Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64bit will not boot, repair disk fails, install disk 50/50


  • This topic is locked This topic is locked
20 replies to this topic

#1 gjinc

gjinc

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 08 December 2017 - 04:12 PM

It all started a few days ago, the wife's computer starter to boot and went to a black screen right after the starting windows logo appeared. I used the repair disk and did a restore to a date before a critical update. Everything worked for a day and same thing. After doing the restore I turned off windows update, system worked for 2 days then same thing. Always goes to black screen at the same place.

Now it has happened again but the repair disk will start then go to black, or a blue screen that says a error has occurred. I can not get the repair disk to start. I using the windows 7 disk that came with the computer and it is a 50/50 chance it will work. When I tried doing a restore it tells me that it will not run in safe mode. I put the hard drive in my computer and did error check, no errors found.

windows 7 64 bit

16gb ram

Gigabyte GA-P55A-UD3 motherboard

geforce GTS 250 video card

WD 1TB hard drive wd10eaos-00l5b1

 

I did swap memory and a video card, same problem.

Also there is a 2nd hard drive with windows backups, not sure how to use these when it won't boot

 

What can I try next?



BC AdBot (Login to Remove)

 


#2 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 10 December 2017 - 05:11 PM

I found this tool on another post and was able to run it. I don't know what a hive is but seems to be missing programs

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2017
Ran by SYSTEM on MININT-57UJC7G (10-12-2017 17:02:26)
Running from G:\
Platform: WIN_7 (X64) Language: English (United States)
Boot Mode: Recovery
ATTENTION: Could not load system hive.
ATTENTION: System hive is missing.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

ATTENTION: Software hive is missing.

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION



#3 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 10 December 2017 - 07:03 PM

2nd run, I did not notice that the 2nd hard drive was disconnected. Windows repair also "fixed" something.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2017
Ran by SYSTEM on MININT-PCCJPQC (10-12-2017 18:57:00)
Running from H:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-25] (NEC Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-02-26] (cyberlink)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\EpmNews.exe [2090176 2016-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
GroupPolicy: Restriction <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-19] (CyberLink)
S2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-19] (CyberLink)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
S2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [151552 2009-10-05] ()
S2 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2009-04-08] (Apache Software Foundation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-20] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [271760 2009-04-15] ()
S2 RunSwUSB; C:\Windows\runSW.exe [44760 2015-11-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WPSService20; C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe [96768 2015-11-24] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2016-01-20] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2016-01-20] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-01-20] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-01-20] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NETGEAR; C:\Windows\System32\DRIVERS\wn311b64.sys [1353720 2008-03-27] (Broadcom Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [4611288 2015-09-17] (Realtek Semiconductor Corporation )
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-06-04] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-04] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-04] (Paragon)
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 WMP110; system32\DRIVERS\WMP110.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-10 18:56 - 2017-12-10 18:57 - 000000000 ____D C:\FRST
2017-12-04 17:46 - 2017-12-04 17:46 - 000262192 _____ C:\Windows\Minidump\120417-45739-01.dmp
2017-12-01 13:38 - 2017-12-01 13:38 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-12-01 13:38 - 2016-11-14 04:30 - 001767712 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2017-12-01 13:38 - 2016-11-14 04:30 - 001756560 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
2017-12-01 13:38 - 2016-11-14 04:30 - 001377752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-12-01 13:38 - 2016-11-14 04:30 - 001316136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-12-01 13:38 - 2016-11-14 04:30 - 000112168 _____ C:\Windows\System32\NvRtmpStreamer64.dll
2017-12-01 13:38 - 2016-11-14 01:45 - 000615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-01 13:37 - 2017-12-04 17:40 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-12-01 13:34 - 2016-11-14 04:30 - 031523384 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 024208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 023000000 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 017559384 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 016128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 015301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 014497712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 013915720 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 013826968 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 012905016 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2017-12-01 13:34 - 2016-11-14 04:30 - 011270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 011208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 004253240 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 003995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 002822568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 001908272 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434201.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 001557552 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434201.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000951232 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000909760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000114744 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000104512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000056384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2017-12-01 12:50 - 2017-12-01 12:50 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-12-01 12:18 - 2017-12-01 12:18 - 000000000 ____D C:\Users\Judy's\Desktop\SF_01-12-2017

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-04 19:05 - 2012-11-25 18:21 - 002044074 _____ C:\Windows\ntbtlog.txt
2017-12-04 17:53 - 2016-07-30 20:13 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-12-04 17:50 - 2009-07-13 21:13 - 000007164 _____ C:\Windows\System32\PerfStringBackup.INI
2017-12-04 17:46 - 2012-08-19 21:54 - 237997438 _____ C:\Windows\MEMORY.DMP
2017-12-04 17:46 - 2012-08-19 21:54 - 000000000 ____D C:\Windows\Minidump
2017-12-04 17:46 - 2012-08-19 15:43 - 000000000 ____D C:\users\Judy's
2017-12-04 17:40 - 2016-09-13 04:36 - 000000000 ____D C:\users\DefaultAppPool
2017-12-04 17:40 - 2013-10-23 11:29 - 000000000 ____D C:\Users\Judy's\AppData\Local\Cyberlink SoftDMA
2017-12-04 17:40 - 2012-09-13 06:54 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-04 17:40 - 2012-08-21 21:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-04 17:40 - 2012-08-21 21:23 - 000000000 ____D C:\Windows\System32\Macromed
2017-12-04 17:40 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2017-12-04 17:40 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-12-04 17:39 - 2016-10-07 07:50 - 000000000 ____D C:\Users\Judy's\AppData\Local\NVIDIA
2017-12-04 17:39 - 2012-09-21 10:17 - 000000000 ____D C:\ProgramData\Real
2017-12-04 16:52 - 2012-08-21 15:09 - 000007618 _____ C:\Users\Judy's\AppData\Local\Resmon.ResmonCfg
2017-12-04 01:39 - 2009-07-13 20:45 - 000023392 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-04 01:39 - 2009-07-13 20:45 - 000023392 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-03 13:02 - 2017-08-15 12:19 - 000000000 ____D C:\Users\Judy's\AppData\LocalLow\Mozilla
2017-12-01 13:43 - 2012-12-08 20:46 - 000000000 ____D C:\Users\Judy's\AppData\Local\NVIDIA Corporation
2017-12-01 13:40 - 2012-08-21 15:22 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-01 13:38 - 2012-09-13 07:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-01 13:38 - 2012-08-21 15:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-01 13:36 - 2014-11-20 16:18 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-01 12:51 - 2014-01-14 02:28 - 000000000 ____D C:\ProgramData\Oracle
2017-12-01 12:50 - 2014-11-16 09:18 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-01 12:11 - 2012-08-19 15:55 - 000438272 _____ C:\Windows\za_mv_raid.ev
2017-12-01 12:11 - 2012-08-19 15:55 - 000000096 _____ C:\Windows\za_mv_seqnum.ev
2017-12-01 12:11 - 2012-08-19 15:55 - 000000008 _____ C:\Windows\mvraidver.dat
2017-12-01 12:09 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-01 11:37 - 2012-08-21 20:11 - 000002385 _____ C:\Users\Judy's\Desktop\Google Chrome.lnk
2017-12-01 08:55 - 2012-10-01 05:32 - 000000000 ____D C:\Program Files\DivX
2017-12-01 08:55 - 2012-10-01 05:28 - 000000000 ____D C:\Program Files (x86)\DivX
2017-12-01 08:55 - 2012-10-01 05:27 - 000000000 ____D C:\ProgramData\DivX
2017-12-01 06:50 - 2015-01-07 08:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-01 06:16 - 2012-08-21 20:08 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289242879-1197265457-56631729-1000UA
2017-12-01 06:16 - 2012-08-21 20:08 - 000003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289242879-1197265457-56631729-1000Core
2017-11-30 21:03 - 2012-10-01 05:33 - 000000000 ____D C:\Users\Judy's\AppData\Roaming\DivX
2017-11-30 14:47 - 2012-08-19 17:09 - 000000000 ____D C:\gregs
2017-11-30 14:45 - 2012-08-21 20:19 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-30 14:45 - 2012-08-21 20:19 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-30 14:39 - 2012-08-19 19:24 - 000000000 ____D C:\downloads form the internet
2017-11-15 01:07 - 2012-11-12 02:46 - 000000000 ____D C:\Users\Judy's\Documents\Outlook Files

Some files in TEMP:
====================
2014-02-18 23:48 - 2014-02-18 23:52 - 001505724 _____ () C:\Users\Judy's\AppData\Local\Temp\1_Offer_5.exe
2014-02-18 23:48 - 2014-02-18 23:52 - 001630596 _____ () C:\Users\Judy's\AppData\Local\Temp\1_Offer_7.exe
2015-11-12 03:42 - 2015-11-12 03:43 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\BingSvc.exe
2015-10-10 11:36 - 2015-11-12 03:43 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\BSvcProcessor.exe
2015-10-10 11:36 - 2015-11-12 03:42 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\BSvcUpdater.exe
2013-03-19 13:14 - 2013-03-19 13:14 - 000467456 _____ (Realtek Semiconductor Corp.) C:\Users\Judy's\AppData\Local\Temp\COMAP.EXE
2015-10-10 11:25 - 2015-10-10 11:25 - 002308240 _____ (Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\DefaultPack.EXE
2012-12-20 23:04 - 2013-04-17 11:39 - 000953152 _____ (DivX, LLC) C:\Users\Judy's\AppData\Local\Temp\DivXSetup.exe
2012-08-21 21:17 - 2012-08-21 21:20 - 009821896 _____ (Adobe Systems Incorporated) C:\Users\Judy's\AppData\Local\Temp\fp_pl_pfs_installer.exe
2014-12-18 07:31 - 2014-12-18 07:31 - 001054912 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32au_mssd_aaa_aih.exe
2014-12-18 08:00 - 2014-12-18 08:00 - 001054400 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32ax_gtbd_chrd_dn_aaa_aih.exe
2014-12-18 08:26 - 2014-12-18 08:26 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih(1).exe
2014-12-29 20:53 - 2014-12-29 20:53 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih(1)_1.exe
2015-02-06 07:40 - 2015-02-06 07:40 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih(1)_2.exe
2015-02-06 07:51 - 2015-02-06 07:51 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih(1)_3.exe
2014-12-18 07:01 - 2014-12-18 07:01 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih.exe
2014-12-18 07:05 - 2014-12-18 07:05 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_1.exe
2014-12-18 07:17 - 2014-12-18 07:17 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_2.exe
2014-12-18 08:22 - 2014-12-18 08:21 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_3.exe
2014-12-29 21:10 - 2014-12-29 21:10 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_4.exe
2014-04-15 12:50 - 2014-04-15 12:50 - 000921512 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-27 21:15 - 2014-07-27 21:15 - 000918440 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 09:06 - 2014-09-29 09:06 - 000937896 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2012-09-27 13:56 - 2012-09-27 13:56 - 000895464 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
2015-10-25 10:21 - 2015-10-25 10:21 - 000585824 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-8u65-windows-au.exe
2016-04-27 16:46 - 2016-04-27 16:46 - 000739904 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-8u91-windows-au.exe
2012-09-21 10:17 - 2014-11-11 07:24 - 000150096 _____ (RealNetworks, Inc.) C:\Users\Judy's\AppData\Local\Temp\lowproc.exe
2012-08-21 17:00 - 2014-05-04 21:08 - 050067152 _____ (Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2017-08-22 09:18 - 2017-08-22 09:18 - 000000000 _____ () C:\Users\Judy's\AppData\Local\Temp\mpam-6a1b1231.exe
2013-03-21 17:05 - 2013-03-21 17:05 - 010485760 _____ (Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\mpam-6a673232.exe
2012-08-30 06:39 - 2012-10-02 13:25 - 000374664 _____ (NVIDIA Corporation) C:\Users\Judy's\AppData\Local\Temp\nv3DVStreaming.dll
2012-08-30 06:39 - 2012-10-02 13:23 - 000903584 _____ (NVIDIA Corporation) C:\Users\Judy's\AppData\Local\Temp\nvSCPAPI.dll
2012-08-30 06:40 - 2012-10-02 13:23 - 000354088 _____ (NVIDIA Corporation) C:\Users\Judy's\AppData\Local\Temp\nvStereoApiI.dll
2012-08-30 06:40 - 2015-02-03 16:00 - 000826696 _____ (NVIDIA Corporation) C:\Users\Judy's\AppData\Local\Temp\nvStInst.exe
2013-01-23 01:44 - 2013-01-23 01:44 - 000658072 _____ (RealNetworks, Inc.) C:\Users\Judy's\AppData\Local\Temp\rnsetup0.exe
2014-05-04 20:19 - 2014-05-04 20:19 - 000094031 _____ () C:\Users\Judy's\AppData\Local\Temp\SCC.dll
2012-10-01 06:28 - 2012-10-01 06:28 - 000224232 _____ (Adobe Systems Inc.) C:\Users\Judy's\AppData\Local\Temp\Shockwave_Installer_FF.exe
2012-10-01 05:23 - 2012-10-01 05:23 - 003380216 _____ (SweetIM Technologies Lt) C:\Users\Judy's\AppData\Local\Temp\SIMEEIInstaller.exe
2012-09-21 10:17 - 2014-11-11 07:25 - 000090624 _____ (RealNetworks, Inc.) C:\Users\Judy's\AppData\Local\Temp\stubhelper.dll
2013-03-19 10:58 - 2013-03-19 11:02 - 022916830 _____ () C:\Users\Judy's\AppData\Local\Temp\vlc-2.0.5-win32.exe
2012-08-19 17:34 - 2007-04-16 11:14 - 000450560 _____ (Macrovision Corporation) C:\Users\Judy's\AppData\Local\Temp\_is511B.exe
2012-08-19 19:18 - 2007-04-16 11:14 - 000450560 _____ (Macrovision Corporation) C:\Users\Judy's\AppData\Local\Temp\_is983A.exe
2016-07-31 03:57 - 2016-07-31 06:27 - 000863168 _____ () C:\Users\Judy's\AppData\Local\Temp\{7AC5FAC2-46EF-4C97-85A7-898941C24DE3}-51.0.2704.103_50.0.2661.102_chrome_updater.exe
2016-07-31 08:33 - 2016-07-31 08:52 - 000417688 _____ () C:\Users\Judy's\AppData\Local\Temp\{B3FCEDBC-A832-4CF0-8725-582427AA9F30}-51.0.2704.103_50.0.2661.102_chrome_updater.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16379.49 MB
Available physical RAM: 15202.66 MB
Total Virtual: 16377.64 MB
Available Virtual: 15176.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:747.31 GB) NTFS
Drive d: (2 hard drive) (Fixed) (Total:931.51 GB) (Free:552.27 GB) NTFS
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:14.9 GB) (Free:14.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 061214EB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A70C79C1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-11-30 22:21

==================== End of FRST.txt ============================



#4 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 10 December 2017 - 08:39 PM

Next boot with windows disk

 

Attached Files



#5 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 10 December 2017 - 08:42 PM

The I tried with the windows 7 disk that came with the computer and

Attached Files



#6 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 10 December 2017 - 08:45 PM

Then after a couple of black screens after windows logo, I hit f8 to run this again with all the boxes checked.

Maybe someone will happen onto this and see whats going on... Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2017
Ran by SYSTEM on MININT-E337KIU (10-12-2017 20:03:36)
Running from H:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-25] (NEC Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-02-26] (cyberlink)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\EpmNews.exe [2090176 2016-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
GroupPolicy: Restriction <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-19] (CyberLink)
S2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-19] (CyberLink)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
S2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [151552 2009-10-05] ()
S2 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2009-04-08] (Apache Software Foundation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-11-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-20] (RealNetworks, Inc.)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [271760 2009-04-15] ()
S2 RunSwUSB; C:\Windows\runSW.exe [44760 2015-11-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WPSService20; C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe [96768 2015-11-24] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2016-01-20] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2016-01-20] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-01-20] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-01-20] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NETGEAR; C:\Windows\System32\DRIVERS\wn311b64.sys [1353720 2008-03-27] (Broadcom Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [4611288 2015-09-17] (Realtek Semiconductor Corporation )
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-06-04] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-04] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-04] (Paragon)
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 WMP110; system32\DRIVERS\WMP110.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys C16B5B379A2A79702CC5FF923EAAE3FD
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 2D659B569A76CDB83B815675A80D7096
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\epmntdrv.sys 1B677389760689A11241884C700B48E0
C:\Windows\SysWOW64\epmntdrv.sys D238D6B4D5BCFCF244D2F2286BC1DC16
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\EuGdiDrv.sys 08C997734B2CECE882656BB2855E6E76
C:\Windows\SysWOW64\EuGdiDrv.sys 886CDC85E0B6C9AC2547F919E5B224A3
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys C2F868881D48A568B525255F084EF063
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DFE85B031220F8E0271716BBB3C4C8FF
C:\Windows\System32\Drivers\ksecpkg.sys 70D7302DD70B979637179BFD8295C924
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\System32\DRIVERS\MpFilter.sys 3665AB2F67F4024F5F3F80335ED5322A
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 767C6DF04C5758B9F0790D400541B44F
C:\Windows\System32\DRIVERS\mrxsmb10.sys BD55F604FFABC911F8E5500186AE70E5
C:\Windows\System32\DRIVERS\mrxsmb20.sys 92EECFB046D4706A4B8D699A4069B6EC
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mv91cons.sys 6AF2640B5D7202FA0D96467318D4592E
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\System32\DRIVERS\wn311b64.sys 2C509976319804E3C4366227D1A104D5
C:\Windows\System32\DRIVERS\netr28ux.sys 618C55B392238B9467F9113E13525C49
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys CE5F6E635FE4506AE6F2D6EB87425128
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 96FEB18D7FFA4DC10F0C3CC4EF41500E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys A61B0AF4D6B934928CFD1140DEEA5C8D
C:\Windows\System32\DRIVERS\nusb3xhc.sys FA4B2F20561BDBCC6B9AC3E3BDCD7E3F
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\System32\DRIVERS\nvlddmkm.sys 958E1DA32BD9DB33C0A7360868E9496C
C:\Windows\System32\DRIVERS\nvoclk64.sys 8C1D181480796D7D3366A9381FD7782D
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys B659C81ED9AFC7341E4D6B5AC1D437A8
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\P17.sys 66A2C70DA35E8559982EE9D205329E1A
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EA4CF826B8B0D46F13DA155C1A2E4A0A
C:\Windows\System32\DRIVERS\rtwlanu.sys 608E8BC18320667B223710E1C42E4487
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 72E6A150A8C8530B201832D1C801CDE6
C:\Windows\System32\DRIVERS\srv2.sys C4F67ABCC5033D334613F28F9E782809
C:\Windows\System32\DRIVERS\srvnet.sys C53CB62B0E57488AAE41FDA0FF8A0AB9
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\uimx64.sys 363CFAE18844D91C7576BAA8ABFF8E4E
C:\Windows\System32\Drivers\Uim_IMx64.sys 322B82BBF5A182BFF4351F696B77782B
C:\Windows\System32\Drivers\uim_vimx64.sys 42C9D0EFD8BB6D34D3A8686C8063B71A
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\system32\drivers\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\usbser.sys B57B4F0BEC4270A281B9F8537EB2FA04
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacmoumonitor.sys 43CE14E1E17DA81EA71DFE686805ED07
C:\Windows\System32\DRIVERS\wacommousefilter.sys E04D43C7D1641E95D35CAE6086C7E350
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomvhid.sys EC1CEB237E365330C1FCFC4876AA0AC0
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\system32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl 6F58BD07113A38412A6AE6566A3B36A0

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-10 18:56 - 2017-12-10 20:03 - 000000000 ____D C:\FRST
2017-12-04 17:46 - 2017-12-04 17:46 - 000262192 _____ C:\Windows\Minidump\120417-45739-01.dmp
2017-12-01 13:38 - 2017-12-01 13:38 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-12-01 13:38 - 2016-11-14 04:30 - 001767712 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2017-12-01 13:38 - 2016-11-14 04:30 - 001756560 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
2017-12-01 13:38 - 2016-11-14 04:30 - 001377752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-12-01 13:38 - 2016-11-14 04:30 - 001316136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-12-01 13:38 - 2016-11-14 04:30 - 000112168 _____ C:\Windows\System32\NvRtmpStreamer64.dll
2017-12-01 13:38 - 2016-11-14 01:45 - 000615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-01 13:37 - 2017-12-04 17:40 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-12-01 13:34 - 2016-11-14 04:30 - 031523384 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 024208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 023000000 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 017559384 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 016128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 015301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 014497712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 013915720 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 013826968 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 012905016 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2017-12-01 13:34 - 2016-11-14 04:30 - 011270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 011208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 004253240 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 003995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 002822568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 001908272 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434201.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 001557552 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434201.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000951232 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000909760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000114744 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000104512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-12-01 13:34 - 2016-11-14 04:30 - 000056384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2017-12-01 12:50 - 2017-12-01 12:50 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-12-01 12:18 - 2017-12-01 12:18 - 000000000 ____D C:\Users\Judy's\Desktop\SF_01-12-2017
2017-10-20 10:24 - 2017-10-20 10:24 - 126925120 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2017-10-20 10:10 - 2017-09-13 07:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-10-20 10:10 - 2017-09-13 07:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-10-20 10:10 - 2017-09-13 07:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-20 10:10 - 2017-09-13 07:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-20 10:10 - 2017-09-08 16:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-10-20 10:10 - 2017-09-08 15:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-20 10:10 - 2017-09-08 07:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2017-10-20 10:10 - 2017-09-08 07:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-10-20 10:10 - 2017-09-07 13:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-10-20 10:10 - 2017-09-07 13:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2017-10-20 10:10 - 2017-09-07 13:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2017-10-20 10:10 - 2017-09-07 13:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-10-20 10:10 - 2017-09-07 13:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2017-10-20 10:10 - 2017-09-07 13:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-10-20 10:10 - 2017-09-07 13:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2017-10-20 10:10 - 2017-09-07 13:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-10-20 10:10 - 2017-09-07 13:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-10-20 10:10 - 2017-09-07 13:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-10-20 10:10 - 2017-09-07 13:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2017-10-20 10:10 - 2017-09-07 13:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-10-20 10:10 - 2017-09-07 13:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2017-10-20 10:10 - 2017-09-07 13:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-10-20 10:10 - 2017-09-07 13:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2017-10-20 10:10 - 2017-09-07 13:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-10-20 10:10 - 2017-09-07 12:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2017-10-20 10:10 - 2017-09-07 12:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-10-20 10:10 - 2017-09-07 12:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-10-20 10:10 - 2017-09-07 12:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-10-20 10:10 - 2017-09-07 12:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2017-10-20 10:10 - 2017-09-07 12:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2017-10-20 10:10 - 2017-09-07 12:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2017-10-20 10:10 - 2017-09-07 12:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-10-20 10:10 - 2017-09-07 12:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-10-20 10:10 - 2017-09-07 12:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2017-10-20 10:10 - 2017-09-07 12:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-10-20 10:10 - 2017-09-07 12:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-10-20 10:10 - 2017-09-07 12:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-10-20 10:10 - 2017-09-07 12:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-10-20 10:10 - 2017-09-07 12:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2017-10-20 10:10 - 2017-09-07 11:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-10-20 10:10 - 2017-09-07 11:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-10-20 10:10 - 2017-09-07 11:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-10-20 10:10 - 2017-09-07 11:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-10-20 10:10 - 2017-09-07 11:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-10-20 10:10 - 2017-09-07 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-10-20 10:10 - 2017-09-07 11:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-20 10:10 - 2017-09-07 11:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-10-20 10:10 - 2017-09-07 11:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-20 10:10 - 2017-09-07 11:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-20 10:10 - 2017-09-07 11:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-20 10:10 - 2017-09-07 11:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-10-20 10:10 - 2017-09-07 11:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-10-20 10:10 - 2017-09-07 10:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-10-20 10:10 - 2017-09-07 10:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-20 10:10 - 2017-09-07 10:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-10-20 10:10 - 2017-09-07 10:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-10-20 10:10 - 2017-09-07 10:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-10-20 10:10 - 2017-09-07 10:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-10-20 10:10 - 2017-09-07 10:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-10-20 10:10 - 2017-09-07 10:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-10-20 10:10 - 2017-09-07 10:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-10-20 10:10 - 2017-09-07 10:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-20 10:10 - 2017-09-07 10:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-20 10:10 - 2017-09-07 10:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-10-20 10:10 - 2017-09-07 10:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-20 10:10 - 2017-09-07 10:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-20 10:10 - 2017-09-07 10:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-20 10:10 - 2017-09-07 10:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-20 10:10 - 2017-09-07 10:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-10-20 10:10 - 2017-09-07 10:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-20 10:10 - 2017-09-07 10:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-20 10:10 - 2017-09-07 09:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-20 10:10 - 2017-09-07 09:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-20 10:10 - 2017-08-15 07:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-10-20 10:10 - 2017-08-15 07:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2017-10-20 10:10 - 2017-08-15 07:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-10-20 10:10 - 2017-08-15 07:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-10-20 10:10 - 2017-08-14 09:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\System32\mmcndmgr.dll
2017-10-20 10:10 - 2017-08-14 09:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-10-20 10:10 - 2017-08-13 13:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\System32\mmc.exe
2017-10-20 10:10 - 2017-08-13 13:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-10-20 10:10 - 2017-08-10 22:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2017-10-20 10:10 - 2017-08-10 22:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-10-20 10:10 - 2017-07-07 07:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\System32\DXPTaskRingtone.dll
2017-10-20 10:10 - 2017-07-07 07:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-10-20 10:09 - 2017-09-13 07:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-10-20 10:09 - 2017-09-13 07:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-10-20 10:09 - 2017-09-13 07:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-10-20 10:09 - 2017-09-13 07:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-10-20 10:09 - 2017-09-13 07:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2017-10-20 10:09 - 2017-09-13 07:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-20 10:09 - 2017-09-13 07:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 07:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2017-10-20 10:09 - 2017-09-13 07:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2017-10-20 10:09 - 2017-09-13 07:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-10-20 10:09 - 2017-09-13 07:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2017-10-20 10:09 - 2017-09-13 07:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2017-10-20 10:09 - 2017-09-13 06:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2017-10-20 10:09 - 2017-09-13 06:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2017-10-20 10:09 - 2017-09-13 06:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-10-20 10:09 - 2017-09-13 06:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-10-20 10:09 - 2017-09-13 06:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-10-20 10:09 - 2017-09-13 06:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-10-20 10:09 - 2017-09-13 06:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-10-20 10:09 - 2017-09-13 06:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-20 10:09 - 2017-09-13 06:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-20 10:09 - 2017-09-13 06:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-20 10:09 - 2017-09-13 06:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-20 10:09 - 2017-09-13 06:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-20 10:09 - 2017-09-13 06:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 06:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 06:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 06:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-20 10:09 - 2017-09-13 06:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-20 10:09 - 2017-09-08 07:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2017-10-20 10:09 - 2017-09-08 07:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\System32\Query.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2017-10-20 10:09 - 2017-09-08 07:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2017-10-20 10:09 - 2017-09-08 07:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2017-10-20 10:09 - 2017-09-08 07:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2017-10-20 10:09 - 2017-09-08 07:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2017-10-20 10:09 - 2017-09-08 07:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-20 10:09 - 2017-09-08 07:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-20 10:09 - 2017-09-08 07:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-20 10:09 - 2017-09-08 07:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-20 10:09 - 2017-09-08 07:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-20 10:09 - 2017-09-08 07:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-20 10:09 - 2017-09-08 07:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-20 10:09 - 2017-09-08 07:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-20 10:09 - 2017-09-08 07:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-20 10:09 - 2017-09-08 07:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-20 10:09 - 2017-09-08 07:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-20 10:09 - 2017-09-08 07:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-20 10:09 - 2017-09-08 07:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-20 10:09 - 2017-09-08 06:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-20 10:09 - 2017-09-08 06:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-20 10:09 - 2017-09-08 06:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-20 10:09 - 2017-09-08 06:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-20 10:09 - 2017-09-08 06:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-20 10:09 - 2017-09-07 11:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-10-20 10:09 - 2017-09-07 07:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll
2017-10-20 10:09 - 2017-09-07 07:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-20 10:09 - 2017-09-07 06:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-10-20 10:09 - 2017-09-07 06:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-10-20 10:09 - 2017-09-07 06:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2017-10-20 10:09 - 2017-08-19 07:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2017-10-20 10:09 - 2017-08-19 07:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2017-10-20 10:09 - 2017-08-19 07:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2017-10-20 10:09 - 2017-08-19 07:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2017-10-20 10:09 - 2017-08-19 07:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-10-20 10:09 - 2017-08-19 07:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-10-20 10:09 - 2017-08-19 07:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-10-20 10:09 - 2017-08-19 07:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-10-20 10:09 - 2017-08-19 07:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2017-10-20 10:09 - 2017-08-19 07:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2017-10-20 10:09 - 2017-08-19 06:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-10-20 10:09 - 2017-08-19 06:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-10-20 10:09 - 2017-08-16 07:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2017-10-20 10:09 - 2017-08-16 07:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-10-20 10:09 - 2017-08-14 09:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2017-10-20 10:09 - 2017-08-14 09:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-10-20 10:09 - 2017-08-14 09:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\System32\mmcbase.dll
2017-10-20 10:09 - 2017-08-14 09:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-10-20 10:09 - 2017-08-14 09:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-10-20 10:09 - 2017-08-14 09:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\System32\mmcshext.dll
2017-10-20 10:09 - 2017-08-14 09:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-10-20 10:09 - 2017-08-14 09:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2017-10-20 10:09 - 2017-08-14 09:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\System32\cic.dll
2017-10-20 10:09 - 2017-08-13 13:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2017-10-20 10:09 - 2017-08-10 22:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2017-10-20 10:09 - 2017-08-10 22:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2017-10-20 10:09 - 2017-08-10 22:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\System32\ntprint.dll
2017-10-20 10:09 - 2017-08-10 22:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\System32\Wldap32.dll
2017-10-20 10:09 - 2017-08-10 22:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\oleres.dll
2017-10-20 10:09 - 2017-08-10 22:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\nsisvc.dll
2017-10-20 10:09 - 2017-08-10 22:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\winnsi.dll
2017-10-20 10:09 - 2017-08-10 22:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\nsi.dll
2017-10-20 10:09 - 2017-08-10 22:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2017-10-20 10:09 - 2017-08-10 22:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\System32\inetpp.dll
2017-10-20 10:09 - 2017-08-10 22:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\inetppui.dll
2017-10-20 10:09 - 2017-08-10 22:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\System32\comcat.dll
2017-10-20 10:09 - 2017-08-10 22:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\System32\ntprint.exe
2017-10-20 10:09 - 2017-08-10 22:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\wpnpinst.exe
2017-10-20 10:09 - 2017-08-10 22:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-10-20 10:09 - 2017-08-10 22:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-10-20 10:09 - 2017-08-10 22:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-10-20 10:09 - 2017-08-10 22:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-10-20 10:09 - 2017-08-10 22:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-10-20 10:09 - 2017-08-10 22:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-10-20 10:09 - 2017-08-10 22:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\netbtugc.exe
2017-10-20 10:09 - 2017-08-10 22:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-10-20 10:09 - 2017-08-10 22:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-10-20 10:09 - 2017-08-10 22:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-10-20 10:09 - 2017-08-10 22:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2017-10-20 10:09 - 2017-08-10 21:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-04 19:05 - 2012-11-25 18:21 - 002044074 _____ C:\Windows\ntbtlog.txt
2017-12-04 17:53 - 2016-07-30 20:13 - 000192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-12-04 17:50 - 2009-07-13 21:13 - 000007164 _____ C:\Windows\System32\PerfStringBackup.INI
2017-12-04 17:46 - 2012-08-19 21:54 - 237997438 _____ C:\Windows\MEMORY.DMP
2017-12-04 17:46 - 2012-08-19 21:54 - 000000000 ____D C:\Windows\Minidump
2017-12-04 17:46 - 2012-08-19 15:43 - 000000000 ____D C:\users\Judy's
2017-12-04 17:40 - 2016-09-13 04:36 - 000000000 ____D C:\users\DefaultAppPool
2017-12-04 17:40 - 2013-10-23 11:29 - 000000000 ____D C:\Users\Judy's\AppData\Local\Cyberlink SoftDMA
2017-12-04 17:40 - 2012-09-13 06:54 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-04 17:40 - 2012-08-21 21:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-04 17:40 - 2012-08-21 21:23 - 000000000 ____D C:\Windows\System32\Macromed
2017-12-04 17:40 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2017-12-04 17:40 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-12-04 17:39 - 2016-10-07 07:50 - 000000000 ____D C:\Users\Judy's\AppData\Local\NVIDIA
2017-12-04 17:39 - 2012-09-21 10:17 - 000000000 ____D C:\ProgramData\Real
2017-12-04 16:52 - 2012-08-21 15:09 - 000007618 _____ C:\Users\Judy's\AppData\Local\Resmon.ResmonCfg
2017-12-04 01:39 - 2009-07-13 20:45 - 000023392 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-04 01:39 - 2009-07-13 20:45 - 000023392 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-03 13:02 - 2017-08-15 12:19 - 000000000 ____D C:\Users\Judy's\AppData\LocalLow\Mozilla
2017-12-01 13:43 - 2012-12-08 20:46 - 000000000 ____D C:\Users\Judy's\AppData\Local\NVIDIA Corporation
2017-12-01 13:40 - 2012-08-21 15:22 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-01 13:38 - 2012-09-13 07:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-01 13:38 - 2012-08-21 15:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-01 13:36 - 2014-11-20 16:18 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-01 12:51 - 2014-01-14 02:28 - 000000000 ____D C:\ProgramData\Oracle
2017-12-01 12:50 - 2014-11-16 09:18 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-01 12:11 - 2012-08-19 15:55 - 000438272 _____ C:\Windows\za_mv_raid.ev
2017-12-01 12:11 - 2012-08-19 15:55 - 000000096 _____ C:\Windows\za_mv_seqnum.ev
2017-12-01 12:11 - 2012-08-19 15:55 - 000000008 _____ C:\Windows\mvraidver.dat
2017-12-01 12:09 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-01 11:37 - 2012-08-21 20:11 - 000002385 _____ C:\Users\Judy's\Desktop\Google Chrome.lnk
2017-12-01 08:55 - 2012-10-01 05:32 - 000000000 ____D C:\Program Files\DivX
2017-12-01 08:55 - 2012-10-01 05:28 - 000000000 ____D C:\Program Files (x86)\DivX
2017-12-01 08:55 - 2012-10-01 05:27 - 000000000 ____D C:\ProgramData\DivX
2017-12-01 06:50 - 2015-01-07 08:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-01 06:16 - 2012-08-21 20:08 - 000003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289242879-1197265457-56631729-1000UA
2017-12-01 06:16 - 2012-08-21 20:08 - 000003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4289242879-1197265457-56631729-1000Core
2017-11-30 21:03 - 2012-10-01 05:33 - 000000000 ____D C:\Users\Judy's\AppData\Roaming\DivX
2017-11-30 14:47 - 2012-08-19 17:09 - 000000000 ____D C:\gregs
2017-11-30 14:45 - 2012-08-21 20:19 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-30 14:45 - 2012-08-21 20:19 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-30 14:39 - 2012-08-19 19:24 - 000000000 ____D C:\downloads form the internet
2017-11-15 01:07 - 2012-11-12 02:46 - 000000000 ____D C:\Users\Judy's\Documents\Outlook Files

Some files in TEMP:
====================
2014-02-18 23:48 - 2014-02-18 23:52 - 001505724 _____ () C:\Users\Judy's\AppData\Local\Temp\1_Offer_5.exe
2014-02-18 23:48 - 2014-02-18 23:52 - 001630596 _____ () C:\Users\Judy's\AppData\Local\Temp\1_Offer_7.exe
2015-11-12 03:42 - 2015-11-12 03:43 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\BingSvc.exe
2015-10-10 11:36 - 2015-11-12 03:43 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\BSvcProcessor.exe
2015-10-10 11:36 - 2015-11-12 03:42 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\BSvcUpdater.exe
2013-03-19 13:14 - 2013-03-19 13:14 - 000467456 _____ (Realtek Semiconductor Corp.) C:\Users\Judy's\AppData\Local\Temp\COMAP.EXE
2015-10-10 11:25 - 2015-10-10 11:25 - 002308240 _____ (Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\DefaultPack.EXE
2012-12-20 23:04 - 2013-04-17 11:39 - 000953152 _____ (DivX, LLC) C:\Users\Judy's\AppData\Local\Temp\DivXSetup.exe
2012-08-21 21:17 - 2012-08-21 21:20 - 009821896 _____ (Adobe Systems Incorporated) C:\Users\Judy's\AppData\Local\Temp\fp_pl_pfs_installer.exe
2014-12-18 07:31 - 2014-12-18 07:31 - 001054912 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32au_mssd_aaa_aih.exe
2014-12-18 08:00 - 2014-12-18 08:00 - 001054400 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32ax_gtbd_chrd_dn_aaa_aih.exe
2014-12-18 08:26 - 2014-12-18 08:26 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih(1).exe
2014-12-29 20:53 - 2014-12-29 20:53 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih(1)_1.exe
2015-02-06 07:40 - 2015-02-06 07:40 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih(1)_2.exe
2015-02-06 07:51 - 2015-02-06 07:51 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih(1)_3.exe
2014-12-18 07:01 - 2014-12-18 07:01 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih.exe
2014-12-18 07:05 - 2014-12-18 07:05 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_1.exe
2014-12-18 07:17 - 2014-12-18 07:17 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_2.exe
2014-12-18 08:22 - 2014-12-18 08:21 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_3.exe
2014-12-29 21:10 - 2014-12-29 21:10 - 001055936 _____ (Adobe) C:\Users\Judy's\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih_4.exe
2014-04-15 12:50 - 2014-04-15 12:50 - 000921512 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-27 21:15 - 2014-07-27 21:15 - 000918440 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 09:06 - 2014-09-29 09:06 - 000937896 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2012-09-27 13:56 - 2012-09-27 13:56 - 000895464 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
2015-10-25 10:21 - 2015-10-25 10:21 - 000585824 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-8u65-windows-au.exe
2016-04-27 16:46 - 2016-04-27 16:46 - 000739904 _____ (Oracle Corporation) C:\Users\Judy's\AppData\Local\Temp\jre-8u91-windows-au.exe
2012-09-21 10:17 - 2014-11-11 07:24 - 000150096 _____ (RealNetworks, Inc.) C:\Users\Judy's\AppData\Local\Temp\lowproc.exe
2012-08-21 17:00 - 2014-05-04 21:08 - 050067152 _____ (Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2017-08-22 09:18 - 2017-08-22 09:18 - 000000000 _____ () C:\Users\Judy's\AppData\Local\Temp\mpam-6a1b1231.exe
2013-03-21 17:05 - 2013-03-21 17:05 - 010485760 _____ (Microsoft Corporation) C:\Users\Judy's\AppData\Local\Temp\mpam-6a673232.exe
2012-08-30 06:39 - 2012-10-02 13:25 - 000374664 _____ (NVIDIA Corporation) C:\Users\Judy's\AppData\Local\Temp\nv3DVStreaming.dll
2012-08-30 06:39 - 2012-10-02 13:23 - 000903584 _____ (NVIDIA Corporation) C:\Users\Judy's\AppData\Local\Temp\nvSCPAPI.dll
2012-08-30 06:40 - 2012-10-02 13:23 - 000354088 _____ (NVIDIA Corporation) C:\Users\Judy's\AppData\Local\Temp\nvStereoApiI.dll
2012-08-30 06:40 - 2015-02-03 16:00 - 000826696 _____ (NVIDIA Corporation) C:\Users\Judy's\AppData\Local\Temp\nvStInst.exe
2013-01-23 01:44 - 2013-01-23 01:44 - 000658072 _____ (RealNetworks, Inc.) C:\Users\Judy's\AppData\Local\Temp\rnsetup0.exe
2014-05-04 20:19 - 2014-05-04 20:19 - 000094031 _____ () C:\Users\Judy's\AppData\Local\Temp\SCC.dll
2012-10-01 06:28 - 2012-10-01 06:28 - 000224232 _____ (Adobe Systems Inc.) C:\Users\Judy's\AppData\Local\Temp\Shockwave_Installer_FF.exe
2012-10-01 05:23 - 2012-10-01 05:23 - 003380216 _____ (SweetIM Technologies Lt) C:\Users\Judy's\AppData\Local\Temp\SIMEEIInstaller.exe
2012-09-21 10:17 - 2014-11-11 07:25 - 000090624 _____ (RealNetworks, Inc.) C:\Users\Judy's\AppData\Local\Temp\stubhelper.dll
2013-03-19 10:58 - 2013-03-19 11:02 - 022916830 _____ () C:\Users\Judy's\AppData\Local\Temp\vlc-2.0.5-win32.exe
2012-08-19 17:34 - 2007-04-16 11:14 - 000450560 _____ (Macrovision Corporation) C:\Users\Judy's\AppData\Local\Temp\_is511B.exe
2012-08-19 19:18 - 2007-04-16 11:14 - 000450560 _____ (Macrovision Corporation) C:\Users\Judy's\AppData\Local\Temp\_is983A.exe
2016-07-31 03:57 - 2016-07-31 06:27 - 000863168 _____ () C:\Users\Judy's\AppData\Local\Temp\{7AC5FAC2-46EF-4C97-85A7-898941C24DE3}-51.0.2704.103_50.0.2661.102_chrome_updater.exe
2016-07-31 08:33 - 2016-07-31 08:52 - 000417688 _____ () C:\Users\Judy's\AppData\Local\Temp\{B3FCEDBC-A832-4CF0-8725-582427AA9F30}-51.0.2704.103_50.0.2661.102_chrome_updater.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {414820e5-ea78-11e1-8f22-b1aba35bcc84}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7 Home Premium (recovered)
locale                  en-US
recoverysequence        {414820e7-ea78-11e1-8f22-b1aba35bcc84}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows

Windows Boot Loader
-------------------
identifier              {414820e6-ea78-11e1-8f22-b1aba35bcc84}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {414820e7-ea78-11e1-8f22-b1aba35bcc84}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {414820e5-ea78-11e1-8f22-b1aba35bcc84}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {414820e7-ea78-11e1-8f22-b1aba35bcc84}
device                  ramdisk=[C:]\Recovery\414820e7-ea78-11e1-8f22-b1aba35bcc84\Winre.wim,{414820e8-ea78-11e1-8f22-b1aba35bcc84}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\414820e7-ea78-11e1-8f22-b1aba35bcc84\Winre.wim,{414820e8-ea78-11e1-8f22-b1aba35bcc84}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {414820e9-ea78-11e1-8f22-b1aba35bcc84}
device                  partition=C:
path                    \windows1\system32\winload.exe
description             Windows 7 Home Premium (recovered)
locale                  en-US
recoverysequence        {414820e7-ea78-11e1-8f22-b1aba35bcc84}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows1

Resume from Hibernate
---------------------
identifier              {414820e5-ea78-11e1-8f22-b1aba35bcc84}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {414820e8-ea78-11e1-8f22-b1aba35bcc84}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\414820e7-ea78-11e1-8f22-b1aba35bcc84\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16379.49 MB
Available physical RAM: 15166.86 MB
Total Virtual: 16377.64 MB
Available Virtual: 15168.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:747.31 GB) NTFS
Drive d: (2 hard drive) (Fixed) (Total:931.51 GB) (Free:552.27 GB) NTFS
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:14.9 GB) (Free:14.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 061214EB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A70C79C1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-11-30 22:21

==================== End of FRST.txt ============================



#7 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 654 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 AM

Posted 12 December 2017 - 12:19 PM

Hi gjinc and
Welcome to the Bleeping Computer! :)

My name is Slurppa and I will be handling your log(s) to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.


Meanwhile, please try to remove all devices from your computer(USB and other peripherals) and then start your computer.

Please familiarize yourself with the following guidelines:
  • Complete all the steps in their given order.
  • Update me about the current state of your computer.
  • If you have any problems or questions please let me know. If your are unsure how to continue please let me know.
  • Do not run any other fixes/programs that I have not instructed.
  • Copy and paste all logs into your post directly unless otherwise instructed. Don't attach logs.
  • Lack of symptoms does not mean the computer is clean. Please stick with me until I give you green light.

Edited by Slurppa, 12 December 2017 - 12:34 PM.

Member of the Bleeping Computer A.I.I. early response team!


#8 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 13 December 2017 - 08:44 AM

Thanks, I removed all hardware except for the basics, I swapped graphics cards, memory. I tried 1 hard drive at a time. Still will only get to windows logo and black screen.



#9 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 654 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 AM

Posted 13 December 2017 - 04:23 PM

Are you able to access safe mode?

If so could you please run FRST from there.

Member of the Bleeping Computer A.I.I. early response team!


#10 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 13 December 2017 - 05:52 PM

I can not access windows safe mode. only comes up with a box to chose a few actions. I can only run FRST from a usb stick



#11 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 654 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 AM

Posted 16 December 2017 - 09:23 AM

Hi gjinc


We need to run a fix with FRST:

Please copy and paste the fix I have placed in below to a text file and save it to the same location(to your usb stick) as FRST with name fixlist.txt

 
    
    CMD: copy /y c:\windows\minidump\*.dmp h:\
    CMD: sfc /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\Windows
    
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Attach the USB and boot into Recovery Environment as you have done before.
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait. Note:We are running system repair tool along with this script so this might take over an hour.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
The script will also copy minidump files to your usb stick.
Please zip them and attach the zip file in your next post.

Member of the Bleeping Computer A.I.I. early response team!


#12 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 16 December 2017 - 09:46 AM

Ok, got it.

Will post log in a zip file

Thank You



#13 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 16 December 2017 - 03:44 PM

Test took about 30 seconds, I will try to zip the files now

 

FIxlog text

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by SYSTEM (16-12-2017 15:36:43) Run:1
Running from H:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
    
    CMD: copy /y c:\windows\minidump\*.dmp h:\
    CMD: sfc /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\Windows
*****************


========= copy /y c:\windows\minidump\*.dmp h:\ =========

c:\windows\minidump\020413-24445-01.dmp
c:\windows\minidump\021313-22573-01.dmp
c:\windows\minidump\021713-22120-01.dmp
c:\windows\minidump\022113-20482-01.dmp
c:\windows\minidump\031913-21184-01.dmp
c:\windows\minidump\032113-20982-01.dmp
c:\windows\minidump\033013-26332-01.dmp
c:\windows\minidump\042813-23680-01.dmp
c:\windows\minidump\050913-19375-01.dmp
c:\windows\minidump\051413-22791-01.dmp
c:\windows\minidump\051513-21372-01.dmp
c:\windows\minidump\051613-23883-01.dmp
c:\windows\minidump\052013-40653-01.dmp
c:\windows\minidump\052213-26145-01.dmp
c:\windows\minidump\052213-27112-01.dmp
c:\windows\minidump\061614-20623-01.dmp
c:\windows\minidump\091916-39015-01.dmp
c:\windows\minidump\120417-45739-01.dmp
c:\windows\minidump\121912-19188-01.dmp
c:\windows\minidump\122112-39905-01.dmp
       20 file(s) copied.

========= End of CMD: =========


========= sfc /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\Windows =========



Beginning system scan.  This process will take some time.




Windows Resource Protection could not perform the requested operation.


========= End of CMD: =========


==== End of Fixlog 15:36:46 ====

Attached Files


Edited by gjinc, 16 December 2017 - 03:50 PM.


#14 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 654 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:49 AM

Posted 18 December 2017 - 12:34 PM

System scan failed for some reason. Let's try few more things and see why the scan failed.


:step1:

We need to run a fix with FRST:

Please copy and paste the fix I have placed in below to a text file and save it to the same location(to your usb stick) as FRST with name fixlist.txt

 

    
    CMD: copy /y C:\WINDOWS\LOGS\CBS\CBS.LOG h:\
    CMD: chkdsk C: /R /X
    

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Attach the USB and boot into Recovery Environment as you have done before.
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait. Note:We are running system repair tool along with this script so this might take over an hour.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

The script will also copy CBS.Log file to your usb stick.
Please zip it and attach the zip file. Post the results before moving to the next step.

:step2:

Please post results of first step before moving into this.

We need to test your memory for defects. Please prepare empty usb drive for this task.

  • Download MemTest86-usb to your desktop and extract it.
  • Insert empty usb to your computer and start imageUSB.exe
  • Select your empty usb drive in Step 1 and click Write
    Warning! All the data will be wiped out from your usb drive so ensure there are no important files!

Insert the usb to your malfunctioning computer and boot from the usb.

You will be greeted with screen like this

Memtest86-screenshot.png

Please let it run at least one pass(recommended 6) and report all the errors.
You can track passes and errors on lower right of the screen.
Program will inform you when it has completed the first pass and offers you to exit the application.
I suggest you leave this running overnight if possible.


Member of the Bleeping Computer A.I.I. early response team!


#15 gjinc

gjinc
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 19 December 2017 - 08:22 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2017
Ran by SYSTEM (19-12-2017 00:45:50) Run:2
Running from H:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
CMD: copy /y C:\WINDOWS\LOGS\CBS\CBS.LOG h:\
CMD: chkdsk C: /R /X
*****************


========= copy /y C:\WINDOWS\LOGS\CBS\CBS.LOG h:\ =========

        1 file(s) copied.

========= End of CMD: =========


========= chkdsk C: /R /X =========

The type of the file system is NTFS.

========= End of CMD: =========

 

Attached Files

  • Attached File  CBS.zip   6.8KB   2 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users