Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Global Moderator
In RE, the CurrentControlSet key is not suppose to be available. Lets remove it and see what happens.
Download the attached file [attachment=78350:fixlist.txt] and save it in the same directory FRST64 is saved in the USB drive.
Please copy and paste its contents in your next reply.
Member
Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by SYSTEM (2015-09-05 13:25:30) Run:13Running from F:\Boot Mode: Recovery==============================================fixlist content:*****************Reg: Reg delete HKLM\SYSTEM\CurrentControlSet /fReg: Reg query HKLM\SYSTEMReg: Reg query HKLM\SYSTEM\Select*****************========= Reg delete HKLM\SYSTEM\CurrentControlSet /f =========ERROR: The system was unable to find the specified registry key or value.========= End of Reg: ================== Reg query HKLM\SYSTEM =========HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001HKEY_LOCAL_MACHINE\SYSTEM\MountedDevicesHKEY_LOCAL_MACHINE\SYSTEM\RNGHKEY_LOCAL_MACHINE\SYSTEM\SelectHKEY_LOCAL_MACHINE\SYSTEM\SetupHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet========= End of Reg: ================== Reg query HKLM\SYSTEM\Select =========HKEY_LOCAL_MACHINE\System\SelectCurrent REG_DWORD 0x1Default REG_DWORD 0x1Failed REG_DWORD 0x0LastKnownGood REG_DWORD 0x2========= End of Reg: ============= End of Fixlog 13:25:31 ====
Global Moderator
Perhaps is a virtual key produced by FRST. Will check with the developer.
Which is the brand of the computer?
Download the attached file [attachment=78353:fixlist.txt] downloads and save it in the same directory FRST64 is saved in the USB drive.
Please copy and paste its contents in your next reply.
Member
There isn't a brand, I built it.
Components:
Only component that failed was the OCZ Vertex Plus 120GB SSD, which is still under warranty (fat load of good that'll do for my data).
Anyway, used the fixlist and here is the resulting log:
Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by SYSTEM (2015-09-05 15:29:50) Run:14Running from F:\Boot Mode: Recovery==============================================fixlist content:*****************Reg: Reg query HKLM\SYSTEM\ControlSet001*****************========= Reg query HKLM\SYSTEM\ControlSet001 =========HKEY_LOCAL_MACHINE\System\ControlSet001\ControlHKEY_LOCAL_MACHINE\System\ControlSet001\EnumHKEY_LOCAL_MACHINE\System\ControlSet001\Hardware ProfilesHKEY_LOCAL_MACHINE\System\ControlSet001\PoliciesHKEY_LOCAL_MACHINE\System\ControlSet001\services========= End of Reg: ============= End of Fixlog 15:29:50 ====
Global Moderator
That reads correct.
There is no tool that we can use to identify the exact problem. There are millions of entries, and maybe just one is causing the problem. The error message you are receiving seems to indicate that the System hive of the registry is corrupted however, there are no working backup to correct the issue.
I would recommend a full backup of your data and a Windows Repair Install. It will be like performing an upgrade, instead of performing a clean install of Windows. Many sites provide the instructions to do so.
I hate to lose one, but there are limitations.
Member
i have a full .vhd backup of the data as well as the Acronis backup.
I guess my only concern now is how do I go about getting my EFS certificates off of this drive? I tried using the "cipher /x" or "cipher.exe /x" command, from the command prompt, and the response I got was "the system cannot find the file specified". Since I can log into my account credentials in the Recovery Environment, I should think I could run Cipher from there to export/generate an EFS certificate file. I'd still have to reinstall/retweak everything, but at least I wouldn't lose all the encrypted data from my job.
Would doing a Repair install wipe out my EFS certificates, or would those remain intact?
Regardless of the answers to the above question, this was several days worth of work on your part, and I really appreciate all of it. Even though we couldn't fix it, I really want to thank you for trying to work through it with me. It feels a heck of a lot better than just giving up on it would have. Thank you.
EDIT: Seems I need to ask one more question of you. I cannot do an upgrade or repair install--my DVD insists I have to initiate from within windows. Since I can't boot into WIndows, I can't do anything but a clean install. Do you have any suggestions for how to get around this limitation?
Edited by senselocke, 05 September 2015 - 03:41 PM.
Global Moderator
I am not savvy in encryption. Let me ask my co-members. Will post back about this. In regard to the Repair Install, will also ask around.
Global Moderator
senselocke, have you tried something yet.
A co-worker identified errors on a fixlist previously submitted. If you have not done anything yet, I would like to to fix this.
I have asked about the EFS. Someone should be jumping in with information.
Please let me know.
Trusted Helper
Hi senselocke -
JSntgRvr is going to try a few more things to get you running again. I'm familiar with EFS and had a question. Was your machine part of a domain or just a workgroup? If part of a domain recovery keys can be obtained. If this is all personal and has nothing to do with work it's going to be trickier. Let me know and let's see if we can get you into Windows.
Member
JSntgRvr: Yes, I went ahead and installed over the old installation yesterday. I hadn't heard anything back, and I found one of the guides you mentioned for how to push everything to the "windows.old" directory. I wish I'd waited just one more hour. I do still have the source .tib backup, so we could start over if need be. I've saved all the fixlists in order, I was going to try them again when I had the fundage to buy a new hard drive, because we at least reached a point where I could log in to my profile. Which fixlist (which post number) had the error, if I might ask? Could you post the corrected one?
BrianDrab: It was in a workgroup called "WORKGROUP" with a half-dozen other PCs on my home network. Right now, however, I cannot log in to my original account (I tried setting up a VMWare to "boot" a virtual machine reading the .vhd backup, and just export the keys there, but keep running into problems). I have the windows.old folder, I have copied the credentials folders:
C:\Windows.old\Users\MyProfileName\AppData\Roaming\Microsoft\Crypto
C:\Windows.old\Users\MyProfileName\AppData\Roaming\Microsoft\Protect
C:\Windows.old\Users\MyProfileName\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
and thought sites have mentioned these are key, I haven't found any stating what exactly I can do with them. The new installation has the same profiles with the same names and the same passwords. I have not migrated/merged the new profiles with the old ones, because Microsoft's FixIt tool hangs when it reaches an encrypted file.
At this point, I'm willing to go back to bare metal and scrap the new installation and start over with the backup and work my way through the fixlists with JSntgRvr again. But if there's a way to get the EFS certificate key at this stage, with what I have, I'd like to do that with BrianDrab first.
And again, I'd like to say "thank you" to everybody. It's really awesome that you folks are willing to do this for people.
Edited by senselocke, 07 September 2015 - 08:06 AM.
Global Moderator
If the new installation is working, better to keep it. The only issue with that type of installation is that all the programs you have installed must be reinstalled as there will be no entries in the registry for these. The error in the fixlist was that a 64 bit file, ole32.dll, was copied to the 32 bit folder and viceversa. Now that you have your system working wont make a difference.
I asked BrianDrab to assist you with the EFS.
Trusted Helper
In your situation the only way to retrieve your keys is to use a purchased product to do so. Following is an example of one that does this. It's about $150.
The other option would be to go back to what you had and try to get your machine bootable so that you could make a backup of your key.
Edited by BrianDrab, 07 September 2015 - 02:43 PM.
removed link - will send via PM
Member
Okay, here's my plan: I'm going to go and buy another 240GB twin to my current SSD. I was going to do so anyway so I could set up a RAID mirror array (so that the next time this happens I don't lose a thing). And it's a lot less than $150, and I can pick it up tomorrow and get rolling.
I'll keep the drive that's working right now, and re-start the process with the new, empty one. Maybe repeating the steps to the first time I can boot (from disk image through fixlist 1, 2, etc), I can run cipher /x and get my EFS keys, or maybe we can get it bootable now that we've identified the mixup. [bleep], maybe we can do both. When we're done, I'll set up whichever installation is working (fingers crossed it'll be the restored original) as a mirrored RAID.
Which step along the way was the file put in the wrong spot?
Global Moderator
If you re-image the drive and the OS does not boot, run FRST in RE and post the FRST.txt log.
Member
Okay. Brand new, fresh from re-imaging from WindowsImageBackup, I run FRST64 and this message pops up:
The file or directory D:\$Mft is corrupt and unreadable. Please run the Chkdsk utility.
This pops up on top of the Farbar Recovery Scan Tool "Disclaimer of Warranty" confirmation box. I hit OK, then Yes, then tried to scan, but that warning popped up for every file being scanned. I had to restart the PC. So I ran chkdsk, then scanned with FRST64, and got the following fixlog:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by SYSTEM on MININT-9RG957P (10-09-2015 13:17:07)Running from F:\Platform: WIN_7 Service Pack 1 (X64) Language: English (United States)Boot Mode: RecoveryDefault: ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Winlogon: [Userinit]HKLM-x32\...\Winlogon: [Userinit] [X]HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTIONHKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTIONHKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 AMD FUEL Service; C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)S2 avast! Antivirus; C:\Program Files\AVAST\AvastSvc.exe [146600 2015-08-08] (AVAST Software)S2 dkab_device; C:\Windows\system32\DKabcoms.exe [1034480 2008-07-01] ( )S2 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [586992 2008-07-01] ( )S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] ()S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)S3 AvastVBoxSvc; "C:\Program Files\AVAST\ng\vbox\AvastVBoxSVC.exe" [X]S3 msiserver; %systemroot%\system32\msiexec.exe /V [X]S3 SysMain; %systemroot%\system32\sysmain.dll [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 AODDriver4.1; C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-08] (AVAST Software)S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-08] (AVAST Software)S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-08] (AVAST Software)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-08] (AVAST Software)S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-15] (AVAST Software)S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-08] (AVAST Software)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-08] (AVAST Software)S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-08] (AVAST Software)S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)S0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2015-04-13] (Acronis)S0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2015-04-13] (Acronis)S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)S2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2008-04-09] (Nicomsoft Ltd.)S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)S3 AtiDCM; \??\C:\Users\senselocke\AppData\Local\Temp\atdcm64a.sys [X]S3 monitor; system32\DRIVERS\monitor.sys [X]S4 NVHDA; system32\drivers\nvhda64v.sys [X]S2 VBoxAswDrv; \??\C:\Program Files\AVAST\ng\vbox\VBoxAswDrv.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-09-10 12:30 - 2015-09-10 12:30 - 00000000 __SHD C:\found.0002015-09-10 12:19 - 2015-09-10 13:17 - 00000000 ____D C:\FRST2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO7AE4~1.REG2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO55CA~1.REG2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO11E9~1.REG2015-08-17 11:58 - 2015-08-17 11:58 - 00000000 ____D C:\Program Files\Dell_HostCD2015-08-17 11:58 - 2008-09-08 13:22 - 00594432 _____ ( ) C:\Windows\System32\lexlog.dll2015-08-17 11:58 - 2008-06-26 06:59 - 00928256 _____ C:\Windows\System32\softcoin.dll2015-08-17 11:58 - 2008-06-26 06:59 - 00420864 _____ C:\Windows\System32\gencoin.dll2015-08-17 11:57 - 2015-08-17 11:59 - 00039146 _____ C:\Windows\System32\LexFiles.ulf2015-08-17 11:57 - 2015-08-17 11:57 - 00000000 ____D C:\Program Files\Dell2015-08-17 11:57 - 2008-09-08 13:22 - 00020152 _____ C:\Windows\System32\DKabpmui.chm2015-08-17 11:57 - 2008-07-01 18:03 - 01034480 _____ ( ) C:\Windows\System32\DKabcoms.exe2015-08-17 11:57 - 2008-07-01 18:03 - 00586992 _____ ( ) C:\Windows\SysWOW64\DKabcoms.exe2015-08-17 11:57 - 2008-06-25 11:06 - 00982528 _____ ( ) C:\Windows\System32\dkabpmui.dll2015-08-17 11:57 - 2008-06-25 11:03 - 01620992 _____ ( ) C:\Windows\System32\dkabserv.dll2015-08-17 11:57 - 2008-06-25 11:03 - 01386496 _____ ( ) C:\Windows\System32\dkabip1.dll2015-08-17 11:57 - 2008-06-25 11:01 - 01331712 _____ ( ) C:\Windows\System32\dkabusb1.dll2015-08-17 11:57 - 2008-06-25 10:59 - 00752128 _____ ( ) C:\Windows\System32\dkabpar1.dll2015-08-17 11:57 - 2008-06-25 10:59 - 00676864 _____ ( ) C:\Windows\System32\dkabhcp.dll2015-08-17 11:57 - 2008-06-25 10:59 - 00582144 _____ ( ) C:\Windows\System32\dkabcomm.dll2015-08-17 11:57 - 2008-06-25 10:58 - 01395200 _____ ( ) C:\Windows\System32\dkabcomc.dll2015-08-17 11:57 - 2008-06-25 10:58 - 00893440 _____ ( ) C:\Windows\System32\dkablmpm.dll2015-08-17 11:57 - 2008-06-25 10:58 - 00674816 _____ ( ) C:\Windows\System32\dkabiobj.dll2015-08-17 11:57 - 2008-06-25 10:58 - 00549376 _____ ( ) C:\Windows\System32\dkabinpa.dll2015-08-17 11:57 - 2008-06-25 10:58 - 00514048 _____ ( ) C:\Windows\System32\dkabiesc.dll2015-08-17 11:57 - 2008-06-25 10:29 - 01044480 _____ ( ) C:\Windows\SysWOW64\dkabserv.dll2015-08-17 11:57 - 2008-06-25 10:24 - 00819200 _____ ( ) C:\Windows\SysWOW64\dkabcomc.dll2015-08-17 11:57 - 2008-06-25 10:24 - 00438272 _____ ( ) C:\Windows\SysWOW64\dkabhcp.dll2015-08-17 11:57 - 2008-06-25 10:24 - 00376832 _____ ( ) C:\Windows\SysWOW64\dkabcomm.dll2015-08-17 11:57 - 2008-04-15 11:50 - 00002590 _____ C:\Windows\SysWOW64\dkab.loc2015-08-17 11:57 - 2008-04-15 11:50 - 00002590 _____ C:\Windows\System32\dkab.loc2015-08-13 05:13 - 2015-08-13 05:13 - 00000000 ____D C:\Users\senselocke\Desktop\com.gamehivecorp.taptitans --tourney 28742015-08-12 13:13 - 2015-08-12 13:13 - 00000000 ____D C:\Program Files (x86)\HFSExplorer2015-08-12 13:12 - 2015-08-12 13:12 - 01688563 ____X C:\Users\senselocke\Desktop\hfsexplorer-0.23-setup.exe2015-08-11 18:50 - 2015-08-11 18:50 - 00003118 _____ C:\Windows\System32\Tasks\{227D5253-E7AB-437E-8500-A5BA6259000F}2015-08-11 18:38 - 2015-08-11 18:38 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA2015-08-11 10:42 - 2015-08-11 10:42 - 00000000 ____D C:\Users\senselocke\Desktop\DE=HRDC hard save files==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-08-27 05:58 - 2015-04-05 16:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-08-27 05:58 - 2015-04-05 12:58 - 01530780 _____ C:\Windows\WindowsUpdate.log2015-08-26 13:15 - 2009-07-13 20:45 - 00026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-08-26 13:15 - 2009-07-13 20:45 - 00026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-08-26 13:13 - 2009-07-13 21:13 - 00781298 _____ C:\Windows\System32\PerfStringBackup.INI2015-08-26 13:07 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-08-26 13:07 - 2009-07-13 20:51 - 00068302 _____ C:\Windows\setupact.log2015-08-26 07:00 - 2015-04-05 17:31 - 00034559 _____ C:\Users\senselocke\Desktop\bills paid.txt2015-08-26 04:33 - 2015-04-05 16:29 - 00002385 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-08-25 20:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2015-08-25 05:39 - 2010-11-20 19:47 - 00183394 _____ C:\Windows\PFRO.log2015-08-25 05:39 - 2009-07-13 20:45 - 02272232 _____ C:\Windows\System32\FNTCACHE.DAT2015-08-20 18:17 - 2015-04-05 16:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation2015-08-19 03:28 - 2015-05-21 15:53 - 00017950 _____ C:\Users\senselocke\Desktop\tempuh.txt2015-08-18 09:27 - 2015-04-10 17:30 - 00000000 ____D C:\Program Files (x86)\Steam2015-08-18 09:25 - 2015-08-08 03:53 - 00000000 ____D C:\Users\senselocke\AppData\Local\dxhr2015-08-17 16:51 - 2015-08-06 17:36 - 00000000 ____D C:\Users\senselocke\Desktop\Barrister Jobs2015-08-17 16:49 - 2015-04-05 17:29 - 00000000 ____D C:\Users\senselocke\Desktop\Eli Job2015-08-17 16:48 - 2015-07-31 17:51 - 00000000 ____D C:\Users\senselocke\Desktop\Tina job2015-08-16 17:15 - 2015-04-05 17:31 - 00016004 _____ C:\Users\senselocke\Desktop\rando.txt2015-08-15 05:46 - 2015-04-06 05:08 - 01048344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys2015-08-11 18:50 - 2015-07-29 08:17 - 00000146 _____ C:\Windows\FolderSort.ini==================== Known DLLs (Whitelisted) =========================C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTIONC:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\dnsapi.dll => MD5 is legitC:\Windows\SysWOW64\dnsapi.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== Restore Points ============================================= Memory info ===========================Percentage of memory in use: 8%Total physical RAM: 8173.55 MBAvailable physical RAM: 7442.3 MBTotal Virtual: 8171.75 MBAvailable Virtual: 7444.51 MB==================== Drives ================================Drive c: () (Fixed) (Total:111.69 GB) (Free:43.43 GB) NTFSDrive f: (TI102782W0E) (Removable) (Total:29.82 GB) (Free:11.79 GB) NTFSDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 223.6 GB) (Disk ID: 5E56B0F6)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 29.8 GB) (Disk ID: 00000000)Partition: GPT.LastRegBack: 2015-08-12 03:34==================== End of FRST.txt ============================
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
