king6cee

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About king6cee

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I had installed the software to recover data from a corrupt flash drive. windows was working correctly even after the install. The computer boots but gets stuck with black screen and cursor. I have tried recovery but wasn't successful. Is there any any advice on Farbar Recovery Scan Tool . I have read it can sort the issue but need guidance.
  2. My computer couldn't load the login screen for 2 days now. i came across an article on Farbar Recovery Scan Tool and tried it. Below is the log which I seem not to be able to analyse. Any assistance will be much appreciated. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018 Ran by SYSTEM on MININT-TAL2BRV (28-08-2018 18:08:23) Running from h:\ Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 Boot Mode: Recovery Default: ControlSet002 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [298368 2011-09-06] (DameWare Development) HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14336 2010-01-14] (IBM Corporation) HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Cisco\AMP\6.1.7\iptray.exe [4055232 2018-08-05] (Cisco Systems, Inc.) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3237808 2018-01-09] (Dominik Reichl) HKLM Group Policy restriction on software: S:\ <==== ATTENTION HKLM Group Policy restriction on software: Z:\ <==== ATTENTION HKLM Group Policy restriction on software: N:\ <==== ATTENTION HKLM Group Policy restriction on software: W:\ <==== ATTENTION HKLM Group Policy restriction on software: I:\ <==== ATTENTION HKLM Group Policy restriction on software: H:\ <==== ATTENTION HKLM Group Policy restriction on software: G:\ <==== ATTENTION HKLM Group Policy restriction on software: V:\ <==== ATTENTION HKLM Group Policy restriction on software: Q:\ <==== ATTENTION HKLM Group Policy restriction on software: P:\ <==== ATTENTION HKLM Group Policy restriction on software: M:\ <==== ATTENTION HKLM Group Policy restriction on software: R:\ <==== ATTENTION HKLM Group Policy restriction on software: K:\ <==== ATTENTION HKLM Group Policy restriction on software: X:\ <==== ATTENTION HKLM Group Policy restriction on software: E:\ <==== ATTENTION HKLM Group Policy restriction on software: L:\ <==== ATTENTION HKLM Group Policy restriction on software: O:\ <==== ATTENTION HKLM Group Policy restriction on software: U:\ <==== ATTENTION HKLM Group Policy restriction on software: T:\ <==== ATTENTION HKLM Group Policy restriction on software: F:\ <==== ATTENTION HKLM Group Policy restriction on software: J:\ <==== ATTENTION HKLM Group Policy restriction on software: Y:\ <==== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\888\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION HKU\Administrator\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\comurwa\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\comurwa\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23810128 2018-08-19] (Microsoft Corporation) HKU\comurwa\...\Policies\system: [NoDispAppearancePage] 1 HKU\comurwa\...\Policies\system: [NoDispBackgroundPage] 1 HKU\comurwa\...\Policies\system: [NoDispScrSavPage] 1 HKU\comurwa\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\comurwa\...\Policies\system: [WallpaperStyle] 2 HKU\comurwa\...\Policies\system: [RunLogonScriptSync] 1 HKU\comurwa\...\Policies\Explorer: [NoThemesTab] 1 HKU\comurwa\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\Dnthuka\...\Policies\system: [NoDispAppearancePage] 1 HKU\Dnthuka\...\Policies\system: [NoDispBackgroundPage] 1 HKU\Dnthuka\...\Policies\system: [NoDispScrSavPage] 1 HKU\Dnthuka\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\Dnthuka\...\Policies\system: [WallpaperStyle] 2 HKU\Dnthuka\...\Policies\system: [RunLogonScriptSync] 1 HKU\Dnthuka\...\Policies\Explorer: [NoThemesTab] 1 HKU\Dnthuka\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\EKamau\...\Policies\system: [NoDispScrSavPage] 1 HKU\EKamau\...\Policies\system: [NoDispAppearancePage] 1 HKU\EKamau\...\Policies\system: [NoDispBackgroundPage] 1 HKU\EKamau\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\EKamau\...\Policies\system: [WallpaperStyle] 2 HKU\EKamau\...\Policies\system: [RunLogonScriptSync] 1 HKU\EKamau\...\Policies\Explorer: [NoThemesTab] 1 HKU\EKamau\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\ekasivu\...\Policies\system: [NoDispAppearancePage] 1 HKU\ekasivu\...\Policies\system: [NoDispBackgroundPage] 1 HKU\ekasivu\...\Policies\system: [NoDispScrSavPage] 1 HKU\ekasivu\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\ekasivu\...\Policies\system: [WallpaperStyle] 2 HKU\ekasivu\...\Policies\system: [RunLogonScriptSync] 1 HKU\ekasivu\...\Policies\Explorer: [NoThemesTab] 1 HKU\ekasivu\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\Ekipkemoi\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [24370360 2018-04-10] (Microsoft Corporation) HKU\Ekipkemoi\...\Policies\system: [NoDispAppearancePage] 1 HKU\Ekipkemoi\...\Policies\system: [NoDispBackgroundPage] 1 HKU\Ekipkemoi\...\Policies\system: [NoDispScrSavPage] 1 HKU\Ekipkemoi\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\Ekipkemoi\...\Policies\system: [WallpaperStyle] 2 HKU\Ekipkemoi\...\Policies\system: [RunLogonScriptSync] 1 HKU\Ekipkemoi\...\Policies\Explorer: [NoThemesTab] 1 HKU\Ekipkemoi\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\EWangai\...\Policies\system: [NoDispAppearancePage] 1 HKU\EWangai\...\Policies\system: [NoDispBackgroundPage] 1 HKU\EWangai\...\Policies\system: [NoDispScrSavPage] 1 HKU\EWangai\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\EWangai\...\Policies\system: [WallpaperStyle] 2 HKU\EWangai\...\Policies\system: [RunLogonScriptSync] 1 HKU\EWangai\...\Policies\Explorer: [NoThemesTab] 1 HKU\EWangai\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\FKungu\...\Policies\system: [NoDispScrSavPage] 1 HKU\FKungu\...\Policies\system: [NoDispAppearancePage] 1 HKU\FKungu\...\Policies\system: [NoDispBackgroundPage] 1 HKU\FKungu\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\FKungu\...\Policies\system: [WallpaperStyle] 2 HKU\FKungu\...\Policies\system: [RunLogonScriptSync] 1 HKU\FKungu\...\Policies\Explorer: [NoThemesTab] 1 HKU\FKungu\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\je_miranda\...\Policies\system: [NoDispScrSavPage] 1 HKU\je_miranda\...\Policies\system: [NoDispAppearancePage] 1 HKU\je_miranda\...\Policies\system: [NoDispBackgroundPage] 1 HKU\je_miranda\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\je_miranda\...\Policies\system: [WallpaperStyle] 2 HKU\je_miranda\...\Policies\system: [RunLogonScriptSync] 1 HKU\je_miranda\...\Policies\Explorer: [NoThemesTab] 1 HKU\je_miranda\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\jkibui\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [24370360 2018-04-10] (Microsoft Corporation) HKU\jkibui\...\Policies\system: [NoDispAppearancePage] 1 HKU\jkibui\...\Policies\system: [NoDispBackgroundPage] 1 HKU\jkibui\...\Policies\system: [NoDispScrSavPage] 1 HKU\jkibui\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\jkibui\...\Policies\system: [WallpaperStyle] 2 HKU\jkibui\...\Policies\system: [RunLogonScriptSync] 1 HKU\jkibui\...\Policies\Explorer: [NoThemesTab] 1 HKU\jkibui\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\jmwende\...\Policies\system: [NoDispAppearancePage] 1 HKU\jmwende\...\Policies\system: [NoDispBackgroundPage] 1 HKU\jmwende\...\Policies\system: [NoDispScrSavPage] 1 HKU\jmwende\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\jmwende\...\Policies\system: [WallpaperStyle] 2 HKU\jmwende\...\Policies\system: [RunLogonScriptSync] 1 HKU\jmwende\...\Policies\Explorer: [NoThemesTab] 1 HKU\jmwende\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\jwambugu\...\Policies\system: [NoDispAppearancePage] 1 HKU\jwambugu\...\Policies\system: [NoDispBackgroundPage] 1 HKU\jwambugu\...\Policies\system: [NoDispScrSavPage] 1 HKU\jwambugu\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\jwambugu\...\Policies\system: [WallpaperStyle] 2 HKU\jwambugu\...\Policies\system: [RunLogonScriptSync] 1 HKU\jwambugu\...\Policies\Explorer: [NoThemesTab] 1 HKU\jwambugu\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\mndirangu\...\Policies\system: [NoDispAppearancePage] 1 HKU\mndirangu\...\Policies\system: [NoDispBackgroundPage] 1 HKU\mndirangu\...\Policies\system: [NoDispScrSavPage] 1 HKU\mndirangu\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\mndirangu\...\Policies\system: [WallpaperStyle] 2 HKU\mndirangu\...\Policies\system: [RunLogonScriptSync] 1 HKU\mndirangu\...\Policies\Explorer: [NoThemesTab] 1 HKU\mndirangu\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\mrono\...\Policies\system: [NoDispScrSavPage] 1 HKU\mrono\...\Policies\system: [NoDispAppearancePage] 1 HKU\mrono\...\Policies\system: [NoDispBackgroundPage] 1 HKU\mrono\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\mrono\...\Policies\system: [WallpaperStyle] 2 HKU\mrono\...\Policies\system: [RunLogonScriptSync] 1 HKU\mrono\...\Policies\Explorer: [NoThemesTab] 1 HKU\mrono\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\qpulse\...\Policies\system: [NoDispAppearancePage] 1 HKU\qpulse\...\Policies\system: [NoDispBackgroundPage] 1 HKU\qpulse\...\Policies\system: [NoDispScrSavPage] 1 HKU\qpulse\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\qpulse\...\Policies\system: [WallpaperStyle] 2 HKU\qpulse\...\Policies\system: [RunLogonScriptSync] 1 HKU\qpulse\...\Policies\Explorer: [NoThemesTab] 1 HKU\qpulse\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\Snamisi\...\Policies\system: [NoDispScrSavPage] 1 HKU\Snamisi\...\Policies\system: [NoDispAppearancePage] 1 HKU\Snamisi\...\Policies\system: [NoDispBackgroundPage] 1 HKU\Snamisi\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\Snamisi\...\Policies\system: [WallpaperStyle] 2 HKU\Snamisi\...\Policies\system: [RunLogonScriptSync] 1 HKU\Snamisi\...\Policies\Explorer: [NoThemesTab] 1 HKU\Snamisi\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\TEMP\...\Policies\system: [NoDispScrSavPage] 1 HKU\TEMP\...\Policies\system: [NoDispAppearancePage] 1 HKU\TEMP\...\Policies\system: [NoDispBackgroundPage] 1 HKU\TEMP\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\TEMP\...\Policies\system: [WallpaperStyle] 2 HKU\TEMP\...\Policies\system: [RunLogonScriptSync] 1 HKU\TEMP\...\Policies\Explorer: [NoThemesTab] 1 HKU\TEMP\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\TEMP.FRESHDELMONTE\...\Policies\system: [NoDispAppearancePage] 1 HKU\TEMP.FRESHDELMONTE\...\Policies\system: [NoDispBackgroundPage] 1 HKU\TEMP.FRESHDELMONTE\...\Policies\system: [NoDispScrSavPage] 1 HKU\TEMP.FRESHDELMONTE\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp HKU\TEMP.FRESHDELMONTE\...\Policies\system: [WallpaperStyle] 2 HKU\TEMP.FRESHDELMONTE\...\Policies\system: [RunLogonScriptSync] 1 HKU\TEMP.FRESHDELMONTE\...\Policies\Explorer: [NoThemesTab] 1 HKU\TEMP.FRESHDELMONTE\...\Policies\Explorer: [ForceActiveDesktopOn] 1 HKU\WNeri\...\Policies\system: [NoDispScrSavPage] 1 HKU\WNeri\...\Policies\system: [RunLogonScriptSync] 1 Startup: C:\Users\comurwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-03-20] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\comurwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2018-03-20] ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software) GroupPolicy: Restriction ? <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 BMFMySQL_X64; C:\ProgramData\Quest Software\BMF\Repository\MySQL\bin_comm\mysqld.exe [9619456 2010-12-03] () S2 CiscoAMP_6.1.7; C:\Program Files\Cisco\AMP\6.1.7\sfc.exe [1385920 2018-08-05] (Cisco Systems, Inc.) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853984 2018-08-09] (Microsoft Corporation) S3 Cwbrxd; C:\Windows\cwbrxd.exe [94208 2010-01-14] (IBM Corporation) S2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [701312 2011-09-06] (DameWare Development LLC) S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [5683712 2011-10-02] (Firebird Project) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) S2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220856 2014-08-22] (Microsoft Corporation) S2 MSSQL$DMKL; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DMKL\MSSQL\Binn\sqlservr.exe [62277296 2014-08-22] (Microsoft Corporation) S2 MSSQL$EXPRESS2012; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.EXPRESS2012\MSSQL\Binn\sqlservr.exe [162496 2014-05-15] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28768528 2005-10-13] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS2012; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS2012\MSSQL\Binn\sqlservr.exe [191064 2012-02-10] (Microsoft Corporation) S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [42168 2014-08-22] (Microsoft Corporation) S3 MSSQLFDLauncher$DMKL; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DMKL\MSSQL\Binn\fdlauncher.exe [42168 2014-08-22] (Microsoft Corporation) S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62277296 2014-08-22] (Microsoft Corporation) S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4476096 2005-09-22] (Microsoft Corporation) S2 OracleDBConsoleorcl; C:\app\COmurwa\product\11.1.0\db_1\bin\nmesrvc.exe [25600 2007-09-12] (Oracle Corporation) S4 OracleJobSchedulerORCL; c:\app\comurwa\product\11.1.0\db_1\Bin\extjob.exe [102400 2007-10-03] () S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () S2 OracleMTSRecoveryService; c:\oracle\bin\omtsreco.exe [81408 2013-09-16] (Oracle Corporation) S2 OracleOraClient12Home1MTSRecoveryService; C:\app\client\COmurwa\product\12.2.0\client_1\bin\omtsreco.exe [72704 2017-03-13] (Oracle Corporation) S2 OracleOraDb11g_home1TNSListener; C:\app\COmurwa\product\11.1.0\db_1\BIN\TNSLSNR.exe [471040 2007-09-07] () S2 OracleServiceORCL; c:\app\comurwa\product\11.1.0\db_1\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation) S2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-29] (Oracle Corporation) S2 OracleVssWriterORCL; C:\app\COmurwa\product\11.1.0\db_1\bin\OraVSSW.exe [163840 2007-10-03] () S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) S2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-18] (PDF Complete Inc) S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2195120 2014-08-22] (Microsoft Corporation) S2 ReportServer$DMKL; C:\Program Files\Microsoft SQL Server\MSRS10_50.DMKL\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2195120 2014-08-22] (Microsoft Corporation) S2 rpm; C:\Program Files\Brooks Internet Software\RPM\rpmsrv.exe [6479680 2013-10-02] (Brooks Internet Software, Inc.) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor) S2 Safaricom Broadband. RunOuc; C:\Program Files (x86)\Safaricom Broadband\UpdateDog\ouc.exe [656976 2013-05-21] () S3 scan; C:\Program Files\Cisco\AMP\tetra\scan.dll [652568 2018-08-05] (Bitdefender) S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-04-19] (LULU SOFTWARE LIMITED) S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-04-19] (LULU SOFTWARE LIMITED) S2 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733136 2016-04-19] (LULU SOFTWARE LIMITED) S2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [887800 2016-05-18] (LULU Software Limited) S3 SQLAgent$DMKL; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DMKL\MSSQL\Binn\SQLAGENT.EXE [443576 2014-08-22] (Microsoft Corporation) S4 SQLAgent$EXPRESS2012; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.EXPRESS2012\MSSQL\Binn\SQLAGENT.EXE [448704 2014-05-15] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS2012; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS2012\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-10] (Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [443576 2014-08-22] (Microsoft Corporation) S2 SysAidAgent; C:\Program Files\SysAid\SysAidSM.exe [22952 2018-07-11] (SysAid Technology Ltd.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) S2 MSOLAP$DMKL; "C:\Program Files\Microsoft SQL Server\MSAS10_50.DMKL\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.DMKL\OLAP\Config" S2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 CiscoAMPCEFWDriver; C:\Windows\System32\Drivers\CiscoAMPCEFWDriver.sys [56592 2018-08-05] (Cisco Systems, Inc.) S1 CiscoAMPHeurDriver; C:\Windows\System32\Drivers\CiscoAMPHeurDriver.sys [83208 2018-08-05] (Cisco Systems, Inc.) S3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC) S1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.) S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [348944 2011-06-15] (Intel(R) Corporation) S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [70928 2011-06-15] (Intel(R) Corporation) S2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [119608 2018-08-05] (Cisco Systems, Inc.) S1 ImmunetProtectDriver; C:\Windows\System32\Drivers\immunetprotect.sys [113936 2018-08-05] (Cisco Systems, Inc.) S1 ImmunetSelfProtectDriver; C:\Windows\System32\Drivers\immunetselfprotect.sys [79120 2018-08-05] (Cisco Systems, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-08-22] (Microsoft Corporation) S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-10] (Microsoft Corporation) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-16] (SafeNet, Inc.) S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc.) S3 Trufos; C:\Windows\System32\Drivers\trufos.sys [442848 2018-08-05] (BitDefender S.R.L.) S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation) S1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation) S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-15] (MBB) S3 ZTEMBBMSD; C:\Windows\System32\Drivers\ZTEMBBMSD.sys [19968 2014-10-06] (ZTE Corporation) S3 ZTEusbMB; C:\Windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123136 2014-10-06] (ZTE Incorporated) S3 ZTEusbnmeaext; C:\Windows\System32\DRIVERS\ZTEusbnmeaext.sys [123136 2014-10-06] (ZTE Incorporated) S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [238080 2013-09-12] (ZTE Incorporated) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 mfeavfk01; \Device\mfeavfk01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-28 17:54 - 2018-08-28 18:08 - 000000000 ____D C:\FRST 2018-08-28 06:15 - 2018-08-28 06:15 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_17_15_11.dmp 2018-08-28 05:06 - 2018-08-28 05:06 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_16_6_53.dmp 2018-08-28 03:36 - 2018-08-28 03:36 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_14_36_44.dmp 2018-08-27 23:50 - 2018-08-27 23:50 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_10_50_49.dmp 2018-08-27 23:45 - 2018-08-27 23:45 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_10_45_44.dmp 2018-08-27 23:03 - 2018-08-27 23:03 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_10_3_30.dmp 2018-08-27 22:50 - 2018-08-27 22:50 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_9_50_22.dmp 2018-08-27 21:28 - 2018-08-27 21:28 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_8_28_35.dmp 2018-08-27 21:10 - 2018-08-27 21:10 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_8_10_54.dmp 2018-08-27 20:46 - 2018-08-27 20:46 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_7_46_9.dmp 2018-08-27 11:37 - 2018-08-27 11:37 - 000000000 __SHD C:\found.007 2018-08-27 05:11 - 2018-08-27 05:11 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_16_11_54.dmp 2018-08-27 05:08 - 2018-08-28 06:11 - 001354706 _____ C:\Windows\ntbtlog.txt 2018-08-27 05:03 - 2018-08-27 05:03 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_16_3_56.dmp 2018-08-27 04:54 - 2018-08-27 04:54 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_15_54_37.dmp 2018-08-26 23:53 - 2018-08-26 23:53 - 000023007 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_10_53_12.dmp 2018-08-26 23:37 - 2018-08-26 23:37 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_10_37_14.dmp 2018-08-26 23:25 - 2018-08-26 23:25 - 000000874 _____ C:\Users\Public\Desktop\PartitionGuru.lnk 2018-08-26 23:25 - 2018-08-26 23:25 - 000000874 _____ C:\ProgramData\Desktop\PartitionGuru.lnk 2018-08-26 23:25 - 2018-08-26 23:25 - 000000000 ____D C:\Program Files\PartitionGuru 2018-08-26 23:23 - 2018-08-26 23:23 - 048117648 _____ (Eassos Co., Ltd. ) C:\Users\comurwa\Downloads\PGSetup495508.exe 2018-08-26 23:03 - 2018-08-26 23:03 - 003082867 _____ C:\Users\comurwa\Desktop\DATA CLEANING employees.xlsx 2018-08-26 23:01 - 2018-08-26 23:01 - 000570586 _____ (Authorsoft Corporation ) C:\Users\comurwa\Downloads\USBFormatToolSetup.exe 2018-08-26 23:01 - 2018-08-26 23:01 - 000000979 _____ C:\Users\comurwa\Desktop\USB Disk Storage Format Tool.lnk 2018-08-26 23:01 - 2018-08-26 23:01 - 000000063 _____ C:\Users\comurwa\Desktop\Create Bootable USB.url 2018-08-26 23:01 - 2018-08-26 23:01 - 000000000 ____D C:\Program Files\USB Disk Storage Format Tool 2018-08-26 22:50 - 2018-08-26 22:50 - 006361858 _____ C:\Users\comurwa\Downloads\OnLineRecovery_JF620_v9.0.0.28.exe 2018-08-26 22:46 - 2018-08-26 22:46 - 000245268 _____ C:\Users\comurwa\Downloads\kingston_format_utility (1).exe 2018-08-26 22:41 - 2018-08-26 22:41 - 000001247 _____ C:\Users\comurwa\Desktop\BitRecover Pen Drive Recovery Wizard.lnk 2018-08-26 22:41 - 2018-08-26 22:41 - 000000000 ____D C:\Windows\BitRecover 2018-08-26 22:41 - 2018-08-26 22:41 - 000000000 ____D C:\Program Files (x86)\BitRecover 2018-08-26 22:40 - 2018-08-26 22:40 - 002304536 _____ (PerfectData Software ) C:\Users\comurwa\Downloads\bitrecover-pen-drive-recovery-wizard.exe 2018-08-26 22:26 - 2018-08-26 22:26 - 000000000 ____D C:\ProgramData\SystemAcCrux 2018-08-26 21:49 - 2018-08-26 21:49 - 000001303 _____ C:\Users\Public\Desktop\EaseUS Partition Master 12.10.lnk 2018-08-26 21:49 - 2018-08-26 21:49 - 000001303 _____ C:\ProgramData\Desktop\EaseUS Partition Master 12.10.lnk 2018-08-26 21:49 - 2018-08-01 02:56 - 005245072 _____ C:\Windows\System32\BootMan.exe 2018-08-26 21:49 - 2018-08-01 02:56 - 003549328 _____ C:\Windows\SysWOW64\BootMan.exe 2018-08-26 21:49 - 2018-07-19 22:07 - 000021448 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\System32\EPMVolFlt.sys 2018-08-26 21:49 - 2018-07-19 22:07 - 000021448 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\System32\Drivers\EPMVolFlt.sys 2018-08-26 21:49 - 2018-04-28 00:04 - 000132240 _____ C:\Windows\System32\setupempdrvx64.exe 2018-08-26 21:49 - 2018-01-16 13:00 - 000025032 _____ C:\Windows\System32\epmntdrv.sys 2018-08-26 21:49 - 2016-07-10 23:01 - 000010848 _____ C:\Windows\System32\EuGdiDrv.sys 2018-08-26 21:49 - 2014-11-18 03:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll 2018-08-26 21:49 - 2014-11-18 03:46 - 000017504 _____ C:\Windows\System32\EuEpmGdi.dll 2018-08-26 21:48 - 2018-08-26 21:48 - 000000000 ____D C:\Program Files (x86)\EaseUS 2018-08-26 21:39 - 2018-08-26 21:47 - 040399544 _____ (EaseUS ) C:\Users\comurwa\Downloads\epm_trial.exe 2018-08-26 21:31 - 2018-08-26 21:31 - 000245268 _____ C:\Users\comurwa\Downloads\kingston_format_utility.exe 2018-08-24 04:10 - 2018-08-24 04:10 - 000050238 _____ C:\Users\comurwa\Downloads\pdf2doc.zip 2018-08-24 04:07 - 2018-08-24 04:07 - 000064412 _____ C:\Users\comurwa\Desktop\DOSH_21A _Revised 2014_ Workplace_Registration_form.pdf 2018-08-23 23:39 - 2018-08-23 23:41 - 171880448 _____ C:\Users\comurwa\Downloads\PBIDesktopRS_x64.msi 2018-08-16 23:19 - 2018-08-16 23:30 - 000000600 _____ C:\Users\comurwa\AppData\Roaming\winscp.rnd 2018-08-16 23:13 - 2018-08-16 23:13 - 000001027 _____ C:\Users\Public\Desktop\WinSCP.lnk 2018-08-16 23:13 - 2018-08-16 23:13 - 000001027 _____ C:\ProgramData\Desktop\WinSCP.lnk 2018-08-16 23:13 - 2018-08-16 23:13 - 000000000 ____D C:\Program Files (x86)\WinSCP 2018-08-16 21:17 - 2018-08-17 04:23 - 000256377 _____ C:\Users\comurwa\Desktop\ITGC_2018_DM Agreements List with SLA.xlsx 2018-08-16 04:47 - 2018-08-16 04:47 - 005752320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2018-08-16 03:59 - 2018-08-16 03:59 - 000023268 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_16_14_59_13.dmp 2018-08-16 03:29 - 2018-08-16 03:29 - 000001329 _____ C:\Users\comurwa\export5.sql 2018-08-16 03:28 - 2018-08-16 03:28 - 000006128 _____ C:\Users\comurwa\export4.sql 2018-08-16 03:27 - 2018-08-16 03:27 - 000006535 _____ C:\Users\comurwa\export1.sql 2018-08-16 03:27 - 2018-08-16 03:27 - 000005434 _____ C:\Users\comurwa\export2.sql 2018-08-14 23:06 - 2018-08-14 23:06 - 009267914 _____ C:\Users\comurwa\Desktop\Grwdef- 2018 May fcst3.xlsx 2018-08-13 03:40 - 2018-08-13 03:43 - 007573444 _____ C:\Users\Ekipkemoi\Desktop\Sales_13.08.2018.01.csv 2018-08-13 03:30 - 2018-08-13 03:45 - 007661268 _____ C:\Users\Ekipkemoi\Desktop\Sales_13.08.2018.csv 2018-08-10 01:08 - 2018-08-10 01:08 - 000117248 _____ C:\Users\comurwa\Desktop\project acc query.msg 2018-08-09 04:33 - 2018-08-09 04:33 - 000000154 _____ C:\Users\comurwa\Desktop\issue.txt 2018-08-09 04:21 - 2018-08-09 04:21 - 009351168 _____ C:\Users\comurwa\Desktop\wm servers.msg 2018-08-07 20:26 - 2018-08-07 20:26 - 000000273 _____ C:\Users\comurwa\Downloads\2018_Healing_Pray_More_Retreat.vcf 2018-08-07 05:06 - 2018-08-07 05:06 - 000143872 _____ C:\Users\comurwa\Desktop\DDMO4i Passwords - Discoverer.msg 2018-08-06 20:41 - 2018-08-07 20:27 - 000000000 ____D C:\Users\comurwa\Desktop\prayer 2018-08-06 01:25 - 2018-08-06 01:25 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_6_12_25_45.dmp 2018-08-06 01:23 - 2018-08-06 01:23 - 004194431 _____ C:\Users\comurwa\Downloads\open-source-billing-master.zip 2018-08-06 01:21 - 2018-08-06 01:21 - 000086443 _____ C:\Users\comurwa\Downloads\simplewbs.zip 2018-08-05 21:57 - 2018-08-05 21:57 - 000083208 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\CiscoAMPHeurDriver.sys 2018-08-05 21:57 - 2018-08-05 21:57 - 000056592 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\CiscoAMPCEFWDriver.sys 2018-08-03 05:59 - 2018-08-03 05:59 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_3_16_59_14.dmp 2018-08-03 03:11 - 2018-08-03 03:11 - 002780622 _____ C:\Users\comurwa\Downloads\Free-Weighbridge-Software.7z 2018-08-03 01:22 - 2018-08-03 01:22 - 000012599 _____ C:\Users\comurwa\export.xlsx 2018-08-02 00:56 - 2018-08-02 00:56 - 000077824 _____ C:\s95s 2018-08-01 05:19 - 2001-09-17 08:55 - 001355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL 2018-08-01 05:19 - 2001-09-17 08:55 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OC30.DLL 2018-08-01 05:19 - 2001-09-17 08:55 - 000536048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OC25.DLL 2018-08-01 05:19 - 2001-09-17 08:54 - 001015568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJT3032.DLL 2018-08-01 05:19 - 2001-09-17 08:54 - 000279098 _____ C:\Windows\SysWOW64\VB5.OLB 2018-08-01 05:19 - 2001-09-17 08:54 - 000254464 _____ C:\Windows\SysWOW64\MSVCRT2X.DLL 2018-08-01 05:19 - 2001-09-17 08:54 - 000145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5EXT.OLB 2018-08-01 05:19 - 2001-09-17 08:54 - 000094720 _____ C:\Windows\SysWOW64\SH30W32.DLL 2018-08-01 05:19 - 2001-09-17 08:54 - 000080624 _____ C:\Windows\SysWOW64\SH31W32.DLL 2018-08-01 05:19 - 2001-09-17 08:54 - 000059504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBDB32.DLL 2018-08-01 05:19 - 2001-09-17 08:53 - 000322832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC30.DLL 2018-08-01 05:19 - 2001-09-17 08:53 - 000133904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCANS32.DLL 2018-08-01 05:19 - 2001-09-17 08:53 - 000026832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CTL3DV2.DLL 2018-08-01 05:01 - 2018-08-01 05:40 - 000000000 ____D C:\DevSuiteHome_2 2018-08-01 05:00 - 2018-08-01 05:00 - 000003030 _____ C:\Windows\System32\Tasks\{BCA58D64-F021-4F0E-9562-81C5D186A4D8} 2018-08-01 04:55 - 2018-08-01 04:57 - 000000000 ____D C:\DevSuiteHome_1 2018-08-01 04:51 - 2018-08-01 04:51 - 000003030 _____ C:\Windows\System32\Tasks\{A842BB26-E70B-4C4B-8867-0B465ABADF3B} 2018-08-01 04:51 - 2018-08-01 04:51 - 000003030 _____ C:\Windows\System32\Tasks\{3A6A8A30-AEBD-4557-B379-544AB8932B08} 2018-08-01 04:51 - 2018-08-01 04:51 - 000003030 _____ C:\Windows\System32\Tasks\{10D56189-5CB6-446F-8224-D2C8ABE25700} 2018-08-01 04:43 - 2018-08-01 04:43 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_1_15_43_7.dmp 2018-08-01 04:40 - 2018-08-01 04:40 - 000003030 _____ C:\Windows\System32\Tasks\{DFE45A02-6368-45D7-8F9F-E840DBEC603C} 2018-08-01 04:26 - 2018-08-01 04:26 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_1_15_26_52.dmp 2018-08-01 04:22 - 2018-08-01 04:22 - 000003030 _____ C:\Windows\System32\Tasks\{151ED357-8539-4935-8BC3-717F39833D6A} 2018-08-01 03:58 - 2018-08-01 03:59 - 000000000 ____D C:\Users\comurwa\Desktop\OracleDev10g 2018-08-01 03:47 - 2018-08-01 03:47 - 000003034 _____ C:\Windows\System32\Tasks\{92524B71-5A0E-4735-8B0D-3D43A48AE2DD} 2018-07-29 21:01 - 2018-08-26 21:32 - 000000000 ____D C:\allshare ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-28 06:16 - 2013-03-20 16:03 - 000000000 ____D C:\ProgramData\PDFC 2018-08-27 00:20 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-08-27 00:10 - 2018-03-20 21:41 - 000000000 ____D C:\Users\comurwa\AppData\Roaming\stickies 2018-08-27 00:09 - 2013-08-02 06:38 - 000000272 _____ C:\Windows\System32\config\netlogon.ftl 2018-08-27 00:09 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\inetsrv 2018-08-26 23:53 - 2009-07-13 20:45 - 000016768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-08-26 23:53 - 2009-07-13 20:45 - 000016768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-08-26 23:43 - 2014-02-28 04:24 - 000000000 ____D C:\ProgramData\firebird 2018-08-26 23:37 - 2014-01-12 20:36 - 000000000 ____D C:\users\comurwa 2018-08-26 23:34 - 2015-06-02 00:10 - 000000000 ____D C:\TEMP 2018-08-26 23:18 - 2014-11-19 22:13 - 000000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2246688769-2931975556-4038913859-103902UA.job 2018-08-26 22:26 - 2014-01-19 20:42 - 000000000 ____D C:\Users\comurwa\Documents\Outlook Files 2018-08-26 21:30 - 2015-09-09 04:41 - 000000000 ____D C:\Users\comurwa\.VirtualBox 2018-08-26 20:55 - 2009-07-13 21:13 - 001410898 _____ C:\Windows\System32\PerfStringBackup.INI 2018-08-26 20:55 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf 2018-08-24 06:27 - 2017-06-05 05:19 - 000000000 ____D C:\Users\comurwa\AppData\Roaming\Zoom 2018-08-24 00:55 - 2018-05-18 06:53 - 000000000 ____D C:\Users\comurwa\AppData\Local\Power BI Desktop SSRS 2018-08-23 23:07 - 2018-05-18 07:33 - 000000000 ____D C:\Users\comurwa\Desktop\BI 2018-08-23 22:18 - 2014-11-19 22:13 - 000000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2246688769-2931975556-4038913859-103902Core.job 2018-08-23 21:42 - 2018-06-12 21:29 - 000000000 ____D C:\Users\comurwa\AppData\Roaming\DameWare Development 2018-08-22 20:15 - 2016-08-04 06:07 - 000000000 ____D C:\Users\comurwa\AppData\Roaming\SQL Developer 2018-08-22 00:49 - 2014-03-03 19:57 - 000000000 ____D C:\Users\comurwa\AppData\Local\ElevatedDiagnostics 2018-08-21 21:38 - 2009-07-13 21:32 - 000000000 ____D C:\Windows\System32\FxsTmp 2018-08-21 21:20 - 2018-07-11 05:33 - 000000136 _____ C:\Windows\System32\SysAidUnlckRstPasswd.ini 2018-08-21 21:20 - 2017-08-09 14:05 - 000000000 ____D C:\Program Files\SysAid 2018-08-20 05:33 - 2017-06-20 04:50 - 000000000 ____D C:\Users\comurwa\Desktop\Edu Sales Report 2018-08-19 23:17 - 2018-06-24 23:10 - 000000000 ____D C:\Users\Ekipkemoi\AppData\Roaming\SQL Developer 2018-08-17 06:30 - 2017-04-12 00:28 - 000000000 ____D C:\Users\comurwa\Documents\My Received Files 2018-08-16 22:41 - 2014-01-20 01:18 - 000000000 ____D C:\Program Files (x86)\InspiroPeople 2018-08-16 04:47 - 2013-03-20 16:03 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-08-16 04:47 - 2013-03-20 16:03 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-08-16 04:47 - 2013-03-20 16:03 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-08-16 04:47 - 2013-03-20 16:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-08-16 04:47 - 2013-03-20 16:03 - 000000000 ____D C:\Windows\System32\Macromed 2018-08-16 03:51 - 2014-01-23 21:39 - 000000000 ____D C:\Users\comurwa\.metadata 2018-08-16 03:26 - 2018-05-27 23:18 - 000018416 _____ C:\Users\comurwa\export.sql 2018-08-15 05:05 - 2018-04-26 05:46 - 000000000 ____D C:\Users\comurwa\AppData\Local\GoToMeeting 2018-08-15 01:36 - 2016-04-04 22:58 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CFFE0799-0A7A-445D-BE9E-1E1523F968A5} 2018-08-14 22:09 - 2016-02-11 06:07 - 000003686 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2246688769-2931975556-4038913859-87740 2018-08-14 22:09 - 2016-02-11 06:07 - 000003590 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2246688769-2931975556-4038913859-87740 2018-08-14 22:09 - 2016-02-11 06:07 - 000000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2246688769-2931975556-4038913859-87740.job 2018-08-14 22:09 - 2016-02-11 06:07 - 000000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2246688769-2931975556-4038913859-87740.job 2018-08-14 20:37 - 2014-01-12 20:38 - 000008240 __RSH C:\Users\comurwa\ntuser.pol 2018-08-13 03:23 - 2017-07-30 22:18 - 000000000 ____D C:\Users\Ekipkemoi\AppData\Local\Google 2018-08-12 22:00 - 2018-06-24 23:08 - 000000000 ____D C:\Users\Ekipkemoi\AppData\Roaming\DameWare Development 2018-08-09 18:44 - 2016-10-28 05:50 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-08-09 18:44 - 2016-10-28 05:50 - 000002145 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2018-08-06 20:32 - 2016-01-25 00:04 - 000000000 ____D C:\Users\comurwa\Desktop\forms 2018-08-05 21:57 - 2018-01-18 00:50 - 000119608 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys 2018-08-05 21:57 - 2018-01-18 00:50 - 000113936 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\immunetprotect.sys 2018-08-05 21:57 - 2018-01-18 00:50 - 000079120 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\immunetselfprotect.sys 2018-08-05 21:57 - 2018-01-18 00:50 - 000071048 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\ImmunetUtilDriver.sys 2018-08-05 21:57 - 2016-02-22 11:27 - 000442848 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\Trufos.sys 2018-08-03 01:20 - 2018-07-05 00:26 - 000019953 _____ C:\Users\comurwa\export.csv 2018-08-01 05:56 - 2014-10-07 03:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-08-01 05:51 - 2013-08-02 05:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-08-01 05:17 - 2016-05-08 23:50 - 000000000 ____D C:\Program Files (x86)\Oracle 2018-07-31 23:09 - 2017-03-14 00:26 - 000000402 _____ C:\Windows\dis51adm.INI 2018-07-31 23:07 - 2014-01-16 21:08 - 000002236 ____H C:\Users\comurwa\Documents\Default.rdp 2018-07-31 21:31 - 2017-02-15 22:26 - 000000000 ____D C:\Users\comurwa\Desktop\word 2018-07-30 23:54 - 2017-02-15 22:27 - 000000000 ____D C:\Users\comurwa\Desktop\notepad 2018-07-30 23:54 - 2017-02-15 22:25 - 000000000 ____D C:\Users\comurwa\Desktop\EXCEL 2018-07-29 21:17 - 2018-07-27 05:06 - 000000000 ____D C:\allshare1 Some files in TEMP: ==================== 2016-07-07 22:50 - 2014-05-27 03:40 - 000121932 _____ () C:\Users\Administrator\AppData\Local\Temp\GLF4ABBGLF4ABB.EXE 2016-07-07 22:49 - 2014-05-27 03:40 - 000121932 _____ () C:\Users\Administrator\AppData\Local\Temp\GLFA394GLFA394.EXE 2017-09-04 12:40 - 2017-09-04 12:40 - 000740416 _____ (Oracle Corporation) C:\Users\Ekipkemoi\AppData\Local\Temp\jre-8u144-windows-au.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2018-02-14 02:09] - [2017-12-31 17:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41 C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2018-05-29 02:05] - [2018-04-22 16:00] - 000512512 _____ (Microsoft Corporation) 4CE2D42E24914EE91BFFCD8D8485A1BB C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 16258.08 MB Available physical RAM: 14609.5 MB Total Virtual: 16256.28 MB Available Virtual: 14620.59 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:455.61 GB) (Free:83.43 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (HP_RECOVERY) (Fixed) (Total:9.96 GB) (Free:1.09 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32 Drive h: (Transcend) (Fixed) (Total:1863.01 GB) (Free:1335.89 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4A27EC9C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=455.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=101 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A57421C9) Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS) LastRegBack: 2018-08-25 13:43 ==================== End of FRST.txt ============================