metaathron
Posts: 10 +0
Hello, could you please help my friend? He has similar problem to other people, that his notebook is stuck on windows vista (32) booting screen. When trying safe mode, it stays stuck on aswrvrt.sys.
FRST says:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by SYSTEM on MINWINPC on 18-08-2014 20:24:06
Running from f:\
Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Guest\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Guest\...\Run: [Google Update] => C:\Users\NOTEBOOK\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-10-11] (Google Inc.)
HKU\Guest\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-05-16] (Macrovision Corporation)
HKU\Guest\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [490952 2008-07-24] (DT Soft Ltd)
HKU\Guest\...\Run: [Namedate] => C:\nezmeskej\nezmeskej.exe s s
HKU\Guest\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-02] (Skype Technologies S.A.)
HKU\Guest\...\Policies\system: [LogonHoursAction] 2
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Policies\Explorer: [RegWinBackUp] 0
HKU\NOTEBOOK\...\Run: [Google Update] => C:\Users\NOTEBOOK\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-10-11] (Google Inc.)
HKU\NOTEBOOK\...\Policies\system: [LogonHoursAction] 2
HKU\NOTEBOOK\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\NOTEBOOK\...\Policies\Explorer: [RegWinBackUp] 0
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
Startup: C:\Users\NOTEBOOK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gaia Wallpaper Desktop.lnk
ShortcutTarget: Gaia Wallpaper Desktop.lnk -> C:\Program Files\Gaia Dream Creation\Gaia Wallpaper Desktop\GaiaWallpaperDesktop.exe (Gaia Dream Creation Inc.)
BootExecute: autocheck autochk *
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-23] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-21] (Glarysoft Ltd)
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-04] (Atheros Communications, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 20:22 - 2014-08-18 20:22 - 00000000 ____D () C:\FRST
2014-08-12 21:08 - 2014-08-12 21:08 - 00000000 __SHD () C:\found.001
2014-08-11 20:27 - 2014-08-11 20:27 - 00000000 __SHD () C:\found.000
2014-08-11 11:55 - 2014-08-12 11:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 11:55 - 2014-08-11 11:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-10 22:35 - 2014-08-10 22:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-08 09:44 - 2014-08-08 11:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-06 21:31 - 2014-08-06 21:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-06 21:31 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-06 21:30 - 2014-08-06 21:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-06 21:29 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-06 06:24 - 2014-08-06 06:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 06:24 - 2014-08-06 06:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-07-23 08:04 - 2014-07-23 08:04 - 00050688 _____ () C:\Users\NOTEBOOK\Downloads\dochazkovy_list_mesicni_-_nový.xls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 20:22 - 2014-08-18 20:22 - 00000000 ____D () C:\FRST
2014-08-18 09:26 - 2014-06-25 10:45 - 00226414 _____ () C:\Windows\PFRO.log
2014-08-12 21:08 - 2014-08-12 21:08 - 00000000 __SHD () C:\found.001
2014-08-12 11:24 - 2014-08-11 11:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 20:56 - 2014-04-19 23:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
2014-08-11 20:56 - 2014-04-12 10:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
2014-08-11 20:56 - 2009-01-07 03:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
2014-08-11 20:56 - 2008-10-12 02:42 - 00000000 ____D () C:\users\Guest
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-08-11 20:56 - 2006-11-02 02:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
2014-08-11 20:56 - 2006-11-02 02:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
2014-08-11 20:42 - 2006-11-02 02:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
2014-08-11 20:42 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
2014-08-11 20:27 - 2014-08-11 20:27 - 00000000 __SHD () C:\found.000
2014-08-11 12:06 - 2008-10-03 10:33 - 00646048 _____ () C:\ProgramData\nvModes.001
2014-08-11 11:55 - 2014-08-11 11:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 11:55 - 2008-10-05 07:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 11:02 - 2008-10-03 10:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
2014-08-11 11:02 - 2008-10-03 10:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 11:01 - 2008-10-03 10:31 - 00000000 ____D () C:\users\NOTEBOOK
2014-08-11 11:00 - 2014-01-24 08:59 - 00001837 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 10:57 - 2008-10-03 10:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2014-08-11 10:57 - 2008-04-24 22:16 - 00000147 _____ () C:\Windows\System32\agent.log
2014-08-11 10:57 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 10:57 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 05:46 - 2006-11-02 02:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
2014-08-11 05:46 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
2014-08-10 23:52 - 2009-02-18 10:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
2014-08-10 22:35 - 2014-08-10 22:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-09 23:41 - 2014-07-08 13:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
2014-08-09 15:41 - 2008-10-04 05:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-08 21:33 - 2008-01-20 22:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-08 11:41 - 2010-03-31 23:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-08-08 11:35 - 2014-08-08 09:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-08 11:32 - 2008-10-19 11:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-08 11:26 - 2010-03-31 23:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
2014-08-08 08:59 - 2008-10-29 15:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
2014-08-06 21:31 - 2014-08-06 21:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-06 21:31 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-06 21:31 - 2014-08-06 21:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-06 21:30 - 2014-08-06 21:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-06 06:24 - 2014-08-06 06:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 06:24 - 2014-08-06 06:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-06 06:24 - 2014-01-24 08:35 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-07-30 21:26 - 2014-06-25 10:50 - 00000789 _____ () C:\Windows\setupact.log
2014-07-26 00:26 - 2010-03-17 09:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 08:04 - 2014-07-23 08:04 - 00050688 _____ () C:\Users\NOTEBOOK\Downloads\dochazkovy_list_mesicni_-_nový.xls
2014-07-20 04:17 - 2014-01-22 09:29 - 00000000 ____D () C:\Program Files\Glary Utilities 4
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6b_xt.dll
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1100.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1738.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1A24.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2BE.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2CF8.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU34D5.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU37C2.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU4DB2.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU5002.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6279.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6B6E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU703F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU76F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU7A2E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU98E4.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU9C5D.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA275.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA6AA.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUAC26.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB71E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB72E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC023.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC5DD.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCACD.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCEB.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD087.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD799.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD7B8.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE159.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE281.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUEB29.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\SkypeSetup.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 4093.63 MB
Available physical RAM: 3706.61 MB
Total Pagefile: 3959.36 MB
Available Pagefile: 3795.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.23 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.82 GB) NTFS
Drive e: (Disc) (CDROM) (Total:3.6 GB) (Free:0 GB) UDF
Drive f: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)
LastRegBack: 2014-08-10 22:10
==================== End Of Log ============================
FRST says:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by SYSTEM on MINWINPC on 18-08-2014 20:24:06
Running from f:\
Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
HKU\Guest\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Guest\...\Run: [Google Update] => C:\Users\NOTEBOOK\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-10-11] (Google Inc.)
HKU\Guest\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-05-16] (Macrovision Corporation)
HKU\Guest\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [490952 2008-07-24] (DT Soft Ltd)
HKU\Guest\...\Run: [Namedate] => C:\nezmeskej\nezmeskej.exe s s
HKU\Guest\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-02] (Skype Technologies S.A.)
HKU\Guest\...\Policies\system: [LogonHoursAction] 2
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Policies\Explorer: [RegWinBackUp] 0
HKU\NOTEBOOK\...\Run: [Google Update] => C:\Users\NOTEBOOK\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-10-11] (Google Inc.)
HKU\NOTEBOOK\...\Policies\system: [LogonHoursAction] 2
HKU\NOTEBOOK\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\NOTEBOOK\...\Policies\Explorer: [RegWinBackUp] 0
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
Startup: C:\Users\NOTEBOOK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gaia Wallpaper Desktop.lnk
ShortcutTarget: Gaia Wallpaper Desktop.lnk -> C:\Program Files\Gaia Dream Creation\Gaia Wallpaper Desktop\GaiaWallpaperDesktop.exe (Gaia Dream Creation Inc.)
BootExecute: autocheck autochk *
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-23] ()
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-21] (Glarysoft Ltd)
S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-04] (Atheros Communications, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 20:22 - 2014-08-18 20:22 - 00000000 ____D () C:\FRST
2014-08-12 21:08 - 2014-08-12 21:08 - 00000000 __SHD () C:\found.001
2014-08-11 20:27 - 2014-08-11 20:27 - 00000000 __SHD () C:\found.000
2014-08-11 11:55 - 2014-08-12 11:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 11:55 - 2014-08-11 11:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-10 22:35 - 2014-08-10 22:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-08 09:44 - 2014-08-08 11:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-06 21:31 - 2014-08-06 21:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-06 21:31 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-06 21:30 - 2014-08-06 21:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-06 21:29 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-06 06:24 - 2014-08-06 06:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 06:24 - 2014-08-06 06:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-07-23 08:04 - 2014-07-23 08:04 - 00050688 _____ () C:\Users\NOTEBOOK\Downloads\dochazkovy_list_mesicni_-_nový.xls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 20:22 - 2014-08-18 20:22 - 00000000 ____D () C:\FRST
2014-08-18 09:26 - 2014-06-25 10:45 - 00226414 _____ () C:\Windows\PFRO.log
2014-08-12 21:08 - 2014-08-12 21:08 - 00000000 __SHD () C:\found.001
2014-08-12 11:24 - 2014-08-11 11:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
2014-08-11 20:56 - 2014-04-19 23:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
2014-08-11 20:56 - 2014-04-12 10:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
2014-08-11 20:56 - 2009-01-07 03:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
2014-08-11 20:56 - 2008-10-12 02:42 - 00000000 ____D () C:\users\Guest
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2014-08-11 20:56 - 2006-11-02 02:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
2014-08-11 20:56 - 2006-11-02 02:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
2014-08-11 20:42 - 2006-11-02 02:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
2014-08-11 20:42 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
2014-08-11 20:27 - 2014-08-11 20:27 - 00000000 __SHD () C:\found.000
2014-08-11 12:06 - 2008-10-03 10:33 - 00646048 _____ () C:\ProgramData\nvModes.001
2014-08-11 11:55 - 2014-08-11 11:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
2014-08-11 11:55 - 2008-10-05 07:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 11:02 - 2008-10-03 10:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
2014-08-11 11:02 - 2008-10-03 10:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 11:01 - 2008-10-03 10:31 - 00000000 ____D () C:\users\NOTEBOOK
2014-08-11 11:00 - 2014-01-24 08:59 - 00001837 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-11 10:57 - 2008-10-03 10:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
2014-08-11 10:57 - 2008-04-24 22:16 - 00000147 _____ () C:\Windows\System32\agent.log
2014-08-11 10:57 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 10:57 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 05:46 - 2006-11-02 02:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
2014-08-11 05:46 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
2014-08-10 23:52 - 2009-02-18 10:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
2014-08-10 22:35 - 2014-08-10 22:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
2014-08-09 23:41 - 2014-07-08 13:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
2014-08-09 15:41 - 2008-10-04 05:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-08 21:33 - 2008-01-20 22:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-08 11:41 - 2010-03-31 23:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-08-08 11:35 - 2014-08-08 09:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
2014-08-08 11:32 - 2008-10-19 11:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-08 11:26 - 2010-03-31 23:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
2014-08-08 08:59 - 2008-10-29 15:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
2014-08-06 21:31 - 2014-08-06 21:31 - 00000194 _____ () C:\Windows\wininit.ini
2014-08-06 21:31 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
2014-08-06 21:31 - 2014-08-06 21:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
2014-08-06 21:30 - 2014-08-06 21:30 - 00000000 ____D () C:\Program Files\Dropbox
2014-08-06 06:24 - 2014-08-06 06:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 06:24 - 2014-08-06 06:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-06 06:24 - 2014-01-24 08:35 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-06 06:24 - 2014-01-24 08:35 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-07-30 21:26 - 2014-06-25 10:50 - 00000789 _____ () C:\Windows\setupact.log
2014-07-26 00:26 - 2010-03-17 09:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 08:04 - 2014-07-23 08:04 - 00050688 _____ () C:\Users\NOTEBOOK\Downloads\dochazkovy_list_mesicni_-_nový.xls
2014-07-20 04:17 - 2014-01-22 09:29 - 00000000 ____D () C:\Program Files\Glary Utilities 4
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6b_xt.dll
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1100.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1738.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1A24.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2BE.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2CF8.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU34D5.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU37C2.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU4DB2.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU5002.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6279.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6B6E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU703F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU76F.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU7A2E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU98E4.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHU9C5D.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA275.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA6AA.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUAC26.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB71E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB72E.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC023.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC5DD.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCACD.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCEB.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD087.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD799.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD7B8.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE159.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE281.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\IHUEB29.tmp.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\NOTEBOOK\AppData\Local\Temp\SkypeSetup.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 4093.63 MB
Available physical RAM: 3706.61 MB
Total Pagefile: 3959.36 MB
Available Pagefile: 3795.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.23 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.82 GB) NTFS
Drive e: (Disc) (CDROM) (Total:3.6 GB) (Free:0 GB) UDF
Drive f: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)
LastRegBack: 2014-08-10 22:10
==================== End Of Log ============================