Hello this past week I have been locked out my labtop everytime the windows login screen should come up I see a black screen with mouse, I have tried all options to get in, safe mode doesn't work all advanced options can't help me, I can't use restore points in other threads informed me when its that serious it might be a virus someone adviced me to use the Kaspersky rescue disk 10 it wouldn't let me scan because of database corruption, I did startup repair it said boot configuration corruption,when opening task mangaer through command prompt it shows that explorer.exe isn't there, I'm sure this is virus related and might be the zeroaccess virus, when I tried to use the window defender offline it couldn't scan because it needed to do an update and it couldn't do that because it didn't let it connect to the internet, I tried using frst I think the steps is you scan it, it saves a notepad file to flashdrive you rename it fixlist.txt and restart your computer and click fix, but when I do it it says warning you don't know what your doing and gets out, and I tried accessing kaspersky tdsskiller through command prompt, but said I need something to access it from command prompt from recover options window. The only ways I can do anything to the computer is through command prompt on recover options and downloading a bootable usb. I know this issue is fixable by getting to the virus its just making it real difficult getting to it, I really need a program that I can access my computer through bootable usb or through command prompts from recover options to get rid of the zero access virus.
Heres the scan I got from frst
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by SYSTEM on MININT-9HARCDA (09-03-2016 23:04:51)
Running from g:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-16] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c\n. <==== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\owner\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-14] (Google Inc.)
HKU\owner\...\Run: [Google Update**.d<*>] => "C:\Users\owner\AppData\Local\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\owner\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc.)
HKU\owner\...\Run: [pronto] => C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe [23053400 2012-07-06] ()
HKU\owner\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\TEMP\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-01-14]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-01-14]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-08-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-04-17]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * lsdelete
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-10] (AVAST Software)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2015-04-05] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [257936 2010-08-12] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\ \...\ﯹ๛\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-10] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-10] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-10] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-10] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-20] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 ecxncijc; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S3 epmnvwyv; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S2 MSSQL$DDNI; no ImagePath
S2 Oasis2Service; no ImagePath
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\Apfiltr.sys 1661F9C9E4B0049FA0A5E30264375A87
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\system32\drivers\aswHwid.sys 7E66DFE6B62C6C34FD6B09DB6169E9F6
C:\Windows\system32\drivers\aswKbd.sys AECE9E699CAC76DC993BB988652B5AD8
C:\Windows\system32\drivers\aswMonFlt.sys 259ABA699202DCE45815128D7BEAE41E
C:\Windows\system32\drivers\aswRdr2.sys 0866D5FE02D614501B7B4AD5E1BC7B53
C:\Windows\System32\Drivers\aswRvrt.sys 0AA12ADF5F87B4A70BDBAED77F54B978
C:\Windows\system32\drivers\aswSnx.sys C445C4459ADC7A04E02D4646980515FC
C:\Windows\system32\drivers\aswSP.sys 43F46E7D103F46EC345B1056BDD2A60B
C:\Windows\system32\drivers\aswStm.sys 219D0E2348629FAE4E6E3478C21B23D6
C:\Windows\System32\Drivers\aswVmm.sys 9949BBD5BB70C4D317B7549896132579
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\System32\DRIVERS\atikmdag.sys 89A3D56CE4044F35B9D08DD37193BBFC
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btusbflt.sys 6E04458E98DAF28826482E41A7A62DF5
C:\Windows\System32\drivers\btwaudio.sys 4BDBDB86ABBA924E029FB2683BE7C505
C:\Windows\system32\drivers\btwavdt.sys 5C849BD7C78791C5CEE9F4651D7FE38D
C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975
C:\Windows\system32\drivers\btwrchid.sys 3E1991AFA851A36DC978B0A1B0535C8B
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys 073A606333B6F7BBF20AA856DF7F0997
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 31D1AFF484D8A0906CF8D44251EC390F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys 36FDF367A1DABFF903E2214023D71368
C:\Windows\System32\drivers\RTKVHD64.sys 0F144E5F46CB9043004B5E84AA4BCA6A
C:\Windows\System32\DRIVERS\IntcDAud.sys 408B401CD7CDB075C7470B0FF7BA8D0B
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
\??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 9A7FA6371F68335FD3C3D6488BC5A9F8
C:\Windows\System32\DRIVERS\Lbd.sys C8B3131857931AE76798A741CC52B021
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys AED797CCA02783296C68AA10D0CFF8A9
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\system32\drivers\rimssne64.sys 5CA4ABD888B602551B59BAA26941C167
C:\Windows\system32\drivers\risdsne64.sys BB6E138AEB351728959DA5E2731D8140
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\SFEP.sys 70F9C476B62DE4F2823E918A6C181ADE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-28 03:06 - 2016-03-07 12:37 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-28 03:06 - 2016-03-07 12:37 - 00001922 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2016-02-28 03:04 - 2016-02-10 02:32 - 00398152 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-02-20 17:46 - 2016-03-03 14:55 - 00003622 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2016-02-19 04:39 - 2016-02-19 04:39 - 00024995 _____ C:\Windows\RGID673.tmp
2016-02-11 02:49 - 2016-03-07 12:37 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-11 02:49 - 2016-03-07 12:37 - 00001037 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
2016-02-11 02:49 - 2016-02-28 03:06 - 00003052 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455187739
2016-02-10 02:33 - 2016-02-10 02:31 - 00037144 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2016-02-10 02:32 - 2016-02-10 02:32 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-10 02:31 - 2016-02-10 02:31 - 00478128 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdisFlt.sys
2016-02-03 21:43 - 2016-02-03 21:44 - 02600244 _____ C:\Users\owner\Downloads\Ch 5 Version 2(2).pptx
2016-01-18 21:47 - 2016-01-18 21:47 - 00024995 _____ C:\Windows\RGI43C4.tmp
2016-01-17 00:40 - 2016-03-07 12:41 - 00044119 _____ C:\Users\owner\Documents\parking.pdf
2016-01-17 00:38 - 2016-01-17 00:38 - 00042858 _____ C:\Users\owner\Downloads\document.pdf
2015-12-26 04:46 - 2015-12-26 22:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-22 00:53 - 2015-12-22 00:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-15 05:02 - 2015-12-15 05:02 - 00024995 _____ C:\Windows\RGI70D2.tmp
2016-03-07 12:41 - 00023900 _____ C:\Users\owner\Documents\Fin-423-Exit Survey Fall 2015.docx
2015-12-11 05:17 - 2015-12-11 05:17 - 00000162 ____H C:\Users\owner\Documents\~$n-423-Exit Survey Fall 2015.docx
2015-12-10 23:49 - 2015-12-10 23:49 - 00479920 _____ C:\Windows\System32\s000005.dat
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-08 01:05 - 2010-04-10 15:10 - 00000000 ____D C:\users\owner
2016-03-08 00:03 - 2010-06-27 14:12 - 06503870 _____ C:\Windows\ntbtlog.txt
2016-03-07 12:37 - 2011-11-20 16:23 - 00001060 _____ C:\Users\Public\Desktop\Ad-Aware.lnk
2016-03-07 12:37 - 2011-11-20 16:23 - 00001060 _____ C:\ProgramData\Desktop\Ad-Aware.lnk
2016-03-07 12:37 - 2011-08-30 15:56 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-07 12:37 - 2011-08-30 15:56 - 00001147 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2016-03-07 12:37 - 2010-04-10 15:10 - 00000020 ___SH C:\Users\owner\ntuser.ini
2016-03-07 12:37 - 2010-01-14 05:35 - 00001031 _____ C:\Users\Public\Desktop\Best Buy Software Installer.lnk
2016-03-07 12:37 - 2010-01-14 05:35 - 00001031 _____ C:\ProgramData\Desktop\Best Buy Software Installer.lnk
2016-03-07 12:36 - 2015-11-02 02:28 - 00000383 _____ C:\ftconfig.ini
2016-03-07 12:36 - 2012-11-17 18:44 - 00000009 _____ C:\END
2016-03-07 12:36 - 2012-03-24 00:25 - 00000237 _____ C:\user.js
2016-03-07 12:36 - 2012-02-16 07:37 - 00000510 _____ C:\settings.ini
2016-03-07 12:36 - 2011-08-11 19:52 - 00002688 _____ C:\{75A1F188-D10C-47C6-BC9B-90D81BBCE53C}
2016-03-07 12:36 - 2010-06-20 14:53 - 00302997 _____ C:\test.xml
2016-03-07 12:36 - 2009-12-15 11:53 - 00003872 ____H C:\version
2016-03-07 12:36 - 2009-01-21 21:40 - 00000073 ____H C:\splash.idx
2016-03-07 12:36 - 2007-11-07 07:53 - 00242176 _____ C:\VC_RED.MSI
2016-03-07 12:36 - 2007-11-07 07:50 - 01927956 _____ C:\VC_RED.cab
2016-03-07 12:36 - 2007-11-07 07:44 - 00855040 _____ (Microsoft Corporation) C:\install.exe
2016-03-07 12:36 - 2007-11-07 07:44 - 00096272 _____ (Microsoft Corporation) C:\install.res.1036.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00095248 _____ (Microsoft Corporation) C:\install.res.3082.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00095248 _____ (Microsoft Corporation) C:\install.res.1031.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00094224 _____ (Microsoft Corporation) C:\install.res.1040.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00090128 _____ (Microsoft Corporation) C:\install.res.1033.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00080400 _____ (Microsoft Corporation) C:\install.res.1041.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00078864 _____ (Microsoft Corporation) C:\install.res.1042.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00075280 _____ (Microsoft Corporation) C:\install.res.1028.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00074768 _____ (Microsoft Corporation) C:\install.res.2052.dll
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.3082.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.2052.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1042.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1040.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1036.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1031.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1028.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00010134 _____ C:\eula.1033.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00005686 _____ C:\vcredist.bmp
2016-03-07 12:36 - 2007-11-07 07:00 - 00001110 _____ C:\globdata.ini
2016-03-07 12:36 - 2007-11-07 07:00 - 00000843 _____ C:\install.ini
2016-03-07 12:36 - 2007-11-07 07:00 - 00000118 _____ C:\eula.1041.txt
2016-02-12 21:50 - 2015-11-12 05:30 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-10 02:35 - 2014-04-15 22:43 - 00287016 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2016-02-10 02:32 - 2014-04-24 22:10 - 00037656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00165344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00107792 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00103064 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00074544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2016-02-10 02:32 - 2014-04-15 22:40 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-10 02:31 - 2014-04-15 22:43 - 01065720 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2016-02-10 02:31 - 2014-04-15 22:42 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-10 01:26 - 2012-05-08 04:26 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 01:26 - 2012-05-08 04:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 01:26 - 2011-11-20 15:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Users\owner\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1798455190-986609235-2888039337-1001\$70fcdb70c5b8d46645f03adef7c0c75c
==================== Known DLLs (Whitelisted) =========================
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
==================== EXE Association (Whitelisted) =============
==================== Restore Points =========================
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
path \bootmgr
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {default}
resumeobject {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
noerrordisplay No
custom:26000025 Yes
Windows Boot Loader
-------------------
identifier {7a82d5b3-7634-11e1-8e2d-bce9bfac6809}
device locate=\windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
path \windows\system32\winload.exe
description Microsoft Windows
locale en-us
loadoptions DDISABLE_INTEGRITY_CHECKS
inherit {bootloadersettings}
nointegritychecks Yes
custom:17000077 352321653
osdevice locate=\windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
systemroot \windows
custom:22000005 \windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
resumeobject {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
nx OptIn
pae Default
driverloadfailurepolicy UseErrorControl
custom:250000c2 1
detecthal Yes
nocrashautoreboot Yes
uselegacyapicmode Yes
Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Home Premium (recovered)
locale en-US
recoverysequence {ae696999-e5d7-11e5-881e-931eb9452383}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
Windows Boot Loader
-------------------
identifier {ae696999-e5d7-11e5-881e-931eb9452383}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{ae69699a-e5d7-11e5-881e-931eb9452383}
path \windows\system32\winload.exe
description Windows Recovery Environment (recovered)
locale
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{ae69699a-e5d7-11e5-881e-931eb9452383}
systemroot \windows
winpe Yes
Resume from Hibernate
---------------------
identifier {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
device locate=unknown
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-us
inherit {resumeloadersettings}
custom:17000077 352321653
filedevice partition=C:
filepath \hiberfil.sys
custom:25000008 1
pae Yes
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-us
inherit {globalsettings}
badmemoryaccess Yes
custom:17000077 352321653
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {ae69699a-e5d7-11e5-881e-931eb9452383}
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 3758.1 MB
Available physical RAM: 3042.57 MB
Total Virtual: 3756.25 MB
Available Virtual: 3039.14 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:289.23 GB) (Free:119.45 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:8.77 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (ROS_SysRec7_64) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive g: (USB20FD) (Removable) (Total:14.84 GB) (Free:14.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)
LastRegBack: 2016-03-03 04:26
==================== End of FRST.txt ============================