Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop keeps freezing for several minutes at a time !


  • This topic is locked This topic is locked

#16
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

This is the fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 10-02-2017
Ran by user (10-02-2017 15:27:48) Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
Task: {561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} - System32\Tasks\ASC9_SkipUac_user => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
C:\Program Files\IObit
MSCONFIG\Services: Avira.ServiceHost => 2
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BFE => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BITS => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\\Default => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vss => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WSService => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BITS => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\msiserver => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SamSs => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srv => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srv2 => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srvnet => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\\Default => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vss => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WSService => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avira SystrayStartTrigger => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} => key removed successfully.
C:\Windows\System32\Tasks\ASC9_SkipUac_user => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_user => key removed successfully.
C:\Program Files\IObit => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Avira.ServiceHost => key removed successfully.
HKLM\System\CurrentControlSet\Services\Avira.ServiceHost => key not found.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5155267 B
Java, Flash, Steam htmlcache => 142921 B
Windows/system/drivers => 321799 B
Edge => 0 B
Chrome => 0 B
Firefox => 165303921 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 0 B
NetworkService => 520 B
user => 13745773 B

RecycleBin => 0 B
EmptyTemp: => 188.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:28:32 ====

 

 

Then the Avira conundrum ............................. I didn't think I had it!

I couldn't find the removal tool so much as a manual instructing how to remove threats with Avira.

I looked around but couldn't find a tool that would remove Avira itsself.

I then found an Avira installer on my laptop so then used Revo Uninstaller to remove it and also, allegedly, it removed Avira's left over elements from the registry.

I'm hoping that's okay.

 

And here are the FRST and Addition logs you requested;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2017
Ran by user (administrator) on USER-PC (10-02-2017 16:07:36)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\MountPoints2: {1308fcb7-1979-11e6-ac59-806e6f6e6963} - D:\DriverPackSolution.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-05] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{086F9650-8545-49BA-A672-71D56BEDB0B7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3}: [DhcpNameServer] 212.159.13.49 212.159.13.50

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0516&m=aspire_6930z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0516&m=aspire_6930z
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.msn.com/?ocid=EIE9HP&PC=UP50
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://uk.msn.com/?ocid=EIE9HP&PC=UP50
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\partner.dll [2016-05-13] (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 [2017-02-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> Google
FF Homepage: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> hxxps://www.google.co.uk/
FF Keyword.URL: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> hxxps://www.google.com/search?q=
FF Extension: (New Tab Override (browser.newtab.url replacement)) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594\Extensions\[email protected] [2016-12-27]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-15]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-15]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-05] (AVAST Software)
S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
S4 Partner Service; C:\ProgramData\Partner\partner.exe [110576 2016-05-13] (Google Inc.)
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-05] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-10-05] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [850472 2008-08-05] (Bison Electronics. Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-05] (Intel Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [54824 2010-03-29] (Atheros Communications, Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2474200 2014-03-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27888 2013-07-30] (Synaptics Incorporated)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 15:52 - 2017-02-10 15:52 - 00433481 _____ C:\Users\user\Desktop\man_avira_antivir-removaltool_en.pdf
2017-02-10 15:26 - 2017-02-10 15:26 - 01763328 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2017-02-10 15:17 - 2017-02-10 15:17 - 00002370 _____ C:\Users\user\Desktop\Mbam log.txt
2017-02-10 12:57 - 2017-02-10 12:57 - 00146064 _____ C:\Windows\Minidump\Mini021017-02.dmp
2017-02-10 12:26 - 2017-02-10 12:26 - 00000780 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-02-10 12:26 - 2017-02-10 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-02-10 12:26 - 2017-02-10 12:26 - 00000000 ____D C:\Program Files\Speccy
2017-02-10 12:25 - 2017-02-10 12:25 - 06293184 _____ (Piriform Ltd) C:\Users\user\Desktop\spsetup130.exe
2017-02-10 12:23 - 2017-02-10 12:23 - 00001186 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-02-10 12:20 - 2017-02-10 12:20 - 26157600 _____ C:\Users\user\Desktop\SeaToolsforWindowsSetup.exe
2017-02-10 11:49 - 2017-02-10 11:49 - 00146040 _____ C:\Windows\Minidump\Mini021017-01.dmp
2017-02-09 18:55 - 2017-02-09 18:55 - 00000842 _____ C:\Users\user\Desktop\WhoCrashed.lnk
2017-02-09 18:55 - 2017-02-09 18:55 - 00000000 ____D C:\Program Files\WhoCrashed
2017-02-09 18:53 - 2017-02-09 18:53 - 04958280 _____ (Resplendence Software Projects Sp. ) C:\Users\user\Desktop\whocrashedSetup.exe
2017-02-09 16:53 - 2017-02-10 15:28 - 00006902 _____ C:\Users\user\Desktop\Fixlog.txt
2017-02-09 13:59 - 2017-02-09 13:59 - 00019978 _____ C:\Users\user\Desktop\ListChkdskResult.txt
2017-02-09 13:58 - 2017-02-09 13:58 - 00197679 _____ C:\Users\user\Desktop\ListChkdskResult.exe
2017-02-08 22:35 - 2017-02-08 22:35 - 00146064 _____ C:\Windows\Minidump\Mini020817-01.dmp
2017-02-08 18:16 - 2017-02-08 18:17 - 00031362 _____ C:\Users\user\Desktop\Addition 1.txt
2017-02-08 18:15 - 2017-02-10 16:08 - 00013436 _____ C:\Users\user\Desktop\FRST.txt
2017-02-08 18:15 - 2017-02-10 16:07 - 00000000 ____D C:\FRST
2017-02-08 18:15 - 2017-02-08 18:18 - 00023299 _____ C:\Users\user\Desktop\FRST 1.txt
2017-02-08 18:13 - 2017-02-08 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-02-06 22:43 - 2017-02-06 22:44 - 00146064 _____ C:\Windows\Minidump\Mini020617-01.dmp
2017-02-05 23:09 - 2017-02-05 23:09 - 00146064 _____ C:\Windows\Minidump\Mini020517-01.dmp
2017-02-02 20:07 - 2017-02-02 20:07 - 00146040 _____ C:\Windows\Minidump\Mini020217-01.dmp
2017-02-02 13:21 - 2017-02-02 13:26 - 00000000 ____D C:\Users\user\Desktop\Ebay listings
2017-01-31 14:22 - 2017-01-31 14:22 - 00146040 _____ C:\Windows\Minidump\Mini013117-01.dmp
2017-01-29 14:46 - 2017-01-29 14:46 - 00146040 _____ C:\Windows\Minidump\Mini012917-01.dmp
2017-01-27 16:59 - 2017-01-27 16:59 - 00146040 _____ C:\Windows\Minidump\Mini012717-02.dmp
2017-01-27 09:34 - 2017-01-27 09:34 - 00146040 _____ C:\Windows\Minidump\Mini012717-01.dmp
2017-01-25 23:28 - 2017-01-25 23:28 - 00146064 _____ C:\Windows\Minidump\Mini012517-02.dmp
2017-01-25 15:25 - 2017-01-25 15:25 - 00146064 _____ C:\Windows\Minidump\Mini012517-01.dmp
2017-01-24 23:16 - 2017-01-24 23:16 - 00146064 _____ C:\Windows\Minidump\Mini012417-01.dmp
2017-01-24 20:20 - 2017-01-05 16:57 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-24 19:47 - 2017-01-26 16:03 - 00000000 ____D C:\Users\user\Desktop\Honda Civic LA12GWW
2017-01-23 23:33 - 2017-01-23 23:33 - 00146064 _____ C:\Windows\Minidump\Mini012317-01.dmp
2017-01-22 23:57 - 2017-01-22 23:57 - 00146064 _____ C:\Windows\Minidump\Mini012217-01.dmp
2017-01-22 17:17 - 2017-01-22 17:20 - 00000000 ____D C:\Users\user\Desktop\Golf Travel Case
2017-01-22 13:42 - 2017-01-22 13:42 - 00000000 ____D C:\Users\user\Desktop\Wurlitzer 4080R
2017-01-18 23:54 - 2017-01-18 23:54 - 00146064 _____ C:\Windows\Minidump\Mini011817-01.dmp
2017-01-17 23:29 - 2017-01-17 23:29 - 00146064 _____ C:\Windows\Minidump\Mini011717-01.dmp
2017-01-13 18:13 - 2017-01-13 18:14 - 00146056 _____ C:\Windows\Minidump\Mini011317-01.dmp
2017-01-12 19:07 - 2017-01-12 19:07 - 00146040 _____ C:\Windows\Minidump\Mini011217-01.dmp
2017-01-12 10:35 - 2017-01-12 10:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Template
2017-01-12 10:35 - 2017-01-12 10:35 - 00000000 _____ C:\Users\user\AppData\Roaming\wklnhst.dat
2017-01-11 23:16 - 2017-01-11 23:16 - 00146064 _____ C:\Windows\Minidump\Mini011117-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 16:04 - 2016-05-14 20:42 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 16:04 - 2016-05-14 20:42 - 00000000 ____D C:\ProgramData\Avira
2017-02-10 15:32 - 2016-11-18 20:59 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-02-10 15:31 - 2016-06-21 20:00 - 00000000 ____D C:\Program Files\Steam
2017-02-10 15:30 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-10 15:30 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-10 15:30 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-10 15:30 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-02-10 15:28 - 2006-11-02 13:01 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-10 15:15 - 2016-05-19 15:40 - 00000000 ____D C:\ProgramData\Auslogics
2017-02-10 14:45 - 2016-09-04 08:35 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-10 13:23 - 2016-12-18 15:57 - 00000000 ____D C:\Users\user\Documents\Garmin
2017-02-10 13:23 - 2016-07-06 18:29 - 00000000 ____D C:\ProgramData\Garmin
2017-02-10 13:22 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-02-10 12:57 - 2016-05-14 20:35 - 00000000 ____D C:\Windows\Minidump
2017-02-10 12:56 - 2016-05-14 20:35 - 331713711 _____ C:\Windows\MEMORY.DMP
2017-02-10 12:23 - 2016-05-22 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-02-10 12:23 - 2016-05-22 21:34 - 00000000 ____D C:\Program Files\Seagate
2017-02-08 22:20 - 2016-11-21 22:37 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2017-02-08 18:13 - 2016-10-28 16:33 - 00000000 ____D C:\ProgramData\Foxit Software
2017-02-08 18:11 - 2008-11-18 17:49 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-01-27 17:04 - 2016-10-21 17:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 20:58 - 2016-05-13 21:57 - 00000000 ____D C:\Windows\system32\MRT
2017-01-24 20:53 - 2006-11-02 10:24 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-01-22 13:41 - 2006-11-02 10:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 19:16 - 2016-05-15 00:34 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-01-16 08:58 - 2016-05-16 23:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-15 09:25 - 2016-05-16 23:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-15 09:25 - 2016-05-16 23:23 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-15 09:25 - 2016-05-14 10:45 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2017-01-15 09:25 - 2008-11-18 17:55 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2017-01-12 10:35 - 2017-01-12 10:35 - 0000000 _____ () C:\Users\user\AppData\Roaming\wklnhst.dat
2016-09-22 17:17 - 2016-09-22 17:17 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2016-05-14 10:57 - 2016-06-02 16:49 - 0007680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-09 16:53 - 2016-09-09 16:54 - 0146645 _____ () C:\Users\user\AppData\Local\edsinstaller.txt-20160909.log
2016-05-13 20:02 - 2016-05-13 20:06 - 0006030 _____ () C:\ProgramData\ArcadeDeluxe2.log
2016-05-14 11:02 - 2016-05-14 11:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-09 20:29 - 2016-09-09 20:30 - 0000090 _____ () C:\ProgramData\PS.log

Some files in TEMP:
====================
2017-02-10 15:30 - 2017-02-10 15:31 - 0204800 _____ (Realtek Semiconductor Corp.) C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-10 15:36

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2017
Ran by user (10-02-2017 16:08:24)
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2016-05-14 02:16:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1701030405-4185235007-3865900534-500 - Administrator - Disabled)
Guest (S-1-5-21-1701030405-4185235007-3865900534-501 - Limited - Enabled)
user (S-1-5-21-1701030405-4185235007-3865900534-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (Version: 2.6.1.4 - Intel) Hidden
Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13 - Acer Crystal Eye webcam)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
FM Genie Scout 16 version 1.0 16.3.2 (HKLM\...\FM Genie Scout 16_is1) (Version: 1.0 16.3.2 - )
Football Manager 2015 (HKLM\...\Steam App 295270) (Version:  - Sports Interactive)
Football Manager 2016 (HKLM\...\Steam App 378120) (Version:  - SPORTS INTERACTIVE)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 45.7.1 (x86 en-GB)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
OpenOffice 4.1.3 (HKLM\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7285 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
WhoCrashed 5.53 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Winbond CIR Device Drivers (HKLM\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2EED783D-1319-49E7-9CDF-4281BF30AD1A} - System32\Tasks\SafeZone scheduled Autoupdate 1475705443 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {4052F64A-3C36-4ADC-ABEC-4E682AC99A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-15] (Google Inc.)
Task: {4586B4A8-F988-44B6-9B9B-3104737D48F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-15] (Google Inc.)
Task: {6152A8EA-1114-4618-A791-645834141FA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-05] (AVAST Software)
Task: {886DC9BA-1489-4B50-AB47-96635C170608} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {97621A41-1806-4118-8F88-85DBB26BD4DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated)
Task: {9816DCE8-5643-41FB-8C3F-558FFD439798} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {D5BAE814-0569-4D1C-A1EE-9C81F4522256} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 22:07 - 2016-10-05 22:07 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-10 12:58 - 2017-02-10 12:58 - 06461320 _____ () C:\Program Files\AVAST Software\Avast\defs\17021001\algo.dll
2016-10-05 22:07 - 2016-10-05 22:07 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-10-05 22:07 - 2016-10-05 22:07 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2016-10-15 21:53 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Control Panel\Desktop\\Wallpaper -> c:\Windows\Web\wallpaper\Acer01.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BUNAgentSvc => 2
MSCONFIG\Services: CLHNService => 2
MSCONFIG\Services: eDataSecurity Service => 2
MSCONFIG\Services: ETService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MobilityService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTIBackupSvc => 2
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: eAudio => "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{40F36B7F-D3B5-42FB-81CE-A3826F9C5C64}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{A4651429-0CE0-4717-82DC-6A4475E65562}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{62C7C5A7-0003-453A-9D07-8267719F577D}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{8460336C-0B01-4766-AAC8-FDB494FDA7A1}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{671C30DE-701E-4409-9B6A-B081096D1893}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{C88CA162-B6B3-4F71-80FB-899659F940B0}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{58029D2E-3712-44B1-9408-F6F4CE656905}] => C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{2053AA6E-3B70-4B28-AF72-1E460C44041B}] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{8B7B8104-6D5E-4629-BD4D-4903C7D41ED4}] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{FAEB1A12-7A18-4E3F-8A2F-6EEC7EF1A2D9}] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{C023D78C-B691-4DAF-A6AF-FEBEB95BF6D2}] => C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{ED82A523-F70B-4A0A-BC11-2B674D3F6CFC}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C2436529-D4A9-4A9F-AF80-946E447DC9CE}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{96B9A24C-3048-4815-BCF5-5E3149FB0235}] => LPort=80
FirewallRules: [{B50F4441-8419-496E-88EB-73705EF9C505}] => LPort=80
FirewallRules: [{B049F4BE-9E99-4F9E-84A5-33EDE130D83B}] => LPort=80
FirewallRules: [{909C2457-C8E9-4810-9164-377372C440ED}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => LPort=80
FirewallRules: [{82A36E42-5F40-4241-9FD7-1CCAE51AE0F7}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{43C8D2F3-D4AF-4DE6-A8A9-3814B3090B70}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{3F2C8215-6DA7-4F56-ADBC-8C902A511236}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{C49AD7F8-3BE0-4547-9401-4248CE3D3C37}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F02DF9E-6B23-411E-99B1-CFE407A8F2A9}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{4B4F6562-8756-4F0B-887B-5AD4CC19B031}] => C:\Program Files\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{D6DA7217-30C2-435E-91F5-49234D81034A}] => C:\Program Files\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{56857F5C-EDBF-4C24-83B5-227306B73539}] => C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe
FirewallRules: [{996F35D2-24EF-4C1E-B45A-3CE4690546E2}] => C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Atheros AR5B91 Wireless Network Adapter
Description: Atheros AR5B91 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2017 04:04:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Descripton = Revo Uninstaller's restore point - Avira Launcher; Hr = 0x8000ffff).

Error: (02/10/2017 04:04:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (02/10/2017 04:04:02 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (02/10/2017 03:27:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Users\user\Desktop\FRST.exe ; Descripton = Restore Point Created by FRST; Hr = 0x8000ffff).

Error: (02/10/2017 03:27:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (02/10/2017 03:27:50 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (02/10/2017 01:22:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\ProgramData\Package Cache\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}\GarminExpressInstaller.exe Cache\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}\GarminExpressInstaller.exe" -q -burn.elevated BurnPipe.{DE642855-83A7-40C3-9545-1D01FA529360} {9855B7D0-8C8C-4776-B30D-7A450FBD5BE9} 6044; Descripton = Garmin Express; Hr = 0x8000ffff).

Error: (02/10/2017 01:22:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (02/10/2017 01:22:45 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (02/10/2017 01:22:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Descripton = Revo Uninstaller's restore point - Garmin Express; Hr = 0x8000ffff).


System errors:
=============
Error: (02/10/2017 04:00:22 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:59:14 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:59:11 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:48:17 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:43:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:43:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:42:48 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:42:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:42:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:41:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
  Date: 2017-02-10 14:50:12.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:12.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:11.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:11.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:10.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:09.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:09.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:08.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:08.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-10 14:50:07.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 50%
Total physical RAM: 3000.12 MB
Available physical RAM: 1482.3 MB
Total Virtual: 6210.48 MB
Available Virtual: 4716.07 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:219.34 GB) (Free:161.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 9E76DF21)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=219.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Regards,

Slime.


Edited by Slime, 10 February 2017 - 10:32 AM.

  • 0

Advertisements


#17
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Just to mention that things have suddenly got much worse!

My laptop froze and all I could do was force a close by holding down the power button.

On reboot the machine gave me a screen with the following;

                              

                             Windows Error Recovery

                    Launch Startup Repair (Recommended)

                    Start Windows Normally

 

If I select the second option it returns me to the Error Recovery screen. It also does this when I try to boot into Safe Mode or Last Known Good Configuration!!

I therefore selected the first option.

After a couple of minutes I get a cursor, which I can move, on a black screen. Another couple of minutes later the screen goes into colour.

Again another couple of minutes pass and a box appears on the screen headed System Recovery Options.

This ask for the keyboard layout. Default is US ................ I can't change this to UK or anything else!

I hit 'next' and this brings up the following;

                                   

                             RecEnv.exe Application Error

X Instruction at 0x757b340f referenced memory at 0xbe0045a2.

   The memory could not be written.

   Click OK to terminate the program

 

I click OK and the error box goes. After about 10 minutes the machine rebooted to the Error Recovery page ........................ again!!

I'm totally at my wits end.

Any thoughts considering that I can't now get the machine to boot up?

Regards,

 

Slime.

 

P.S. I posted this from another laptop .............................. but I guess you probably worked that out :whistling:.


Edited by Slime, 12 February 2017 - 05:34 PM.

  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Will the computer boot to safe mode ?

Shut the computer off, turn back on as soon as you turn it on keep tapping the f8 key.

Let me know.
  • 0

#19
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Hello,

Will the computer boot to safe mode ?

Let me know.

 

Unfortunately not, everything I do takes me to the Windows Error Recovery page!

After going through the process many times, I eventually managed to select UK keyboard layout which led me to this window;

                                       SYSTEM RECOVERY OPTIONS

                                       Choose a recovery tool;

                                       Startup Repair

                                       System Restore

                                       Windows Complete PC Restore

                                       Windows Memory Diagnostic Tool

                                       Command Prompt


I selected 'Startup Repair' and it began checking for problems. When complete I got a Startup Repair Diagnosis and repair details as follows;

Number of repair attempts    1

System Disk = \Device\Harddisk 0

Windows directory =

Autochk Run = 0

Number of root causes   1

Update check successful.              Error code = 0x0. Time taken = 16ms

System disk test successful.          Error code = 0x0. Time taken = 00ms

Disk failure diagnosis successful. Error code = 0x0. Time taken = 171ms

Disk metadata test successful.      Error code = 0x0. Time taken = 26131ms

Root cause found : System volume on disk is corrupt.

Repair Action : File System Repair (chkdsk)

Result : Completed successfully. Error code = 0x0. Time taken = 370720ms.


I then clicked 'Finish' and the laptop reboots to the Error Recovery page .................................... AGAIN!!

I tried it again this morning and I do get the option of booting to the Command Prompt which it titled as below;

Administrator: X: \windows\system32\cmd.exe

Is that a step forward??

Yours in desperation,
Slime.


  • 0

#20
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Yet another update!

Sorry for the information overload but I guess you need to know as much as I can tell you!

I ran the Startup Repair thing again and again. On it's third run I noticed that it was taking much longer and it produced the following results;

 

All the checks and results were as previously posted, but several more checks and tests were performed, and they were as follows;

 

Target OS test

Volume Content Check

Boot Manager Diagnosis

System Boot Log Diagnosis

Event Log Diagnosis

Internal State Check

Boot Status Check

Setup State Check

Registry Hives Check

Windows Boot Log Diagnosis

Bugcheck Analysis

Access Control Check

File System Check (chkdsk)

Software Installation Log Diagnosis

Fallback Diagnosis.

 

All were completed successfully with Error Code = 0x0

 

Then it said;

 

Root Cause Found :

Unspecified changes to system configuration might have caused the problem.

Repair Action : System files integrity check and repair.

Result : Completed successfully. Error code = 0x0

Time taken 548890ms

 

I clicked 'Finish' and it rebooted to chkdsk

 

This took a very short time before the machine rebooted .......................................... to my Desktop :yeah: .

I still posted this from another laptop as I'm terrified to use the faulty one in case it all goes horribly wrong again!!

I'll try not to use my sick machine until I receive further instruction from your good self.

Once again I apologise for the information overload.

Thanks as always,

 

Slime.


  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

With these errors

Error: (02/10/2017 04:00:22 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:59:14 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:59:11 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:48:17 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:43:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:43:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:42:48 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:42:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:42:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/10/2017 03:41:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


From the log report.

I think the drive is failing. Get your data off now, pictures, documents etc.

The more we try and do the more risk the drive may completely fail on us.
  • 0

#22
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Are you saying it's time to get a new laptop or hard drive?

 

Many thanks,

Slime.


  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

I'd get a new laptop. This one is old and will continue to have issues no matter how much we try and repair it. The drive looks like it could completely fail at any moment. The log reports show a large history of errors and many blue screens. Vista becomes an unsupported operating system very soon now.
  • 0

#24
Slime

Slime

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 115 posts

Okay zep516, lets mark this one as closed.

 

Many, many thanks for all your efforts,

 

Slime.


  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
sorry we could not do more to resolve the issue.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP