• 0
king6cee

Computer could not load windows login screen

Question

My computer couldn't load the login screen for 2 days now. i came across an article on Farbar Recovery Scan Tool and tried it. Below is the log which I seem not to be able to analyse. Any assistance will be much appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by SYSTEM on MININT-TAL2BRV (28-08-2018 18:08:23)
Running from h:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [298368 2011-09-06] (DameWare Development)
HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14336 2010-01-14] (IBM Corporation)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Cisco\AMP\6.1.7\iptray.exe [4055232 2018-08-05] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3237808 2018-01-09] (Dominik Reichl)
HKLM Group Policy restriction on software: S:\ <==== ATTENTION
HKLM Group Policy restriction on software: Z:\ <==== ATTENTION
HKLM Group Policy restriction on software: N:\ <==== ATTENTION
HKLM Group Policy restriction on software: W:\ <==== ATTENTION
HKLM Group Policy restriction on software: I:\ <==== ATTENTION
HKLM Group Policy restriction on software: H:\ <==== ATTENTION
HKLM Group Policy restriction on software: G:\ <==== ATTENTION
HKLM Group Policy restriction on software: V:\ <==== ATTENTION
HKLM Group Policy restriction on software: Q:\ <==== ATTENTION
HKLM Group Policy restriction on software: P:\ <==== ATTENTION
HKLM Group Policy restriction on software: M:\ <==== ATTENTION
HKLM Group Policy restriction on software: R:\ <==== ATTENTION
HKLM Group Policy restriction on software: K:\ <==== ATTENTION
HKLM Group Policy restriction on software: X:\ <==== ATTENTION
HKLM Group Policy restriction on software: E:\ <==== ATTENTION
HKLM Group Policy restriction on software: L:\ <==== ATTENTION
HKLM Group Policy restriction on software: O:\ <==== ATTENTION
HKLM Group Policy restriction on software: U:\ <==== ATTENTION
HKLM Group Policy restriction on software: T:\ <==== ATTENTION
HKLM Group Policy restriction on software: F:\ <==== ATTENTION
HKLM Group Policy restriction on software: J:\ <==== ATTENTION
HKLM Group Policy restriction on software: Y:\ <==== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\888\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\Administrator\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\comurwa\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\comurwa\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23810128 2018-08-19] (Microsoft Corporation)
HKU\comurwa\...\Policies\system: [NoDispAppearancePage] 1
HKU\comurwa\...\Policies\system: [NoDispBackgroundPage] 1
HKU\comurwa\...\Policies\system: [NoDispScrSavPage] 1
HKU\comurwa\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\comurwa\...\Policies\system: [WallpaperStyle] 2
HKU\comurwa\...\Policies\system: [RunLogonScriptSync] 1
HKU\comurwa\...\Policies\Explorer: [NoThemesTab] 1
HKU\comurwa\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\Dnthuka\...\Policies\system: [NoDispAppearancePage] 1
HKU\Dnthuka\...\Policies\system: [NoDispBackgroundPage] 1
HKU\Dnthuka\...\Policies\system: [NoDispScrSavPage] 1
HKU\Dnthuka\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\Dnthuka\...\Policies\system: [WallpaperStyle] 2
HKU\Dnthuka\...\Policies\system: [RunLogonScriptSync] 1
HKU\Dnthuka\...\Policies\Explorer: [NoThemesTab] 1
HKU\Dnthuka\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\EKamau\...\Policies\system: [NoDispScrSavPage] 1
HKU\EKamau\...\Policies\system: [NoDispAppearancePage] 1
HKU\EKamau\...\Policies\system: [NoDispBackgroundPage] 1
HKU\EKamau\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\EKamau\...\Policies\system: [WallpaperStyle] 2
HKU\EKamau\...\Policies\system: [RunLogonScriptSync] 1
HKU\EKamau\...\Policies\Explorer: [NoThemesTab] 1
HKU\EKamau\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\ekasivu\...\Policies\system: [NoDispAppearancePage] 1
HKU\ekasivu\...\Policies\system: [NoDispBackgroundPage] 1
HKU\ekasivu\...\Policies\system: [NoDispScrSavPage] 1
HKU\ekasivu\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\ekasivu\...\Policies\system: [WallpaperStyle] 2
HKU\ekasivu\...\Policies\system: [RunLogonScriptSync] 1
HKU\ekasivu\...\Policies\Explorer: [NoThemesTab] 1
HKU\ekasivu\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\Ekipkemoi\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [24370360 2018-04-10] (Microsoft Corporation)
HKU\Ekipkemoi\...\Policies\system: [NoDispAppearancePage] 1
HKU\Ekipkemoi\...\Policies\system: [NoDispBackgroundPage] 1
HKU\Ekipkemoi\...\Policies\system: [NoDispScrSavPage] 1
HKU\Ekipkemoi\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\Ekipkemoi\...\Policies\system: [WallpaperStyle] 2
HKU\Ekipkemoi\...\Policies\system: [RunLogonScriptSync] 1
HKU\Ekipkemoi\...\Policies\Explorer: [NoThemesTab] 1
HKU\Ekipkemoi\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\EWangai\...\Policies\system: [NoDispAppearancePage] 1
HKU\EWangai\...\Policies\system: [NoDispBackgroundPage] 1
HKU\EWangai\...\Policies\system: [NoDispScrSavPage] 1
HKU\EWangai\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\EWangai\...\Policies\system: [WallpaperStyle] 2
HKU\EWangai\...\Policies\system: [RunLogonScriptSync] 1
HKU\EWangai\...\Policies\Explorer: [NoThemesTab] 1
HKU\EWangai\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\FKungu\...\Policies\system: [NoDispScrSavPage] 1
HKU\FKungu\...\Policies\system: [NoDispAppearancePage] 1
HKU\FKungu\...\Policies\system: [NoDispBackgroundPage] 1
HKU\FKungu\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\FKungu\...\Policies\system: [WallpaperStyle] 2
HKU\FKungu\...\Policies\system: [RunLogonScriptSync] 1
HKU\FKungu\...\Policies\Explorer: [NoThemesTab] 1
HKU\FKungu\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\je_miranda\...\Policies\system: [NoDispScrSavPage] 1
HKU\je_miranda\...\Policies\system: [NoDispAppearancePage] 1
HKU\je_miranda\...\Policies\system: [NoDispBackgroundPage] 1
HKU\je_miranda\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\je_miranda\...\Policies\system: [WallpaperStyle] 2
HKU\je_miranda\...\Policies\system: [RunLogonScriptSync] 1
HKU\je_miranda\...\Policies\Explorer: [NoThemesTab] 1
HKU\je_miranda\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\jkibui\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [24370360 2018-04-10] (Microsoft Corporation)
HKU\jkibui\...\Policies\system: [NoDispAppearancePage] 1
HKU\jkibui\...\Policies\system: [NoDispBackgroundPage] 1
HKU\jkibui\...\Policies\system: [NoDispScrSavPage] 1
HKU\jkibui\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\jkibui\...\Policies\system: [WallpaperStyle] 2
HKU\jkibui\...\Policies\system: [RunLogonScriptSync] 1
HKU\jkibui\...\Policies\Explorer: [NoThemesTab] 1
HKU\jkibui\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\jmwende\...\Policies\system: [NoDispAppearancePage] 1
HKU\jmwende\...\Policies\system: [NoDispBackgroundPage] 1
HKU\jmwende\...\Policies\system: [NoDispScrSavPage] 1
HKU\jmwende\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\jmwende\...\Policies\system: [WallpaperStyle] 2
HKU\jmwende\...\Policies\system: [RunLogonScriptSync] 1
HKU\jmwende\...\Policies\Explorer: [NoThemesTab] 1
HKU\jmwende\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\jwambugu\...\Policies\system: [NoDispAppearancePage] 1
HKU\jwambugu\...\Policies\system: [NoDispBackgroundPage] 1
HKU\jwambugu\...\Policies\system: [NoDispScrSavPage] 1
HKU\jwambugu\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\jwambugu\...\Policies\system: [WallpaperStyle] 2
HKU\jwambugu\...\Policies\system: [RunLogonScriptSync] 1
HKU\jwambugu\...\Policies\Explorer: [NoThemesTab] 1
HKU\jwambugu\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\mndirangu\...\Policies\system: [NoDispAppearancePage] 1
HKU\mndirangu\...\Policies\system: [NoDispBackgroundPage] 1
HKU\mndirangu\...\Policies\system: [NoDispScrSavPage] 1
HKU\mndirangu\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\mndirangu\...\Policies\system: [WallpaperStyle] 2
HKU\mndirangu\...\Policies\system: [RunLogonScriptSync] 1
HKU\mndirangu\...\Policies\Explorer: [NoThemesTab] 1
HKU\mndirangu\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\mrono\...\Policies\system: [NoDispScrSavPage] 1
HKU\mrono\...\Policies\system: [NoDispAppearancePage] 1
HKU\mrono\...\Policies\system: [NoDispBackgroundPage] 1
HKU\mrono\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\mrono\...\Policies\system: [WallpaperStyle] 2
HKU\mrono\...\Policies\system: [RunLogonScriptSync] 1
HKU\mrono\...\Policies\Explorer: [NoThemesTab] 1
HKU\mrono\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\qpulse\...\Policies\system: [NoDispAppearancePage] 1
HKU\qpulse\...\Policies\system: [NoDispBackgroundPage] 1
HKU\qpulse\...\Policies\system: [NoDispScrSavPage] 1
HKU\qpulse\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\qpulse\...\Policies\system: [WallpaperStyle] 2
HKU\qpulse\...\Policies\system: [RunLogonScriptSync] 1
HKU\qpulse\...\Policies\Explorer: [NoThemesTab] 1
HKU\qpulse\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\Snamisi\...\Policies\system: [NoDispScrSavPage] 1
HKU\Snamisi\...\Policies\system: [NoDispAppearancePage] 1
HKU\Snamisi\...\Policies\system: [NoDispBackgroundPage] 1
HKU\Snamisi\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\Snamisi\...\Policies\system: [WallpaperStyle] 2
HKU\Snamisi\...\Policies\system: [RunLogonScriptSync] 1
HKU\Snamisi\...\Policies\Explorer: [NoThemesTab] 1
HKU\Snamisi\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\TEMP\...\Policies\system: [NoDispScrSavPage] 1
HKU\TEMP\...\Policies\system: [NoDispAppearancePage] 1
HKU\TEMP\...\Policies\system: [NoDispBackgroundPage] 1
HKU\TEMP\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\TEMP\...\Policies\system: [WallpaperStyle] 2
HKU\TEMP\...\Policies\system: [RunLogonScriptSync] 1
HKU\TEMP\...\Policies\Explorer: [NoThemesTab] 1
HKU\TEMP\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\TEMP.FRESHDELMONTE\...\Policies\system: [NoDispAppearancePage] 1
HKU\TEMP.FRESHDELMONTE\...\Policies\system: [NoDispBackgroundPage] 1
HKU\TEMP.FRESHDELMONTE\...\Policies\system: [NoDispScrSavPage] 1
HKU\TEMP.FRESHDELMONTE\...\Policies\system: [Wallpaper] %systemroot%\system32\UKWallpaper.bmp
HKU\TEMP.FRESHDELMONTE\...\Policies\system: [WallpaperStyle] 2
HKU\TEMP.FRESHDELMONTE\...\Policies\system: [RunLogonScriptSync] 1
HKU\TEMP.FRESHDELMONTE\...\Policies\Explorer: [NoThemesTab] 1
HKU\TEMP.FRESHDELMONTE\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKU\WNeri\...\Policies\system: [NoDispScrSavPage] 1
HKU\WNeri\...\Policies\system: [RunLogonScriptSync] 1
Startup: C:\Users\comurwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-03-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\comurwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2018-03-20]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BMFMySQL_X64; C:\ProgramData\Quest Software\BMF\Repository\MySQL\bin_comm\mysqld.exe [9619456 2010-12-03] ()
S2 CiscoAMP_6.1.7; C:\Program Files\Cisco\AMP\6.1.7\sfc.exe [1385920 2018-08-05] (Cisco Systems, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853984 2018-08-09] (Microsoft Corporation)
S3 Cwbrxd; C:\Windows\cwbrxd.exe [94208 2010-01-14] (IBM Corporation)
S2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [701312 2011-09-06] (DameWare Development LLC)
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [5683712 2011-10-02] (Firebird Project)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220856 2014-08-22] (Microsoft Corporation)
S2 MSSQL$DMKL; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DMKL\MSSQL\Binn\sqlservr.exe [62277296 2014-08-22] (Microsoft Corporation)
S2 MSSQL$EXPRESS2012; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.EXPRESS2012\MSSQL\Binn\sqlservr.exe [162496 2014-05-15] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28768528 2005-10-13] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS2012; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS2012\MSSQL\Binn\sqlservr.exe [191064 2012-02-10] (Microsoft Corporation)
S3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [42168 2014-08-22] (Microsoft Corporation)
S3 MSSQLFDLauncher$DMKL; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DMKL\MSSQL\Binn\fdlauncher.exe [42168 2014-08-22] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62277296 2014-08-22] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4476096 2005-09-22] (Microsoft Corporation)
S2 OracleDBConsoleorcl; C:\app\COmurwa\product\11.1.0\db_1\bin\nmesrvc.exe [25600 2007-09-12] (Oracle Corporation)
S4 OracleJobSchedulerORCL; c:\app\comurwa\product\11.1.0\db_1\Bin\extjob.exe [102400 2007-10-03] ()
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] ()
S2 OracleMTSRecoveryService; c:\oracle\bin\omtsreco.exe [81408 2013-09-16] (Oracle Corporation)
S2 OracleOraClient12Home1MTSRecoveryService; C:\app\client\COmurwa\product\12.2.0\client_1\bin\omtsreco.exe [72704 2017-03-13] (Oracle Corporation)
S2 OracleOraDb11g_home1TNSListener; C:\app\COmurwa\product\11.1.0\db_1\BIN\TNSLSNR.exe [471040 2007-09-07] ()
S2 OracleServiceORCL; c:\app\comurwa\product\11.1.0\db_1\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation)
S2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-29] (Oracle Corporation)
S2 OracleVssWriterORCL; C:\app\COmurwa\product\11.1.0\db_1\bin\OraVSSW.exe [163840 2007-10-03] ()
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation)
S2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-18] (PDF Complete Inc)
S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2195120 2014-08-22] (Microsoft Corporation)
S2 ReportServer$DMKL; C:\Program Files\Microsoft SQL Server\MSRS10_50.DMKL\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2195120 2014-08-22] (Microsoft Corporation)
S2 rpm; C:\Program Files\Brooks Internet Software\RPM\rpmsrv.exe [6479680 2013-10-02] (Brooks Internet Software, Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S2 Safaricom Broadband. RunOuc; C:\Program Files (x86)\Safaricom Broadband\UpdateDog\ouc.exe [656976 2013-05-21] ()
S3 scan; C:\Program Files\Cisco\AMP\tetra\scan.dll [652568 2018-08-05] (Bitdefender)
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2263504 2016-04-19] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920016 2016-04-19] (LULU SOFTWARE LIMITED)
S2 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733136 2016-04-19] (LULU SOFTWARE LIMITED)
S2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [887800 2016-05-18] (LULU Software Limited)
S3 SQLAgent$DMKL; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DMKL\MSSQL\Binn\SQLAGENT.EXE [443576 2014-08-22] (Microsoft Corporation)
S4 SQLAgent$EXPRESS2012; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.EXPRESS2012\MSSQL\Binn\SQLAGENT.EXE [448704 2014-05-15] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS2012; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS2012\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-10] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [443576 2014-08-22] (Microsoft Corporation)
S2 SysAidAgent; C:\Program Files\SysAid\SysAidSM.exe [22952 2018-07-11] (SysAid Technology Ltd.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare)
S2 MSOLAP$DMKL; "C:\Program Files\Microsoft SQL Server\MSAS10_50.DMKL\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.DMKL\OLAP\Config"
S2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 CiscoAMPCEFWDriver; C:\Windows\System32\Drivers\CiscoAMPCEFWDriver.sys [56592 2018-08-05] (Cisco Systems, Inc.)
S1 CiscoAMPHeurDriver; C:\Windows\System32\Drivers\CiscoAMPHeurDriver.sys [83208 2018-08-05] (Cisco Systems, Inc.)
S3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
S1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [348944 2011-06-15] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [70928 2011-06-15] (Intel(R) Corporation)
S2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [119608 2018-08-05] (Cisco Systems, Inc.)
S1 ImmunetProtectDriver; C:\Windows\System32\Drivers\immunetprotect.sys [113936 2018-08-05] (Cisco Systems, Inc.)
S1 ImmunetSelfProtectDriver; C:\Windows\System32\Drivers\immunetselfprotect.sys [79120 2018-08-05] (Cisco Systems, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-08-22] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-10] (Microsoft Corporation)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-16] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc.)
S3 Trufos; C:\Windows\System32\Drivers\trufos.sys [442848 2018-08-05] (BitDefender S.R.L.)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-15] (MBB)
S3 ZTEMBBMSD; C:\Windows\System32\Drivers\ZTEMBBMSD.sys [19968 2014-10-06] (ZTE Corporation)
S3 ZTEusbMB; C:\Windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123136 2014-10-06] (ZTE Incorporated)
S3 ZTEusbnmeaext; C:\Windows\System32\DRIVERS\ZTEusbnmeaext.sys [123136 2014-10-06] (ZTE Incorporated)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [238080 2013-09-12] (ZTE Incorporated)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-28 17:54 - 2018-08-28 18:08 - 000000000 ____D C:\FRST
2018-08-28 06:15 - 2018-08-28 06:15 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_17_15_11.dmp
2018-08-28 05:06 - 2018-08-28 05:06 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_16_6_53.dmp
2018-08-28 03:36 - 2018-08-28 03:36 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_14_36_44.dmp
2018-08-27 23:50 - 2018-08-27 23:50 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_10_50_49.dmp
2018-08-27 23:45 - 2018-08-27 23:45 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_10_45_44.dmp
2018-08-27 23:03 - 2018-08-27 23:03 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_10_3_30.dmp
2018-08-27 22:50 - 2018-08-27 22:50 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_9_50_22.dmp
2018-08-27 21:28 - 2018-08-27 21:28 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_8_28_35.dmp
2018-08-27 21:10 - 2018-08-27 21:10 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_8_10_54.dmp
2018-08-27 20:46 - 2018-08-27 20:46 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_28_7_46_9.dmp
2018-08-27 11:37 - 2018-08-27 11:37 - 000000000 __SHD C:\found.007
2018-08-27 05:11 - 2018-08-27 05:11 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_16_11_54.dmp
2018-08-27 05:08 - 2018-08-28 06:11 - 001354706 _____ C:\Windows\ntbtlog.txt
2018-08-27 05:03 - 2018-08-27 05:03 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_16_3_56.dmp
2018-08-27 04:54 - 2018-08-27 04:54 - 000019228 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_15_54_37.dmp
2018-08-26 23:53 - 2018-08-26 23:53 - 000023007 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_10_53_12.dmp
2018-08-26 23:37 - 2018-08-26 23:37 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_27_10_37_14.dmp
2018-08-26 23:25 - 2018-08-26 23:25 - 000000874 _____ C:\Users\Public\Desktop\PartitionGuru.lnk
2018-08-26 23:25 - 2018-08-26 23:25 - 000000874 _____ C:\ProgramData\Desktop\PartitionGuru.lnk
2018-08-26 23:25 - 2018-08-26 23:25 - 000000000 ____D C:\Program Files\PartitionGuru
2018-08-26 23:23 - 2018-08-26 23:23 - 048117648 _____ (Eassos Co., Ltd. ) C:\Users\comurwa\Downloads\PGSetup495508.exe
2018-08-26 23:03 - 2018-08-26 23:03 - 003082867 _____ C:\Users\comurwa\Desktop\DATA CLEANING employees.xlsx
2018-08-26 23:01 - 2018-08-26 23:01 - 000570586 _____ (Authorsoft Corporation ) C:\Users\comurwa\Downloads\USBFormatToolSetup.exe
2018-08-26 23:01 - 2018-08-26 23:01 - 000000979 _____ C:\Users\comurwa\Desktop\USB Disk Storage Format Tool.lnk
2018-08-26 23:01 - 2018-08-26 23:01 - 000000063 _____ C:\Users\comurwa\Desktop\Create Bootable USB.url
2018-08-26 23:01 - 2018-08-26 23:01 - 000000000 ____D C:\Program Files\USB Disk Storage Format Tool
2018-08-26 22:50 - 2018-08-26 22:50 - 006361858 _____ C:\Users\comurwa\Downloads\OnLineRecovery_JF620_v9.0.0.28.exe
2018-08-26 22:46 - 2018-08-26 22:46 - 000245268 _____ C:\Users\comurwa\Downloads\kingston_format_utility (1).exe
2018-08-26 22:41 - 2018-08-26 22:41 - 000001247 _____ C:\Users\comurwa\Desktop\BitRecover Pen Drive Recovery Wizard.lnk
2018-08-26 22:41 - 2018-08-26 22:41 - 000000000 ____D C:\Windows\BitRecover
2018-08-26 22:41 - 2018-08-26 22:41 - 000000000 ____D C:\Program Files (x86)\BitRecover
2018-08-26 22:40 - 2018-08-26 22:40 - 002304536 _____ (PerfectData Software ) C:\Users\comurwa\Downloads\bitrecover-pen-drive-recovery-wizard.exe
2018-08-26 22:26 - 2018-08-26 22:26 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-08-26 21:49 - 2018-08-26 21:49 - 000001303 _____ C:\Users\Public\Desktop\EaseUS Partition Master 12.10.lnk
2018-08-26 21:49 - 2018-08-26 21:49 - 000001303 _____ C:\ProgramData\Desktop\EaseUS Partition Master 12.10.lnk
2018-08-26 21:49 - 2018-08-01 02:56 - 005245072 _____ C:\Windows\System32\BootMan.exe
2018-08-26 21:49 - 2018-08-01 02:56 - 003549328 _____ C:\Windows\SysWOW64\BootMan.exe
2018-08-26 21:49 - 2018-07-19 22:07 - 000021448 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\System32\EPMVolFlt.sys
2018-08-26 21:49 - 2018-07-19 22:07 - 000021448 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\System32\Drivers\EPMVolFlt.sys
2018-08-26 21:49 - 2018-04-28 00:04 - 000132240 _____ C:\Windows\System32\setupempdrvx64.exe
2018-08-26 21:49 - 2018-01-16 13:00 - 000025032 _____ C:\Windows\System32\epmntdrv.sys
2018-08-26 21:49 - 2016-07-10 23:01 - 000010848 _____ C:\Windows\System32\EuGdiDrv.sys
2018-08-26 21:49 - 2014-11-18 03:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2018-08-26 21:49 - 2014-11-18 03:46 - 000017504 _____ C:\Windows\System32\EuEpmGdi.dll
2018-08-26 21:48 - 2018-08-26 21:48 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-08-26 21:39 - 2018-08-26 21:47 - 040399544 _____ (EaseUS ) C:\Users\comurwa\Downloads\epm_trial.exe
2018-08-26 21:31 - 2018-08-26 21:31 - 000245268 _____ C:\Users\comurwa\Downloads\kingston_format_utility.exe
2018-08-24 04:10 - 2018-08-24 04:10 - 000050238 _____ C:\Users\comurwa\Downloads\pdf2doc.zip
2018-08-24 04:07 - 2018-08-24 04:07 - 000064412 _____ C:\Users\comurwa\Desktop\DOSH_21A _Revised 2014_ Workplace_Registration_form.pdf
2018-08-23 23:39 - 2018-08-23 23:41 - 171880448 _____ C:\Users\comurwa\Downloads\PBIDesktopRS_x64.msi
2018-08-16 23:19 - 2018-08-16 23:30 - 000000600 _____ C:\Users\comurwa\AppData\Roaming\winscp.rnd
2018-08-16 23:13 - 2018-08-16 23:13 - 000001027 _____ C:\Users\Public\Desktop\WinSCP.lnk
2018-08-16 23:13 - 2018-08-16 23:13 - 000001027 _____ C:\ProgramData\Desktop\WinSCP.lnk
2018-08-16 23:13 - 2018-08-16 23:13 - 000000000 ____D C:\Program Files (x86)\WinSCP
2018-08-16 21:17 - 2018-08-17 04:23 - 000256377 _____ C:\Users\comurwa\Desktop\ITGC_2018_DM Agreements List with SLA.xlsx
2018-08-16 04:47 - 2018-08-16 04:47 - 005752320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2018-08-16 03:59 - 2018-08-16 03:59 - 000023268 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_16_14_59_13.dmp
2018-08-16 03:29 - 2018-08-16 03:29 - 000001329 _____ C:\Users\comurwa\export5.sql
2018-08-16 03:28 - 2018-08-16 03:28 - 000006128 _____ C:\Users\comurwa\export4.sql
2018-08-16 03:27 - 2018-08-16 03:27 - 000006535 _____ C:\Users\comurwa\export1.sql
2018-08-16 03:27 - 2018-08-16 03:27 - 000005434 _____ C:\Users\comurwa\export2.sql
2018-08-14 23:06 - 2018-08-14 23:06 - 009267914 _____ C:\Users\comurwa\Desktop\Grwdef- 2018 May fcst3.xlsx
2018-08-13 03:40 - 2018-08-13 03:43 - 007573444 _____ C:\Users\Ekipkemoi\Desktop\Sales_13.08.2018.01.csv
2018-08-13 03:30 - 2018-08-13 03:45 - 007661268 _____ C:\Users\Ekipkemoi\Desktop\Sales_13.08.2018.csv
2018-08-10 01:08 - 2018-08-10 01:08 - 000117248 _____ C:\Users\comurwa\Desktop\project acc query.msg
2018-08-09 04:33 - 2018-08-09 04:33 - 000000154 _____ C:\Users\comurwa\Desktop\issue.txt
2018-08-09 04:21 - 2018-08-09 04:21 - 009351168 _____ C:\Users\comurwa\Desktop\wm servers.msg
2018-08-07 20:26 - 2018-08-07 20:26 - 000000273 _____ C:\Users\comurwa\Downloads\2018_Healing_Pray_More_Retreat.vcf
2018-08-07 05:06 - 2018-08-07 05:06 - 000143872 _____ C:\Users\comurwa\Desktop\DDMO4i Passwords - Discoverer.msg
2018-08-06 20:41 - 2018-08-07 20:27 - 000000000 ____D C:\Users\comurwa\Desktop\prayer
2018-08-06 01:25 - 2018-08-06 01:25 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_6_12_25_45.dmp
2018-08-06 01:23 - 2018-08-06 01:23 - 004194431 _____ C:\Users\comurwa\Downloads\open-source-billing-master.zip
2018-08-06 01:21 - 2018-08-06 01:21 - 000086443 _____ C:\Users\comurwa\Downloads\simplewbs.zip
2018-08-05 21:57 - 2018-08-05 21:57 - 000083208 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\CiscoAMPHeurDriver.sys
2018-08-05 21:57 - 2018-08-05 21:57 - 000056592 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\CiscoAMPCEFWDriver.sys
2018-08-03 05:59 - 2018-08-03 05:59 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_3_16_59_14.dmp
2018-08-03 03:11 - 2018-08-03 03:11 - 002780622 _____ C:\Users\comurwa\Downloads\Free-Weighbridge-Software.7z
2018-08-03 01:22 - 2018-08-03 01:22 - 000012599 _____ C:\Users\comurwa\export.xlsx
2018-08-02 00:56 - 2018-08-02 00:56 - 000077824 _____ C:\s95s
2018-08-01 05:19 - 2001-09-17 08:55 - 001355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVBVM50.DLL
2018-08-01 05:19 - 2001-09-17 08:55 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OC30.DLL
2018-08-01 05:19 - 2001-09-17 08:55 - 000536048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OC25.DLL
2018-08-01 05:19 - 2001-09-17 08:54 - 001015568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJT3032.DLL
2018-08-01 05:19 - 2001-09-17 08:54 - 000279098 _____ C:\Windows\SysWOW64\VB5.OLB
2018-08-01 05:19 - 2001-09-17 08:54 - 000254464 _____ C:\Windows\SysWOW64\MSVCRT2X.DLL
2018-08-01 05:19 - 2001-09-17 08:54 - 000145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5EXT.OLB
2018-08-01 05:19 - 2001-09-17 08:54 - 000094720 _____ C:\Windows\SysWOW64\SH30W32.DLL
2018-08-01 05:19 - 2001-09-17 08:54 - 000080624 _____ C:\Windows\SysWOW64\SH31W32.DLL
2018-08-01 05:19 - 2001-09-17 08:54 - 000059504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBDB32.DLL
2018-08-01 05:19 - 2001-09-17 08:53 - 000322832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC30.DLL
2018-08-01 05:19 - 2001-09-17 08:53 - 000133904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCANS32.DLL
2018-08-01 05:19 - 2001-09-17 08:53 - 000026832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CTL3DV2.DLL
2018-08-01 05:01 - 2018-08-01 05:40 - 000000000 ____D C:\DevSuiteHome_2
2018-08-01 05:00 - 2018-08-01 05:00 - 000003030 _____ C:\Windows\System32\Tasks\{BCA58D64-F021-4F0E-9562-81C5D186A4D8}
2018-08-01 04:55 - 2018-08-01 04:57 - 000000000 ____D C:\DevSuiteHome_1
2018-08-01 04:51 - 2018-08-01 04:51 - 000003030 _____ C:\Windows\System32\Tasks\{A842BB26-E70B-4C4B-8867-0B465ABADF3B}
2018-08-01 04:51 - 2018-08-01 04:51 - 000003030 _____ C:\Windows\System32\Tasks\{3A6A8A30-AEBD-4557-B379-544AB8932B08}
2018-08-01 04:51 - 2018-08-01 04:51 - 000003030 _____ C:\Windows\System32\Tasks\{10D56189-5CB6-446F-8224-D2C8ABE25700}
2018-08-01 04:43 - 2018-08-01 04:43 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_1_15_43_7.dmp
2018-08-01 04:40 - 2018-08-01 04:40 - 000003030 _____ C:\Windows\System32\Tasks\{DFE45A02-6368-45D7-8F9F-E840DBEC603C}
2018-08-01 04:26 - 2018-08-01 04:26 - 000000000 _____ C:\Windows\SysWOW64\nmesrvc_core_2018_8_1_15_26_52.dmp
2018-08-01 04:22 - 2018-08-01 04:22 - 000003030 _____ C:\Windows\System32\Tasks\{151ED357-8539-4935-8BC3-717F39833D6A}
2018-08-01 03:58 - 2018-08-01 03:59 - 000000000 ____D C:\Users\comurwa\Desktop\OracleDev10g
2018-08-01 03:47 - 2018-08-01 03:47 - 000003034 _____ C:\Windows\System32\Tasks\{92524B71-5A0E-4735-8B0D-3D43A48AE2DD}
2018-07-29 21:01 - 2018-08-26 21:32 - 000000000 ____D C:\allshare

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-28 06:16 - 2013-03-20 16:03 - 000000000 ____D C:\ProgramData\PDFC
2018-08-27 00:20 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-27 00:10 - 2018-03-20 21:41 - 000000000 ____D C:\Users\comurwa\AppData\Roaming\stickies
2018-08-27 00:09 - 2013-08-02 06:38 - 000000272 _____ C:\Windows\System32\config\netlogon.ftl
2018-08-27 00:09 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\inetsrv
2018-08-26 23:53 - 2009-07-13 20:45 - 000016768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-26 23:53 - 2009-07-13 20:45 - 000016768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-26 23:43 - 2014-02-28 04:24 - 000000000 ____D C:\ProgramData\firebird
2018-08-26 23:37 - 2014-01-12 20:36 - 000000000 ____D C:\users\comurwa
2018-08-26 23:34 - 2015-06-02 00:10 - 000000000 ____D C:\TEMP
2018-08-26 23:18 - 2014-11-19 22:13 - 000000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2246688769-2931975556-4038913859-103902UA.job
2018-08-26 22:26 - 2014-01-19 20:42 - 000000000 ____D C:\Users\comurwa\Documents\Outlook Files
2018-08-26 21:30 - 2015-09-09 04:41 - 000000000 ____D C:\Users\comurwa\.VirtualBox
2018-08-26 20:55 - 2009-07-13 21:13 - 001410898 _____ C:\Windows\System32\PerfStringBackup.INI
2018-08-26 20:55 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-08-24 06:27 - 2017-06-05 05:19 - 000000000 ____D C:\Users\comurwa\AppData\Roaming\Zoom
2018-08-24 00:55 - 2018-05-18 06:53 - 000000000 ____D C:\Users\comurwa\AppData\Local\Power BI Desktop SSRS
2018-08-23 23:07 - 2018-05-18 07:33 - 000000000 ____D C:\Users\comurwa\Desktop\BI
2018-08-23 22:18 - 2014-11-19 22:13 - 000000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2246688769-2931975556-4038913859-103902Core.job
2018-08-23 21:42 - 2018-06-12 21:29 - 000000000 ____D C:\Users\comurwa\AppData\Roaming\DameWare Development
2018-08-22 20:15 - 2016-08-04 06:07 - 000000000 ____D C:\Users\comurwa\AppData\Roaming\SQL Developer
2018-08-22 00:49 - 2014-03-03 19:57 - 000000000 ____D C:\Users\comurwa\AppData\Local\ElevatedDiagnostics
2018-08-21 21:38 - 2009-07-13 21:32 - 000000000 ____D C:\Windows\System32\FxsTmp
2018-08-21 21:20 - 2018-07-11 05:33 - 000000136 _____ C:\Windows\System32\SysAidUnlckRstPasswd.ini
2018-08-21 21:20 - 2017-08-09 14:05 - 000000000 ____D C:\Program Files\SysAid
2018-08-20 05:33 - 2017-06-20 04:50 - 000000000 ____D C:\Users\comurwa\Desktop\Edu Sales Report
2018-08-19 23:17 - 2018-06-24 23:10 - 000000000 ____D C:\Users\Ekipkemoi\AppData\Roaming\SQL Developer
2018-08-17 06:30 - 2017-04-12 00:28 - 000000000 ____D C:\Users\comurwa\Documents\My Received Files
2018-08-16 22:41 - 2014-01-20 01:18 - 000000000 ____D C:\Program Files (x86)\InspiroPeople
2018-08-16 04:47 - 2013-03-20 16:03 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-08-16 04:47 - 2013-03-20 16:03 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-16 04:47 - 2013-03-20 16:03 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-08-16 04:47 - 2013-03-20 16:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-08-16 04:47 - 2013-03-20 16:03 - 000000000 ____D C:\Windows\System32\Macromed
2018-08-16 03:51 - 2014-01-23 21:39 - 000000000 ____D C:\Users\comurwa\.metadata
2018-08-16 03:26 - 2018-05-27 23:18 - 000018416 _____ C:\Users\comurwa\export.sql
2018-08-15 05:05 - 2018-04-26 05:46 - 000000000 ____D C:\Users\comurwa\AppData\Local\GoToMeeting
2018-08-15 01:36 - 2016-04-04 22:58 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CFFE0799-0A7A-445D-BE9E-1E1523F968A5}
2018-08-14 22:09 - 2016-02-11 06:07 - 000003686 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2246688769-2931975556-4038913859-87740
2018-08-14 22:09 - 2016-02-11 06:07 - 000003590 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2246688769-2931975556-4038913859-87740
2018-08-14 22:09 - 2016-02-11 06:07 - 000000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2246688769-2931975556-4038913859-87740.job
2018-08-14 22:09 - 2016-02-11 06:07 - 000000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2246688769-2931975556-4038913859-87740.job
2018-08-14 20:37 - 2014-01-12 20:38 - 000008240 __RSH C:\Users\comurwa\ntuser.pol
2018-08-13 03:23 - 2017-07-30 22:18 - 000000000 ____D C:\Users\Ekipkemoi\AppData\Local\Google
2018-08-12 22:00 - 2018-06-24 23:08 - 000000000 ____D C:\Users\Ekipkemoi\AppData\Roaming\DameWare Development
2018-08-09 18:44 - 2016-10-28 05:50 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-09 18:44 - 2016-10-28 05:50 - 000002145 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-08-06 20:32 - 2016-01-25 00:04 - 000000000 ____D C:\Users\comurwa\Desktop\forms
2018-08-05 21:57 - 2018-01-18 00:50 - 000119608 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys
2018-08-05 21:57 - 2018-01-18 00:50 - 000113936 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\immunetprotect.sys
2018-08-05 21:57 - 2018-01-18 00:50 - 000079120 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\immunetselfprotect.sys
2018-08-05 21:57 - 2018-01-18 00:50 - 000071048 _____ (Cisco Systems, Inc.) C:\Windows\System32\Drivers\ImmunetUtilDriver.sys
2018-08-05 21:57 - 2016-02-22 11:27 - 000442848 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\Trufos.sys
2018-08-03 01:20 - 2018-07-05 00:26 - 000019953 _____ C:\Users\comurwa\export.csv
2018-08-01 05:56 - 2014-10-07 03:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-01 05:51 - 2013-08-02 05:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-01 05:17 - 2016-05-08 23:50 - 000000000 ____D C:\Program Files (x86)\Oracle
2018-07-31 23:09 - 2017-03-14 00:26 - 000000402 _____ C:\Windows\dis51adm.INI
2018-07-31 23:07 - 2014-01-16 21:08 - 000002236 ____H C:\Users\comurwa\Documents\Default.rdp
2018-07-31 21:31 - 2017-02-15 22:26 - 000000000 ____D C:\Users\comurwa\Desktop\word
2018-07-30 23:54 - 2017-02-15 22:27 - 000000000 ____D C:\Users\comurwa\Desktop\notepad
2018-07-30 23:54 - 2017-02-15 22:25 - 000000000 ____D C:\Users\comurwa\Desktop\EXCEL
2018-07-29 21:17 - 2018-07-27 05:06 - 000000000 ____D C:\allshare1

Some files in TEMP:
====================
2016-07-07 22:50 - 2014-05-27 03:40 - 000121932 _____ () C:\Users\Administrator\AppData\Local\Temp\GLF4ABBGLF4ABB.EXE
2016-07-07 22:49 - 2014-05-27 03:40 - 000121932 _____ () C:\Users\Administrator\AppData\Local\Temp\GLFA394GLFA394.EXE
2017-09-04 12:40 - 2017-09-04 12:40 - 000740416 _____ (Oracle Corporation) C:\Users\Ekipkemoi\AppData\Local\Temp\jre-8u144-windows-au.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2018-02-14 02:09] - [2017-12-31 17:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-05-29 02:05] - [2018-04-22 16:00] - 000512512 _____ (Microsoft Corporation) 4CE2D42E24914EE91BFFCD8D8485A1BB

C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 16258.08 MB
Available physical RAM: 14609.5 MB
Total Virtual: 16256.28 MB
Available Virtual: 14620.59 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.61 GB) (Free:83.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:9.96 GB) (Free:1.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32
Drive h: (Transcend) (Fixed) (Total:1863.01 GB) (Free:1335.89 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4A27EC9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=101 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A57421C9)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

LastRegBack: 2018-08-25 13:43

==================== End of FRST.txt ============================

 

Share this post


Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 0

Hi king6cee,

I can see that you installed PartitionGuru and  EaseUS Partition Master two days ago. I guess that you changed something in one of those programs that made the Windows installation corrupt. Maybe you should reinstall or recover Windows.

Share this post


Link to post
Share on other sites
  • 0

I had installed the software to recover data from a corrupt flash drive. windows was working correctly even after the install.

The computer boots but gets stuck with black screen and cursor. I have tried recovery but wasn't successful. Is there any any advice on  Farbar Recovery Scan Tool . I have read it can sort the issue but need guidance.

Share this post


Link to post
Share on other sites
  • 0

I'm sorry, since this is the forum of the programs from adaware software, e.g. adaware antivirus, we're specialized in dealing with computers that either have a problem with an adaware program or are infected with malicious programs (virus and other malware). I suggest that you visit one of the major general Windows forums, e.g. bleepingcomputer, majorgeek, sevenforums, windowscentral.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now