This is the fixlog.txt
Fix result of Farbar Recovery Scan Tool (x86) Version: 10-02-2017
Ran by user (10-02-2017 15:27:48) Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
Task: {561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} - System32\Tasks\ASC9_SkipUac_user => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
C:\Program Files\IObit
MSCONFIG\Services: Avira.ServiceHost => 2
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BFE => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BITS => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\\Default => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vss => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WSService => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BITS => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\msiserver => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SamSs => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srv => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srv2 => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srvnet => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\\Default => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vss => key removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WSService => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avira SystrayStartTrigger => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561DAE8A-50BC-4AEE-B7B6-971FEF85CDD8} => key removed successfully.
C:\Windows\System32\Tasks\ASC9_SkipUac_user => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_user => key removed successfully.
C:\Program Files\IObit => moved successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Avira.ServiceHost => key removed successfully.
HKLM\System\CurrentControlSet\Services\Avira.ServiceHost => key not found.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5155267 B
Java, Flash, Steam htmlcache => 142921 B
Windows/system/drivers => 321799 B
Edge => 0 B
Chrome => 0 B
Firefox => 165303921 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 0 B
NetworkService => 520 B
user => 13745773 B
RecycleBin => 0 B
EmptyTemp: => 188.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:28:32 ====
Then the Avira conundrum ............................. I didn't think I had it!
I couldn't find the removal tool so much as a manual instructing how to remove threats with Avira.
I looked around but couldn't find a tool that would remove Avira itsself.
I then found an Avira installer on my laptop so then used Revo Uninstaller to remove it and also, allegedly, it removed Avira's left over elements from the registry.
I'm hoping that's okay.
And here are the FRST and Addition logs you requested;
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2017
Ran by user (administrator) on USER-PC (10-02-2017 16:07:36)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\...\MountPoints2: {1308fcb7-1979-11e6-ac59-806e6f6e6963} - D:\DriverPackSolution.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-05] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{086F9650-8545-49BA-A672-71D56BEDB0B7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DC06C32F-7B81-4409-AF34-2FB3A7DC6BD3}: [DhcpNameServer] 212.159.13.49 212.159.13.50
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0516&m=aspire_6930z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0516&m=aspire_6930z
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.msn.com/?ocid=EIE9HP&PC=UP50
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://uk.msn.com/?ocid=EIE9HP&PC=UP50
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\partner.dll [2016-05-13] (Google Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 [2017-02-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> Google
FF Homepage: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> hxxps://www.google.co.uk/
FF Keyword.URL: Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594 -> hxxps://www.google.com/search?q=
FF Extension: (New Tab Override (browser.newtab.url replacement)) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594\Extensions\[email protected] [2016-12-27]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ik01s7i.default-1463339130594\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-15]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-15]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-15]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-05] (AVAST Software)
S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
S4 Partner Service; C:\ProgramData\Partner\partner.exe [110576 2016-05-13] (Google Inc.)
S4 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-10-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-10-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-10-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-10-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-05] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-10-05] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [850472 2008-08-05] (Bison Electronics. Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-05] (Intel Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [54824 2010-03-29] (Atheros Communications, Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2474200 2014-03-12] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27888 2013-07-30] (Synaptics Incorporated)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-10 15:52 - 2017-02-10 15:52 - 00433481 _____ C:\Users\user\Desktop\man_avira_antivir-removaltool_en.pdf
2017-02-10 15:26 - 2017-02-10 15:26 - 01763328 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2017-02-10 15:17 - 2017-02-10 15:17 - 00002370 _____ C:\Users\user\Desktop\Mbam log.txt
2017-02-10 12:57 - 2017-02-10 12:57 - 00146064 _____ C:\Windows\Minidump\Mini021017-02.dmp
2017-02-10 12:26 - 2017-02-10 12:26 - 00000780 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-02-10 12:26 - 2017-02-10 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-02-10 12:26 - 2017-02-10 12:26 - 00000000 ____D C:\Program Files\Speccy
2017-02-10 12:25 - 2017-02-10 12:25 - 06293184 _____ (Piriform Ltd) C:\Users\user\Desktop\spsetup130.exe
2017-02-10 12:23 - 2017-02-10 12:23 - 00001186 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-02-10 12:20 - 2017-02-10 12:20 - 26157600 _____ C:\Users\user\Desktop\SeaToolsforWindowsSetup.exe
2017-02-10 11:49 - 2017-02-10 11:49 - 00146040 _____ C:\Windows\Minidump\Mini021017-01.dmp
2017-02-09 18:55 - 2017-02-09 18:55 - 00000842 _____ C:\Users\user\Desktop\WhoCrashed.lnk
2017-02-09 18:55 - 2017-02-09 18:55 - 00000000 ____D C:\Program Files\WhoCrashed
2017-02-09 18:53 - 2017-02-09 18:53 - 04958280 _____ (Resplendence Software Projects Sp. ) C:\Users\user\Desktop\whocrashedSetup.exe
2017-02-09 16:53 - 2017-02-10 15:28 - 00006902 _____ C:\Users\user\Desktop\Fixlog.txt
2017-02-09 13:59 - 2017-02-09 13:59 - 00019978 _____ C:\Users\user\Desktop\ListChkdskResult.txt
2017-02-09 13:58 - 2017-02-09 13:58 - 00197679 _____ C:\Users\user\Desktop\ListChkdskResult.exe
2017-02-08 22:35 - 2017-02-08 22:35 - 00146064 _____ C:\Windows\Minidump\Mini020817-01.dmp
2017-02-08 18:16 - 2017-02-08 18:17 - 00031362 _____ C:\Users\user\Desktop\Addition 1.txt
2017-02-08 18:15 - 2017-02-10 16:08 - 00013436 _____ C:\Users\user\Desktop\FRST.txt
2017-02-08 18:15 - 2017-02-10 16:07 - 00000000 ____D C:\FRST
2017-02-08 18:15 - 2017-02-08 18:18 - 00023299 _____ C:\Users\user\Desktop\FRST 1.txt
2017-02-08 18:13 - 2017-02-08 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-02-06 22:43 - 2017-02-06 22:44 - 00146064 _____ C:\Windows\Minidump\Mini020617-01.dmp
2017-02-05 23:09 - 2017-02-05 23:09 - 00146064 _____ C:\Windows\Minidump\Mini020517-01.dmp
2017-02-02 20:07 - 2017-02-02 20:07 - 00146040 _____ C:\Windows\Minidump\Mini020217-01.dmp
2017-02-02 13:21 - 2017-02-02 13:26 - 00000000 ____D C:\Users\user\Desktop\Ebay listings
2017-01-31 14:22 - 2017-01-31 14:22 - 00146040 _____ C:\Windows\Minidump\Mini013117-01.dmp
2017-01-29 14:46 - 2017-01-29 14:46 - 00146040 _____ C:\Windows\Minidump\Mini012917-01.dmp
2017-01-27 16:59 - 2017-01-27 16:59 - 00146040 _____ C:\Windows\Minidump\Mini012717-02.dmp
2017-01-27 09:34 - 2017-01-27 09:34 - 00146040 _____ C:\Windows\Minidump\Mini012717-01.dmp
2017-01-25 23:28 - 2017-01-25 23:28 - 00146064 _____ C:\Windows\Minidump\Mini012517-02.dmp
2017-01-25 15:25 - 2017-01-25 15:25 - 00146064 _____ C:\Windows\Minidump\Mini012517-01.dmp
2017-01-24 23:16 - 2017-01-24 23:16 - 00146064 _____ C:\Windows\Minidump\Mini012417-01.dmp
2017-01-24 20:20 - 2017-01-05 16:57 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-24 19:47 - 2017-01-26 16:03 - 00000000 ____D C:\Users\user\Desktop\Honda Civic LA12GWW
2017-01-23 23:33 - 2017-01-23 23:33 - 00146064 _____ C:\Windows\Minidump\Mini012317-01.dmp
2017-01-22 23:57 - 2017-01-22 23:57 - 00146064 _____ C:\Windows\Minidump\Mini012217-01.dmp
2017-01-22 17:17 - 2017-01-22 17:20 - 00000000 ____D C:\Users\user\Desktop\Golf Travel Case
2017-01-22 13:42 - 2017-01-22 13:42 - 00000000 ____D C:\Users\user\Desktop\Wurlitzer 4080R
2017-01-18 23:54 - 2017-01-18 23:54 - 00146064 _____ C:\Windows\Minidump\Mini011817-01.dmp
2017-01-17 23:29 - 2017-01-17 23:29 - 00146064 _____ C:\Windows\Minidump\Mini011717-01.dmp
2017-01-13 18:13 - 2017-01-13 18:14 - 00146056 _____ C:\Windows\Minidump\Mini011317-01.dmp
2017-01-12 19:07 - 2017-01-12 19:07 - 00146040 _____ C:\Windows\Minidump\Mini011217-01.dmp
2017-01-12 10:35 - 2017-01-12 10:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Template
2017-01-12 10:35 - 2017-01-12 10:35 - 00000000 _____ C:\Users\user\AppData\Roaming\wklnhst.dat
2017-01-11 23:16 - 2017-01-11 23:16 - 00146064 _____ C:\Windows\Minidump\Mini011117-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-10 16:04 - 2016-05-14 20:42 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 16:04 - 2016-05-14 20:42 - 00000000 ____D C:\ProgramData\Avira
2017-02-10 15:32 - 2016-11-18 20:59 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-02-10 15:31 - 2016-06-21 20:00 - 00000000 ____D C:\Program Files\Steam
2017-02-10 15:30 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-10 15:30 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-10 15:30 - 2006-11-02 12:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-10 15:30 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-02-10 15:28 - 2006-11-02 13:01 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-10 15:15 - 2016-05-19 15:40 - 00000000 ____D C:\ProgramData\Auslogics
2017-02-10 14:45 - 2016-09-04 08:35 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-10 13:23 - 2016-12-18 15:57 - 00000000 ____D C:\Users\user\Documents\Garmin
2017-02-10 13:23 - 2016-07-06 18:29 - 00000000 ____D C:\ProgramData\Garmin
2017-02-10 13:22 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-02-10 12:57 - 2016-05-14 20:35 - 00000000 ____D C:\Windows\Minidump
2017-02-10 12:56 - 2016-05-14 20:35 - 331713711 _____ C:\Windows\MEMORY.DMP
2017-02-10 12:23 - 2016-05-22 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-02-10 12:23 - 2016-05-22 21:34 - 00000000 ____D C:\Program Files\Seagate
2017-02-08 22:20 - 2016-11-21 22:37 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2017-02-08 18:13 - 2016-10-28 16:33 - 00000000 ____D C:\ProgramData\Foxit Software
2017-02-08 18:11 - 2008-11-18 17:49 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-01-27 17:04 - 2016-10-21 17:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 20:58 - 2016-05-13 21:57 - 00000000 ____D C:\Windows\system32\MRT
2017-01-24 20:53 - 2006-11-02 10:24 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-01-22 13:41 - 2006-11-02 10:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 19:16 - 2016-05-15 00:34 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-01-16 08:58 - 2016-05-16 23:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-15 09:25 - 2016-05-16 23:23 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-15 09:25 - 2016-05-16 23:23 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-15 09:25 - 2016-05-14 10:45 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2017-01-15 09:25 - 2008-11-18 17:55 - 00000000 ____D C:\Windows\system32\Macromed
==================== Files in the root of some directories =======
2017-01-12 10:35 - 2017-01-12 10:35 - 0000000 _____ () C:\Users\user\AppData\Roaming\wklnhst.dat
2016-09-22 17:17 - 2016-09-22 17:17 - 0000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2016-05-14 10:57 - 2016-06-02 16:49 - 0007680 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-09 16:53 - 2016-09-09 16:54 - 0146645 _____ () C:\Users\user\AppData\Local\edsinstaller.txt-20160909.log
2016-05-13 20:02 - 2016-05-13 20:06 - 0006030 _____ () C:\ProgramData\ArcadeDeluxe2.log
2016-05-14 11:02 - 2016-05-14 11:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-09 20:29 - 2016-09-09 20:30 - 0000090 _____ () C:\ProgramData\PS.log
Some files in TEMP:
====================
2017-02-10 15:30 - 2017-02-10 15:31 - 0204800 _____ (Realtek Semiconductor Corp.) C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-10 15:36
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2017
Ran by user (10-02-2017 16:08:24)
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2016-05-14 02:16:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1701030405-4185235007-3865900534-500 - Administrator - Disabled)
Guest (S-1-5-21-1701030405-4185235007-3865900534-501 - Limited - Enabled)
user (S-1-5-21-1701030405-4185235007-3865900534-1000 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (Version: 2.6.1.4 - Intel) Hidden
Acer Crystal Eye webcam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 7.32.701.13 - Acer Crystal Eye webcam)
Acer Crystal Eye Webcam (HKLM\...\{DD1DED37-2486-4F56-8F89-56AA814003F5}) (Version: 2.0.0.17 - Acer Crystal Eye Webcam)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023e - CyberLink Corp.)
FM Genie Scout 16 version 1.0 16.3.2 (HKLM\...\FM Genie Scout 16_is1) (Version: 1.0 16.3.2 - )
Football Manager 2015 (HKLM\...\Steam App 295270) (Version: - Sports Interactive)
Football Manager 2016 (HKLM\...\Steam App 378120) (Version: - SPORTS INTERACTIVE)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 45.7.1 (x86 en-GB)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
OpenOffice 4.1.3 (HKLM\...\{747C5547-7483-4605-8B2F-A9696610A7FA}) (Version: 4.13.9783 - Apache Software Foundation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7285 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
SeaTools for Windows 1.4.0.4 (HKLM\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
WhoCrashed 5.53 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Winbond CIR Device Drivers (HKLM\...\{10F498FF-5392-4DF3-8F73-FE172A9F3800}) (Version: 7.60.1012 - Winbond Electronics Corporation)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2EED783D-1319-49E7-9CDF-4281BF30AD1A} - System32\Tasks\SafeZone scheduled Autoupdate 1475705443 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {4052F64A-3C36-4ADC-ABEC-4E682AC99A6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-15] (Google Inc.)
Task: {4586B4A8-F988-44B6-9B9B-3104737D48F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-15] (Google Inc.)
Task: {6152A8EA-1114-4618-A791-645834141FA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-05] (AVAST Software)
Task: {886DC9BA-1489-4B50-AB47-96635C170608} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {97621A41-1806-4118-8F88-85DBB26BD4DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated)
Task: {9816DCE8-5643-41FB-8C3F-558FFD439798} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {D5BAE814-0569-4D1C-A1EE-9C81F4522256} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-10-05 22:07 - 2016-10-05 22:07 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-10 12:58 - 2017-02-10 12:58 - 06461320 _____ () C:\Program Files\AVAST Software\Avast\defs\17021001\algo.dll
2016-10-05 22:07 - 2016-10-05 22:07 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-10-05 22:07 - 2016-10-05 22:07 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 10:23 - 2016-10-15 21:53 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1701030405-4185235007-3865900534-1000\Control Panel\Desktop\\Wallpaper -> c:\Windows\Web\wallpaper\Acer01.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BUNAgentSvc => 2
MSCONFIG\Services: CLHNService => 2
MSCONFIG\Services: eDataSecurity Service => 2
MSCONFIG\Services: ETService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MobilityService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTIBackupSvc => 2
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: eAudio => "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{40F36B7F-D3B5-42FB-81CE-A3826F9C5C64}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{A4651429-0CE0-4717-82DC-6A4475E65562}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{62C7C5A7-0003-453A-9D07-8267719F577D}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{8460336C-0B01-4766-AAC8-FDB494FDA7A1}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{671C30DE-701E-4409-9B6A-B081096D1893}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{C88CA162-B6B3-4F71-80FB-899659F940B0}] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{58029D2E-3712-44B1-9408-F6F4CE656905}] => C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{2053AA6E-3B70-4B28-AF72-1E460C44041B}] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{8B7B8104-6D5E-4629-BD4D-4903C7D41ED4}] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{FAEB1A12-7A18-4E3F-8A2F-6EEC7EF1A2D9}] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{C023D78C-B691-4DAF-A6AF-FEBEB95BF6D2}] => C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{ED82A523-F70B-4A0A-BC11-2B674D3F6CFC}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C2436529-D4A9-4A9F-AF80-946E447DC9CE}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{96B9A24C-3048-4815-BCF5-5E3149FB0235}] => LPort=80
FirewallRules: [{B50F4441-8419-496E-88EB-73705EF9C505}] => LPort=80
FirewallRules: [{B049F4BE-9E99-4F9E-84A5-33EDE130D83B}] => LPort=80
FirewallRules: [{909C2457-C8E9-4810-9164-377372C440ED}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => LPort=80
FirewallRules: [{82A36E42-5F40-4241-9FD7-1CCAE51AE0F7}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{43C8D2F3-D4AF-4DE6-A8A9-3814B3090B70}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{3F2C8215-6DA7-4F56-ADBC-8C902A511236}] => C:\Program Files\Steam\Steam.exe
FirewallRules: [{C49AD7F8-3BE0-4547-9401-4248CE3D3C37}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F02DF9E-6B23-411E-99B1-CFE407A8F2A9}] => C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{4B4F6562-8756-4F0B-887B-5AD4CC19B031}] => C:\Program Files\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{D6DA7217-30C2-435E-91F5-49234D81034A}] => C:\Program Files\Steam\steamapps\common\Football Manager 2016\fm.exe
FirewallRules: [{56857F5C-EDBF-4C24-83B5-227306B73539}] => C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe
FirewallRules: [{996F35D2-24EF-4C1E-B45A-3CE4690546E2}] => C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Atheros AR5B91 Wireless Network Adapter
Description: Atheros AR5B91 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/10/2017 04:04:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Descripton = Revo Uninstaller's restore point - Avira Launcher; Hr = 0x8000ffff).
Error: (02/10/2017 04:04:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (02/10/2017 04:04:02 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (02/10/2017 03:27:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Users\user\Desktop\FRST.exe ; Descripton = Restore Point Created by FRST; Hr = 0x8000ffff).
Error: (02/10/2017 03:27:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (02/10/2017 03:27:50 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (02/10/2017 01:22:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\ProgramData\Package Cache\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}\GarminExpressInstaller.exe Cache\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}\GarminExpressInstaller.exe" -q -burn.elevated BurnPipe.{DE642855-83A7-40C3-9545-1D01FA529360} {9855B7D0-8C8C-4776-B30D-7A450FBD5BE9} 6044; Descripton = Garmin Express; Hr = 0x8000ffff).
Error: (02/10/2017 01:22:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (02/10/2017 01:22:45 PM) (Source: VSS) (EventID: 34) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.
Operation:
Gathering Writer Data
Executing Asynchronous Operation
Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Error: (02/10/2017 01:22:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Descripton = Revo Uninstaller's restore point - Garmin Express; Hr = 0x8000ffff).
System errors:
=============
Error: (02/10/2017 04:00:22 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:59:14 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:59:11 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:48:17 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:43:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:43:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:42:48 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:42:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:42:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/10/2017 03:41:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===================================
Date: 2017-02-10 14:50:12.567
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:12.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:11.537
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:11.007
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:10.507
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:09.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:09.244
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:08.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:08.183
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-02-10 14:50:07.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 50%
Total physical RAM: 3000.12 MB
Available physical RAM: 1482.3 MB
Total Virtual: 6210.48 MB
Available Virtual: 4716.07 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:219.34 GB) (Free:161.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 9E76DF21)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=219.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Regards,
Slime.
Edited by Slime, 10 February 2017 - 10:32 AM.