which it reboots.

Once this happens I go to shut it down, which it does first time!

I do apologise, I should have mentioned this at the start but it's only just occurred to me  :headscratch:.

 

Anyway ...................... the log;

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-02-2017
Ran by user (09-02-2017 16:53:04) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> DefaultScope {863E6E81-B714-4682-A268-8E0567066424} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {863E6E81-B714-4682-A268-8E0567066424} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2016-05-14 20:51 - 2016-09-05 11:16 - 0000000 ____D () C:\Users\user\AppData\Local\Temp\avgnt.exe
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
CMD: ipconfig /flushdns
Emptytemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 => key removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{863E6E81-B714-4682-A268-8E0567066424} => key removed successfully.
HKCR\CLSID\{863E6E81-B714-4682-A268-8E0567066424} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} => key removed successfully.
HKCR\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value removed successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => key not found.
HKLM\System\CurrentControlSet\Services\MobilityService => key removed successfully.
MobilityService => service removed successfully.
HKLM\System\CurrentControlSet\Services\IpInIp => key removed successfully.
IpInIp => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFlt => key removed successfully.
NwlnkFlt => service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFwd => key removed successfully.
NwlnkFwd => service removed successfully.
C:\Users\user\AppData\Local\Temp\avgnt.exe => moved successfully

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55712753 B
Java, Flash, Steam htmlcache => 8372178 B
Windows/system/drivers => 182258191 B
Edge => 0 B
Chrome => 2205743 B
Firefox => 389174080 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 28902508 B
LocalService => 66228 B
NetworkService => 46732286 B
user => 85851035 B

RecycleBin => 2474 B
EmptyTemp: => 774.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:56:10 ====

 

 

Thanks again,

Slime.


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Can you run this for us;

Download WhoCrashed Scroll down a bit and look under Crash Analysis Tools for Whocrashed
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
  • Put a tick in Accept then click on Next.
  • Put a tick in the Don't create a start menu folder then click Next.
  • Put a tick in Create a Desktop Icon.
  • then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish.
  • Click Analyze
  • It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it.
Copy and paste it into your next reply.
  • 0

#7
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

I hope this is correct, forgive me if not.

 

Slime.

 

 

 

 

 

System Information (local)


Computer name: USER-PC
Windows version: Windows Vista Service Pack 2, 6.0, build: 6002
Windows dir: C:\Windows
Hardware: Aspire 6930Z , Acer, Makalu
CPU: GenuineIntel Intel® Pentium® Dual CPU T3400 @ 2.16GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 3145850880 bytes total





Crash Dump Analysis


Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Wed 08/02/2017 22:34:07 your computer crashed
crash dump file: C:\Windows\Minidump\Mini020817-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCDAEF)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF895513C0, 0xFFFFFFFF89579340, 0xFFFFFFFF86163858)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Wed 08/02/2017 22:34:07 your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrpamp.exe (nt!KeBugCheckEx+0x1E)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF895513C0, 0xFFFFFFFF89579340, 0xFFFFFFFF86163858)
Error: DRIVER_POWER_STATE_FAILURE
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: ntkrpamp.exe .
Google query: ntkrpamp.exe DRIVER_POWER_STATE_FAILURE



On Mon 06/02/2017 22:43:04 your computer crashed
crash dump file: C:\Windows\Minidump\Mini020617-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCDAEF)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF893873C0, 0xFFFFFFFF893B9340, 0xFFFFFFFF93D83538)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sun 05/02/2017 23:09:04 your computer crashed
crash dump file: C:\Windows\Minidump\Mini020517-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCDAEF)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF893D8430, 0xFFFFFFFF891A9E00, 0xFFFFFFFF85D0A528)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 02/02/2017 20:06:55 your computer crashed
crash dump file: C:\Windows\Minidump\Mini020217-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCDAEF)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF893AD430, 0xFFFFFFFF893AF340, 0xFFFFFFFF8883C470)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.






Conclusion

70 crash dumps have been found and analyzed. Only 5 are included in this report. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

ntkrpamp.exe

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination with the errors that have been reported for these drivers. Include the brand and model name of your computer as well in the query. This often yields interesting results from discussions on the web by users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Are you getting the blue screen at every shut down ? What does it say can you read it and get me the information from the screen.

I'm not a blue screen Analyst, but I'll try and gather information. Right now I still want to look more at the Hard drive

Any important files on this computer I would back them to a flash drive as I'm still concerned about the hard drive.

Download the SeaTools for Windows file. http://www.seagate.c...indowsSetup.exe

Once the download starts, you will be prompted to either run the application, save the application or cancel the download. Click the Save button to save the application. When you click on the Save button the Save As dialog will be launched. You may either save the application to your Desktop or to a folder of your choice. After the SeaTools for Windows application has been downloaded and saved to the location you select, click on the SeaTools file to launch the Windows Installation Wizard. Follow the instructions in the Wizard to complete the installation process. Read more at: https://tr.im/1lann

Also

Download then run Speccy (free) and post the resultant url for us, details here, this will provide us with information about your computer hardware + any software that you have installed that may explain the present issue/s.
  • 0

#9
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Hi zep516

I'm not sure I'm doing this correctly!

I've run SeaTools for windows and all I get is the following,

SeaTools image.jpg

 

Where do I go from here, or have I done something wrong?

 

As for speccy, all I can offer you is this,

 

http://speccy.pirifo...SVHPrOZIsbAcUrL

 

I hope that's what you're looking for!

 

I'll try and get some more info regarding my blue screen.

It happens about 90% of the time.

 

Thanks once again,

 

Slime.


  • 0

#10
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

I've just rebooted my machine to see if I could get the BSOD I was talking about, and sure enough, I got it.

It basically said that a problem had been detected and windows has been shut down to prevent damage to my computer.

It also said DRIVER_POWER_STATE_FAILURE.

Further down it had the following,

 

Technical information;

 

STOP: 0x0000009F (0x00000003, 0x85524B70, 0x890A2020, 0x88CF0008)

 

Collecting data for crash dump.......

Initializing disk for crash dump........

Beginning dump of physical memory.......

Dumping physical memory to disk :   35

 

Obviously the 35 is a percentage and when 100 was reached my machine rebooted to my desktop.

Then it can be shut down without any issues!

 

I hope this helps,

 

Slime.


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Since we ran check disc has there been any improvement in freezing ?

Let me take a look at Seatools and see how it's done, there should be a short test you can run. I'll download it and become more familiar with it. As far as the blue screens. I'll probably refer you to someone else for that not my area. We will make sure there is no malware and try to confirm the hard drive is ok.

I'll be back later today.
  • 0

#12
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Hello,

Since we ran check disc has there been any improvement in freezing ?

Let me take a look at Seatools and see how it's done, there should be a short test you can run. I'll download it and become more familiar with it. As far as the blue screens. I'll probably refer you to someone else for that not my area. We will make sure there is no malware and try to confirm the hard drive is ok.

I'll be back later today.

 

I must bo honest and say that I think there has been some improvement.

I'll be using my laptop pretty hard today so I'll have a better idea later on.

Thanks for your continued help,

 

Slime.

 

P.S. I hope you're keeping warm!


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Before you get going today run a malwarebytes scan and post a log report. You may already have malwarebytes so you could skip the download part.


  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

After you post the malwarebytes log do this.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
Task: {561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} - System32\Tasks\ASC9_SkipUac_user => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
C:\Program Files\IObit
MSCONFIG\Services: Avira.ServiceHost => 2
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Next

Please download the Avira removal tool from here-->https://www.avira.co...r-removal-tool/
Download the tool and run it.

Next

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
Off to work now back at 4pm
  • 0

#15
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Malwarebytes log as requested;

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/02/2017
Scan Time: 14:46:18
Logfile: Mbam log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.10.05
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250869
Time Elapsed: 11 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\AUSLOGICS\BoostSpeed, Quarantined, [2726059cfcac9e98b8f2bac8cf31cc34],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed, Quarantined, [430aa7faf8b038fe22820f7344bcd030],
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\8.x, Quarantined, [430aa7faf8b038fe22820f7344bcd030],
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\8.x\IgnoredLists, Quarantined, [430aa7faf8b038fe22820f7344bcd030],
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\8.x\Logs, Quarantined, [430aa7faf8b038fe22820f7344bcd030],

Files: 5
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\8.x\StatDB.json, Quarantined, [430aa7faf8b038fe22820f7344bcd030],
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\8.x\IgnoredLists\TRE_User.igl, Quarantined, [430aa7faf8b038fe22820f7344bcd030],
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\8.x\Logs\BoostSpeedLogic.log, Quarantined, [430aa7faf8b038fe22820f7344bcd030],
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\8.x\Logs\InternetOptimizerStatistics.log, Quarantined, [430aa7faf8b038fe22820f7344bcd030],
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\8.x\Logs\TweakManagerStatistics.log, Quarantined, [430aa7faf8b038fe22820f7344bcd030],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP