Hi all.
I have an Acer Aspire 6930Z running on Vista Home Premium SP2.
I know it's old, but has been running reasonably well up until a few days ago.
It now takes far, far longer to boot up and often freezes for several minutes, even when doing simple tasks such as opening
a new tab or clicking on an email.
After a few minutes it just springs back to life and carries on until the next freeze!
This has not been a gradual thing ................ it just started happening a few days ago.
I'm assuming I have an infection, but what do I know?
Please help.
Yours,
Slime
Here are my FRST logs;
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2017
Ran by user (administrator) on USER-PC (08-02-2017 18:15:21)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Realtek Semiconductor Corp.) C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\MountPoints2: {1308fcb7-1979-11e6-ac59-806e6f6e6963} - D:\DriverPackSolution.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-05] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{086F9650-8545-49BA-A672-71D56BEDB0B7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3}: [DhcpNameServer] 212.159.13.49 212.159.13.50
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0516&m=aspire_6930z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0516&m=aspire_6930z
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.msn.com/?ocid=EIE9HP&PC=UP50
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://uk.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> DefaultScope {863E6E81-B714-4682-A268-8E0567066424} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1701030405-4185235007-3865900534-1000 -> {863E6E81-B714-4682-A268-8E0567066424} URL = hxxp://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> No File
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\partner.dll [2016-05-13] (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 [2017-02-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> Google
FF Homepage: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> hxxps://www.google.co.uk/
FF Keyword.URL: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> hxxps://www.google.com/search?q=
FF Extension: (New Tab Override (browser.newtab.url replacement)) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594\Extensions\[email protected] [2016-12-27]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-05-15]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-15]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-15]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-05] (AVAST Software)
S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
S4 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
S4 Partner Service; C:\ProgramData\Partner\partner.exe [110576 2016-05-13] (Google Inc.)
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-05] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-10-05] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [850472 2008-08-05] (Bison Electronics. Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-05] (Intel Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [54824 2010-03-29] (Atheros Communications, Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2474200 2014-03-12] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27888 2013-07-30] (Synaptics Incorporated)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-08 18:15 - 2017-02-08 18:16 - 00015758 _____ C:\Users\user\Desktop\FRST.txt
2017-02-08 18:15 - 2017-02-08 18:15 - 00000000 ____D C:\FRST
2017-02-08 18:13 - 2017-02-08 18:13 - 00001930 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-02-08 18:13 - 2017-02-08 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-02-08 18:11 - 2017-02-08 18:12 - 01763328 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2017-02-06 22:43 - 2017-02-06 22:44 - 00146064 _____ C:\Windows\Minidump\Mini020617-01.dmp
2017-02-05 23:09 - 2017-02-05 23:09 - 00146064 _____ C:\Windows\Minidump\Mini020517-01.dmp
2017-02-02 20:07 - 2017-02-02 20:07 - 00146040 _____ C:\Windows\Minidump\Mini020217-01.dmp
2017-02-02 13:21 - 2017-02-02 13:26 - 00000000 ____D C:\Users\user\Desktop\Ebay listings
2017-01-31 14:22 - 2017-01-31 14:22 - 00146040 _____ C:\Windows\Minidump\Mini013117-01.dmp
2017-01-29 14:46 - 2017-01-29 14:46 - 00146040 _____ C:\Windows\Minidump\Mini012917-01.dmp
2017-01-27 16:59 - 2017-01-27 16:59 - 00146040 _____ C:\Windows\Minidump\Mini012717-02.dmp
2017-01-27 09:34 - 2017-01-27 09:34 - 00146040 _____ C:\Windows\Minidump\Mini012717-01.dmp
2017-01-25 23:28 - 2017-01-25 23:28 - 00146064 _____ C:\Windows\Minidump\Mini012517-02.dmp
2017-01-25 15:25 - 2017-01-25 15:25 - 00146064 _____ C:\Windows\Minidump\Mini012517-01.dmp
2017-01-24 23:16 - 2017-01-24 23:16 - 00146064 _____ C:\Windows\Minidump\Mini012417-01.dmp
2017-01-24 20:20 - 2017-01-05 16:57 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-24 19:47 - 2017-01-26 16:03 - 00000000 ____D C:\Users\user\Desktop\Honda Civic LA12GWW
2017-01-23 23:33 - 2017-01-23 23:33 - 00146064 _____ C:\Windows\Minidump\Mini012317-01.dmp
2017-01-22 23:57 - 2017-01-22 23:57 - 00146064 _____ C:\Windows\Minidump\Mini012217-01.dmp
2017-01-22 17:17 - 2017-01-22 17:20 - 00000000 ____D C:\Users\user\Desktop\Golf Travel Case
2017-01-22 13:42 - 2017-01-22 13:42 - 00000000 ____D C:\Users\user\Desktop\Wurlitzer 4080R
2017-01-18 23:54 - 2017-01-18 23:54 - 00146064 _____ C:\Windows\Minidump\Mini011817-01.dmp
2017-01-17 23:40 - 2017-01-17 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-17 23:29 - 2017-01-17 23:29 - 00146064 _____ C:\Windows\Minidump\Mini011717-01.dmp
2017-01-13 18:13 - 2017-01-13 18:14 - 00146056 _____ C:\Windows\Minidump\Mini011317-01.dmp
2017-01-12 19:07 - 2017-01-12 19:07 - 00146040 _____ C:\Windows\Minidump\Mini011217-01.dmp
2017-01-12 10:35 - 2017-01-12 10:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Template
2017-01-12 10:35 - 2017-01-12 10:35 - 00000000 _____ C:\Users\user\AppData\Roaming\wklnhst.dat
2017-01-11 23:16 - 2017-01-11 23:16 - 00146064 _____ C:\Windows\Minidump\Mini011117-01.dmp
2017-01-10 23:35 - 2017-01-10 23:35 - 00146080 _____ C:\Windows\Minidump\Mini011017-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-08 18:13 - 2016-10-28 16:33 - 00000000 ____D C:\ProgramData\Foxit Software
2017-02-08 18:11 - 2008-11-18 17:49 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-08 18:09 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-08 18:09 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-08 10:56 - 2016-11-18 20:59 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-02-08 10:55 - 2016-06-21 20:00 - 00000000 ____D C:\Program Files\Steam
2017-02-08 10:55 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-02-08 10:54 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-06 22:56 - 2006-11-02 13:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-06 22:43 - 2016-05-14 20:35 - 307547631 _____ C:\Windows\MEMORY.DMP
2017-02-06 22:43 - 2016-05-14 20:35 - 00000000 ____D C:\Windows\Minidump
2017-01-29 10:25 - 2016-11-21 22:37 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2017-01-27 17:04 - 2016-10-21 17:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 20:58 - 2016-05-13 21:57 - 00000000 ____D C:\Windows\system32\MRT
2017-01-24 20:53 - 2006-11-02 10:24 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-01-22 13:41 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-01-22 13:41 - 2006-11-02 10:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 19:16 - 2016-05-15 00:34 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-01-17 23:41 - 2016-12-18 14:47 - 00000000 ____D C:\Program Files\Garmin
2017-01-17 23:41 - 2016-05-14 20:42 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-16 08:58 - 2016-05-16 23:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-15 09:25 - 2016-05-16 23:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-15 09:25 - 2016-05-16 23:23 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-15 09:25 - 2016-05-14 10:45 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2017-01-15 09:25 - 2008-11-18 17:55 - 00000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2017-01-12 10:35 - 2017-01-12 10:35 - 0000000 _____ () C:\Users\user\AppData\Roaming\wklnhst.dat
2016-09-22 17:17 - 2016-09-22 17:17 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2016-05-14 10:57 - 2016-06-02 16:49 - 0007680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-09 16:53 - 2016-09-09 16:54 - 0146645 _____ () C:\Users\user\AppData\Local\edsinstaller.txt-20160909.log
2016-05-13 20:02 - 2016-05-13 20:06 - 0006030 _____ () C:\ProgramData\ArcadeDeluxe2.log
2016-05-14 11:02 - 2016-05-14 11:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-09 20:29 - 2016-09-09 20:30 - 0000090 _____ () C:\ProgramData\PS.log
Some files in TEMP:
====================
2016-05-14 20:51 - 2016-09-05 11:16 - 0000000 ____D () C:\Users\user\AppData\Local\Temp\avgnt.exe
2016-10-28 16:32 - 2016-11-08 11:15 - 5571272 _____ (Foxit Corporation) C:\Users\user\AppData\Local\Temp\FoxitUpdater.exe
2016-10-15 22:04 - 2016-10-15 22:04 - 0204800 _____ (Realtek Semiconductor Corp.) C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-08 11:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2017
Ran by user (08-02-2017 18:16:40)
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2016-05-14 02:16:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1701030405-4185235007-3865900534-500 - Administrator - Disabled)
Guest (S-1-5-21-1701030405-4185235007-3865900534-501 - Limited - Enabled)
user (S-1-5-21-1701030405-4185235007-3865900534-1000 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (Version: 2.6.1.4 - Intel) Hidden
Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13 - Acer Crystal Eye webcam)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
Elevated Installer (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
FM Genie Scout 16 version 1.0 16.3.2 (HKLM\...\FM Genie Scout 16_is1) (Version: 1.0 16.3.2 - )
Football Manager 2015 (HKLM\...\Steam App 295270) (Version: - Sports Interactive)
Football Manager 2016 (HKLM\...\Steam App 378120) (Version: - SPORTS INTERACTIVE)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Garmin Express (HKLM\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 45.7.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 45.7.0 (x86 en-GB)) (Version: 45.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
OpenOffice 4.1.3 (HKLM\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7285 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Winbond CIR Device Drivers (HKLM\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2EED783D-1319-49E7-9CDF-4281BF30AD1A} - System32\Tasks\SafeZone scheduled Autoupdate 1475705443 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {4052F64A-3C36-4ADC-ABEC-4E682AC99A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-15] (Google Inc.)
Task: {4586B4A8-F988-44B6-9B9B-3104737D48F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-15] (Google Inc.)
Task: {561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} - System32\Tasks\ASC9_SkipUac_user => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
Task: {6152A8EA-1114-4618-A791-645834141FA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-05] (AVAST Software)
Task: {72D07E84-5306-44BF-9BB2-308F5ECB9412} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {886DC9BA-1489-4B50-AB47-96635C170608} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {97621A41-1806-4118-8F88-85DBB26BD4DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated)
Task: {9816DCE8-5643-41FB-8C3F-558FFD439798} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {D5BAE814-0569-4D1C-A1EE-9C81F4522256} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-10-05 22:07 - 2016-10-05 22:07 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-06 20:09 - 2017-02-06 20:09 - 05731328 _____ () C:\Program Files\AVAST Software\Avast\defs\17020603\algo.dll
2016-10-05 22:07 - 2016-10-05 22:07 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-05 22:07 - 2016-10-05 22:07 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 10:23 - 2016-10-15 21:53 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Control Panel\Desktop\\Wallpaper -> c:\Windows\Web\wallpaper\Acer01.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Avira.ServiceHost => 2
MSCONFIG\Services: BUNAgentSvc => 2
MSCONFIG\Services: CLHNService => 2
MSCONFIG\Services: eDataSecurity Service => 2
MSCONFIG\Services: ETService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MobilityService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTIBackupSvc => 2
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: eAudio => "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{40F36B7F-D3B5-42FB-81CE-A3826F9C5C64}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{A4651429-0CE0-4717-82DC-6A4475E65562}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{62C7C5A7-0003-453A-9D07-8267719F577D}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{8460336C-0B01-4766-AAC8-FDB494FDA7A1}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{671C30DE-701E-4409-9B6A-B081096D1893}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{C88CA162-B6B3-4F71-80FB-899659F940B0}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{58029D2E-3712-44B1-9408-F6F4CE656905}] => C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{2053AA6E-3B70-4B28-AF72-1E460C44041B}] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{8B7B8104-6D5E-4629-BD4D-4903C7D41ED4}] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{FAEB1A12-7A18-4E3F-8A2F-6EEC7EF1A2D9}] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{C023D78C-B691-4DAF-A6AF-FEBEB95BF6D2}] => C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{ED82A523-F70B-4A0A-BC11-2B674D3F6CFC}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C2436529-D4A9-4A9F-AF80-946E447DC9CE}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{96B9A24C-3048-4815-BCF5-5E3149FB0235}] => LPort=80
FirewallRules: [{B50F4441-8419-496E-88EB-73705EF9C505}] => LPort=80
FirewallRules: [{B049F4BE-9E99-4F9E-84A5-33EDE130D83B}] => LPort=80
FirewallRules: [{909C2457-C8E9-4810-9164-377372C440ED}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => LPort=80
FirewallRules: [{82A36E42-5F40-4241-9FD7-1CCAE51AE0F7}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{43C8D2F3-D4AF-4DE6-A8A9-3814B3090B70}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{3F2C8215-6DA7-4F56-ADBC-8C902A511236}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{C49AD7F8-3BE0-4547-9401-4248CE3D3C37}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F02DF9E-6B23-411E-99B1-CFE407A8F2A9}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{4B4F6562-8756-4F0B-887B-5AD4CC19B031}] => C:\Program Files\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{D6DA7217-30C2-435E-91F5-49234D81034A}] => C:\Program Files\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{56857F5C-EDBF-4C24-83B5-227306B73539}] => C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe
FirewallRules: [{996F35D2-24EF-4C1E-B45A-3CE4690546E2}] => C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Atheros AR5B91 Wireless Network Adapter
Description: Atheros AR5B91 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/08/2017 02:45:38 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x8000ffff).
Error: (02/08/2017 02:45:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).
Error: (02/08/2017 02:45:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80004002.
Operation:
Abort Backup
Context:
Execution Context: Requestor
Current State: SnapshotSetCreated
Error: (02/08/2017 02:45:38 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.
Operation:
Abort Backup
Context:
Execution Context: Requestor
Current State: SnapshotSetCreated
Error: (02/08/2017 02:45:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (02/08/2017 02:45:38 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (02/08/2017 10:33:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\THUNDERBIRD\PROFILES\SJYO38KT.DEFAULT\CACHE\9> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (02/08/2017 10:33:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\THUNDERBIRD\PROFILES\SJYO38KT.DEFAULT\CACHE\9> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (02/08/2017 10:33:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\THUNDERBIRD\PROFILES\SJYO38KT.DEFAULT\CACHE\8> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (02/08/2017 10:33:00 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\USER\APPDATA\LOCAL\THUNDERBIRD\PROFILES\SJYO38KT.DEFAULT\CACHE\8> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (02/08/2017 06:13:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Foxit Reader Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (02/08/2017 05:52:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/08/2017 05:52:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/08/2017 05:52:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/08/2017 05:52:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/08/2017 05:44:36 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/08/2017 05:44:32 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/08/2017 05:44:29 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/08/2017 05:44:27 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/08/2017 05:44:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===================================
Date: 2017-02-05 23:12:52.108
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-05 23:12:51.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-05 23:12:50.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-05 23:12:50.127
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-05 23:12:49.019
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-05 23:12:48.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-05 23:12:47.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-05 23:12:47.444
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-31 14:26:08.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-01-31 14:26:08.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 67%
Total physical RAM: 3000.12 MB
Available physical RAM: 968.97 MB
Total Virtual: 6208.48 MB
Available Virtual: 4284.96 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:219.34 GB) (Free:160.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 9E76DF21)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=219.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Edited by Slime, 08 February 2017 - 12:22 PM.