Hello! Having a major issue with Windows 7 (x64) startup recovery. Last week my laptop came up with a corrupt file error when I went to open programs (iTunes, Word, Google). It would have a window that would pop up with the error and then a small yellow triangle with an exclamation point would display in bottom right corner saying:
"iTunes.exe - Corrupt File The file or directory C:\\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_n one_50934f2ebcb7eb57 is corrupt and unreadable. Please run the Chkdsk utility." Upon seeing this I ran Malwarebytes but came up with nothing. I decided to restart my computer.
Upon restart, Windows did not start properly instead going to a windows recovery option. I ran the Startup Repair looked like was going to take a while so I eventually just left it running overnight to find it finally completed in the morning. The repair had failed and the only thing that showed up as an error was the following:
Diagnosis and repair details:
Root Cause found:
-----------------------------
Boot manager failed to find OS loader.
Repair action: Fire repair
Result: Failed. Error code = 0X3
Time taken = 187 ms
Repair action: Boot configuration data store repair
Result: Failed. Error code = 0x2
Time taken = 0 ms
Yesterday, my husband and I attempted to use the Windows 7 disk in hopes of fixing the OS loader problem. However, we are never given any of the options that most people mention showing up either starting with loading from the hard drive OR loading from the CD/DVD. We have also tried to run all the options listed when we run the Bootrec in the command prompt screen. But all attempts to use any of those options have led to failure.
This morning, I ran the Farbar scan recovery tool. The follow is the result of the scan. If anyone has any insight on how to proceed in getting my laptop back up and running, please help! THANK YOU!! :)
-Lath
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by SYSTEM on MININT-M23QJLF on 21-09-2014 11:16:14
Running from e:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-08-26] (IDT, Inc.)
HKLM\...\Run: [AlienFX Controller] => C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [OSD] => c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Winlogon: [Userinit] userinit.exe, [X]
Winlogon\Notify\FastAccess-x32: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
HKU\Alien\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_Plugin.exe [701296 2013-02-24] (Adobe Systems Incorporated)
HKU\Alien\...\Policies\system: [LogonHoursAction] 2
HKU\Alien\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Home.Alien\...\Run: [Google Update] => C:\Users\Home.Alien\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-31] (Google Inc.)
HKU\Home.Alien\...\Policies\system: [LogonHoursAction] 2
HKU\Home.Alien\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lauren\...\Run: [Launch_CC] => c:\Program Files\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation)
HKU\Lauren\...\Run: [Google Update] => "C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\Lauren\...\Run: [PlayNC Launcher] => [X]
HKU\Lauren\...\Run: [DisplayFusion] => "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
HKU\Lauren\...\Run: [OscarEditor] => C:\Program Files (x86)\SmartRight8\OscarEditor.exe [3321344 2011-08-09] ()
HKU\Lauren\...\Run: [GoogleChromeAutoLaunch_5A7CED7E60360B541D5D45B04E2E9E47] => C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\Lauren\...\Run: [Akamai NetSession Interface] => C:\Users\Lauren\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Lauren\...\Run: [DellSystemDetect] => C:\Users\Lauren\AppData\Local\Apps\2.0\J64A69AH.MEY\B3WV7CQL.6Z7\dell..tion _0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-19] (Dell)
HKU\Lauren\...\Policies\system: [LogonHoursAction] 2
HKU\Lauren\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Home.Alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinVNC - Shortcut.lnk
ShortcutTarget: WinVNC - Shortcut.lnk -> C:\Users\Alien\Downloads\HippoVNC\WinVNC.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1965688842-4039756071-3594313719-1006\User: Group Policy restriction detected <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac 576d174925c1c6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] ()
S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac 576d174925c1c6\STacSV64.exe [240640 2009-08-26] (IDT, Inc.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S2 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X]
S2 AudioSrv; %SystemRoot%\System32\Audiosrv.dll [X]
S3 AxInstSV; %SystemRoot%\System32\AxInstSV.dll [X]
S2 BFE; %SystemRoot%\System32\bfe.dll [X]
S3 BITS; %SystemRoot%\System32\qmgr.dll [X]
S4 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S2 Dhcp; %SystemRoot%\system32\dhcpcore.dll [X]
S2 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X]
S2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]
S2 DPS; %SystemRoot%\system32\dps.dll [X]
S2 EFS; %SystemRoot%\System32\lsass.exe [X]
S3 ehRecvr; %systemroot%\ehome\ehRecvr.exe [X]
S2 eventlog; %SystemRoot%\System32\wevtsvc.dll [X]
S3 Fax; %systemroot%\system32\fxssvc.exe [X]
S3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]
S3 KeyIso; %SystemRoot%\system32\lsass.exe [X]
S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [X]
S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]
S3 napagent; %SystemRoot%\system32\qagentRT.dll [X]
S3 Netlogon; %systemroot%\system32\lsass.exe [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S3 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]
S2 ProfSvc; %systemroot%\system32\profsvc.dll [X]
S3 ProtectedStorage; %SystemRoot%\system32\lsass.exe [X]
S3 RasMan; %SystemRoot%\System32\rasmans.dll [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
S2 SamSs; %SystemRoot%\system32\lsass.exe [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 SessionEnv; %SystemRoot%\system32\sessenv.dll [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]
S2 SysMain; %systemroot%\system32\sysmain.dll [X]
S3 TabletInputService; %SystemRoot%\System32\TabSvc.dll [X]
S3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S3 VaultSvc; %SystemRoot%\system32\lsass.exe [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
S3 VSS; %systemroot%\system32\vssvc.exe [X]
S3 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [X]
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]
S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X]
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]
S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]
S3 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-08-31] (REALiX)
S3 MsRPC; No ImagePath
S3 Ntfs; No ImagePath
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 bowser; system32\DRIVERS\bowser.sys [X]
S3 CompositeBus; \SystemRoot\system32\drivers\CompositeBus.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S0 FltMgr; system32\drivers\fltmgr.sys [X]
S3 HDAudBus; \SystemRoot\system32\drivers\HDAudBus.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S0 hwpolicy; System32\drivers\hwpolicy.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]
S0 KSecDD; System32\Drivers\ksecdd.sys [X]
S3 mouclass; system32\DRIVERS\mouclass.sys [X]
S0 mountmgr; System32\drivers\mountmgr.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S1 mssmbios; \SystemRoot\system32\drivers\mssmbios.sys [X]
S3 NdisWan; system32\DRIVERS\ndiswan.sys [X]
S1 NetBT; System32\DRIVERS\netbt.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S0 partmgr; System32\drivers\partmgr.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X]
S1 rdbss; system32\DRIVERS\rdbss.sys [X]
S0 rdyboost; System32\drivers\rdyboost.sys [X]
S3 sdbus; \SystemRoot\system32\drivers\sdbus.sys [X]
S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 srv; System32\DRIVERS\srv.sys [X]
S3 srv2; System32\DRIVERS\srv2.sys [X]
S3 swenum; \SystemRoot\system32\drivers\swenum.sys [X]
S1 tdx; system32\DRIVERS\tdx.sys [X]
S1 TermDD; \SystemRoot\system32\drivers\termdd.sys [X]
S3 TsUsbFlt; system32\drivers\tsusbflt.sys [X]
S4 udfs; system32\DRIVERS\udfs.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volmgrx; System32\drivers\volmgrx.sys [X]
S3 WANARP; system32\DRIVERS\wanarp.sys [X]
S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X]
S3 WinUsb; system32\DRIVERS\WinUsb.sys [X]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
S3 WudfPf; system32\drivers\WudfPf.sys [X]
S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 11:15 - 2014-09-21 11:16 - 00000000 ____D () C:\FRST
2014-09-20 15:21 - 2014-09-20 15:21 - 00024576 _____ () C:\bcdbackup
2014-09-20 15:21 - 2014-09-20 15:21 - 00021504 ___SH () C:\bcdbackup.LOG
2014-09-16 22:28 - 2014-09-16 22:28 - 00000000 __SHD () C:\found.000
2014-09-16 09:37 - 2014-09-16 09:37 - 00000000 ____D () C:\0a84d8ba5a812d0fa3993a
2014-09-16 09:36 - 2014-09-16 09:36 - 00000000 ____D () C:\e41d21b52402b3f6b0eb220699
2014-09-15 02:00 - 2014-09-15 02:00 - 00000000 ____D () C:\d0981656aa39f0ec18
2014-09-15 02:00 - 2014-09-15 02:00 - 00000000 ____D () C:\4527b9e3a78ae83a2c9a3b6f8e18
2014-09-11 09:16 - 2014-09-15 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-11 09:16 - 2014-09-11 09:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-10 02:12 - 2014-08-19 10:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-09-10 02:12 - 2014-08-19 09:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 02:12 - 2014-08-18 15:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-09-10 02:12 - 2014-08-18 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-09-10 02:12 - 2014-08-18 14:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 02:12 - 2014-08-18 14:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-09-10 02:12 - 2014-08-18 14:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-09-10 02:12 - 2014-08-18 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-09-10 02:12 - 2014-08-18 14:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-09-10 02:12 - 2014-08-18 14:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-09-10 02:12 - 2014-08-18 14:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-09-10 02:12 - 2014-08-18 13:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 02:12 - 2014-08-18 13:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 02:12 - 2014-08-18 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 02:12 - 2014-08-18 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 02:12 - 2014-08-18 13:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-09-10 02:12 - 2014-08-18 13:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-09-10 02:12 - 2014-08-18 13:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 02:12 - 2014-08-18 13:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 02:12 - 2014-08-18 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 02:12 - 2014-08-18 13:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-09-10 02:12 - 2014-08-18 13:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-09-10 02:12 - 2014-08-18 13:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-09-10 02:12 - 2014-08-18 13:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 02:12 - 2014-08-18 13:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 02:12 - 2014-08-18 13:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-09-10 02:12 - 2014-08-18 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 02:12 - 2014-08-18 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 02:12 - 2014-08-18 12:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-09-10 02:12 - 2014-08-18 12:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 02:12 - 2014-08-18 12:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-09-10 02:12 - 2014-08-18 12:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 02:01 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 02:01 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 18:51 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-09 18:51 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-09-09 18:51 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-09-09 18:51 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 18:51 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 18:51 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-28 02:30 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-28 02:30 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 02:30 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 11:16 - 2014-09-21 11:15 - 00000000 ____D () C:\FRST
2014-09-20 15:21 - 2014-09-20 15:21 - 00024576 _____ () C:\bcdbackup
2014-09-20 15:21 - 2014-09-20 15:21 - 00021504 ___SH () C:\bcdbackup.LOG
2014-09-17 03:23 - 2014-04-03 12:44 - 00000000 ____D () C:\temp
2014-09-16 22:28 - 2014-09-16 22:28 - 00000000 __SHD () C:\found.000
2014-09-16 09:37 - 2014-09-16 09:37 - 00000000 ____D () C:\0a84d8ba5a812d0fa3993a
2014-09-16 09:37 - 2009-11-02 17:35 - 01089784 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 09:36 - 2014-09-16 09:36 - 00000000 ____D () C:\e41d21b52402b3f6b0eb220699
2014-09-16 09:17 - 2009-11-11 11:28 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965688842-4039756071-3594313719-1000UA.job
2014-09-16 09:11 - 2011-12-31 19:01 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965688842-4039756071-3594313719-1005UA.job
2014-09-16 08:59 - 2014-08-19 20:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-16 07:17 - 2009-11-11 11:28 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965688842-4039756071-3594313719-1000Core.job
2014-09-15 20:31 - 2014-09-11 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-15 20:31 - 2009-11-02 19:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 15:11 - 2011-12-31 19:01 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965688842-4039756071-3594313719-1005Core.job
2014-09-15 02:00 - 2014-09-15 02:00 - 00000000 ____D () C:\d0981656aa39f0ec18
2014-09-15 02:00 - 2014-09-15 02:00 - 00000000 ____D () C:\4527b9e3a78ae83a2c9a3b6f8e18
2014-09-14 02:03 - 2009-07-13 20:45 - 00023056 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 02:03 - 2009-07-13 20:45 - 00023056 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 09:16 - 2014-09-11 09:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-10 21:12 - 2009-11-15 15:48 - 00000000 ____D () C:\Users\Lauren\Dance
2014-09-10 03:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 02:43 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-10 02:37 - 2013-08-18 00:00 - 00007095 _____ () C:\Windows\setupact.log
2014-09-10 02:37 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 02:18 - 2009-11-11 20:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 02:11 - 2014-02-26 03:06 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 02:09 - 2013-07-19 07:12 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-10 02:03 - 2009-11-11 11:45 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-09-10 02:01 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-07 09:34 - 2013-08-02 12:22 - 00000000 ____D () C:\Users\Lauren\Bills
2014-09-04 18:10 - 2014-09-09 18:51 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-03 21:15 - 2009-11-15 15:52 - 00000000 ____D () C:\Users\Lauren\Kethry
2014-08-29 02:18 - 2009-07-13 20:45 - 00342832 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-25 05:53 - 2009-11-02 17:50 - 00270496 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-08-23 19:56 - 2012-02-19 13:08 - 00000000 ____D () C:\Users\Lauren\Ukulele
2014-08-22 18:07 - 2014-08-28 02:30 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 17:45 - 2014-08-28 02:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 16:59 - 2014-08-28 02:30 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
Some content of TEMP:
====================
C:\Users\Lauren\AppData\Local\Temp\helper.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Lauren\AppData\Local\Temp\ose00000.exe
C:\Users\Lauren\AppData\Local\Temp\Quarantine.exe
C:\Users\Lauren\AppData\Local\Temp\sqlite3.exe
C:\Users\Lauren\AppData\Local\Temp\uninst.exe
==================== Known DLLs (Whitelisted) ================
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION!
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 3838.36 MB
Available physical RAM: 3218.56 MB
Total Pagefile: 3836.51 MB
Available Pagefile: 3210.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.2 GB) (Free:195.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EFB2B7D7)
Partition 1: (Active) - (Size=450.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15.6 GB) - (Type=12)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2014-09-15 23:54
==================== End Of Log ============================
"iTunes.exe - Corrupt File The file or directory C:\\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_n one_50934f2ebcb7eb57 is corrupt and unreadable. Please run the Chkdsk utility." Upon seeing this I ran Malwarebytes but came up with nothing. I decided to restart my computer.
Upon restart, Windows did not start properly instead going to a windows recovery option. I ran the Startup Repair looked like was going to take a while so I eventually just left it running overnight to find it finally completed in the morning. The repair had failed and the only thing that showed up as an error was the following:
Diagnosis and repair details:
Root Cause found:
-----------------------------
Boot manager failed to find OS loader.
Repair action: Fire repair
Result: Failed. Error code = 0X3
Time taken = 187 ms
Repair action: Boot configuration data store repair
Result: Failed. Error code = 0x2
Time taken = 0 ms
Yesterday, my husband and I attempted to use the Windows 7 disk in hopes of fixing the OS loader problem. However, we are never given any of the options that most people mention showing up either starting with loading from the hard drive OR loading from the CD/DVD. We have also tried to run all the options listed when we run the Bootrec in the command prompt screen. But all attempts to use any of those options have led to failure.
This morning, I ran the Farbar scan recovery tool. The follow is the result of the scan. If anyone has any insight on how to proceed in getting my laptop back up and running, please help! THANK YOU!! :)
-Lath
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by SYSTEM on MININT-M23QJLF on 21-09-2014 11:16:14
Running from e:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-08-26] (IDT, Inc.)
HKLM\...\Run: [AlienFX Controller] => C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [OSD] => c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM-x32\...\Winlogon: [Userinit] userinit.exe, [X]
Winlogon\Notify\FastAccess-x32: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
HKU\Alien\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_Plugin.exe [701296 2013-02-24] (Adobe Systems Incorporated)
HKU\Alien\...\Policies\system: [LogonHoursAction] 2
HKU\Alien\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Home.Alien\...\Run: [Google Update] => C:\Users\Home.Alien\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-31] (Google Inc.)
HKU\Home.Alien\...\Policies\system: [LogonHoursAction] 2
HKU\Home.Alien\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lauren\...\Run: [Launch_CC] => c:\Program Files\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation)
HKU\Lauren\...\Run: [Google Update] => "C:\Users\Lauren\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\Lauren\...\Run: [PlayNC Launcher] => [X]
HKU\Lauren\...\Run: [DisplayFusion] => "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
HKU\Lauren\...\Run: [OscarEditor] => C:\Program Files (x86)\SmartRight8\OscarEditor.exe [3321344 2011-08-09] ()
HKU\Lauren\...\Run: [GoogleChromeAutoLaunch_5A7CED7E60360B541D5D45B04E2E9E47] => C:\Users\Lauren\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\Lauren\...\Run: [Akamai NetSession Interface] => C:\Users\Lauren\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\Lauren\...\Run: [DellSystemDetect] => C:\Users\Lauren\AppData\Local\Apps\2.0\J64A69AH.MEY\B3WV7CQL.6Z7\dell..tion _0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-19] (Dell)
HKU\Lauren\...\Policies\system: [LogonHoursAction] 2
HKU\Lauren\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Home.Alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinVNC - Shortcut.lnk
ShortcutTarget: WinVNC - Shortcut.lnk -> C:\Users\Alien\Downloads\HippoVNC\WinVNC.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1965688842-4039756071-3594313719-1006\User: Group Policy restriction detected <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac 576d174925c1c6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] ()
S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac 576d174925c1c6\STacSV64.exe [240640 2009-08-26] (IDT, Inc.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S2 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X]
S2 AudioSrv; %SystemRoot%\System32\Audiosrv.dll [X]
S3 AxInstSV; %SystemRoot%\System32\AxInstSV.dll [X]
S2 BFE; %SystemRoot%\System32\bfe.dll [X]
S3 BITS; %SystemRoot%\System32\qmgr.dll [X]
S4 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S2 Dhcp; %SystemRoot%\system32\dhcpcore.dll [X]
S2 DisplayFusionService; "C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe" [X]
S2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]
S2 DPS; %SystemRoot%\system32\dps.dll [X]
S2 EFS; %SystemRoot%\System32\lsass.exe [X]
S3 ehRecvr; %systemroot%\ehome\ehRecvr.exe [X]
S2 eventlog; %SystemRoot%\System32\wevtsvc.dll [X]
S3 Fax; %systemroot%\system32\fxssvc.exe [X]
S3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]
S3 KeyIso; %SystemRoot%\system32\lsass.exe [X]
S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [X]
S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]
S3 napagent; %SystemRoot%\system32\qagentRT.dll [X]
S3 Netlogon; %systemroot%\system32\lsass.exe [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S3 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]
S2 ProfSvc; %systemroot%\system32\profsvc.dll [X]
S3 ProtectedStorage; %SystemRoot%\system32\lsass.exe [X]
S3 RasMan; %SystemRoot%\System32\rasmans.dll [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
S2 SamSs; %SystemRoot%\system32\lsass.exe [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 SessionEnv; %SystemRoot%\system32\sessenv.dll [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]
S2 SysMain; %systemroot%\system32\sysmain.dll [X]
S3 TabletInputService; %SystemRoot%\System32\TabSvc.dll [X]
S3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S3 VaultSvc; %SystemRoot%\system32\lsass.exe [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
S3 VSS; %systemroot%\system32\vssvc.exe [X]
S3 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [X]
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]
S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X]
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]
S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]
S3 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-08-31] (REALiX)
S3 MsRPC; No ImagePath
S3 Ntfs; No ImagePath
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 bowser; system32\DRIVERS\bowser.sys [X]
S3 CompositeBus; \SystemRoot\system32\drivers\CompositeBus.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S0 FltMgr; system32\drivers\fltmgr.sys [X]
S3 HDAudBus; \SystemRoot\system32\drivers\HDAudBus.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S0 hwpolicy; System32\drivers\hwpolicy.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]
S0 KSecDD; System32\Drivers\ksecdd.sys [X]
S3 mouclass; system32\DRIVERS\mouclass.sys [X]
S0 mountmgr; System32\drivers\mountmgr.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S1 mssmbios; \SystemRoot\system32\drivers\mssmbios.sys [X]
S3 NdisWan; system32\DRIVERS\ndiswan.sys [X]
S1 NetBT; System32\DRIVERS\netbt.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S0 partmgr; System32\drivers\partmgr.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X]
S1 rdbss; system32\DRIVERS\rdbss.sys [X]
S0 rdyboost; System32\drivers\rdyboost.sys [X]
S3 sdbus; \SystemRoot\system32\drivers\sdbus.sys [X]
S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 srv; System32\DRIVERS\srv.sys [X]
S3 srv2; System32\DRIVERS\srv2.sys [X]
S3 swenum; \SystemRoot\system32\drivers\swenum.sys [X]
S1 tdx; system32\DRIVERS\tdx.sys [X]
S1 TermDD; \SystemRoot\system32\drivers\termdd.sys [X]
S3 TsUsbFlt; system32\drivers\tsusbflt.sys [X]
S4 udfs; system32\DRIVERS\udfs.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volmgrx; System32\drivers\volmgrx.sys [X]
S3 WANARP; system32\DRIVERS\wanarp.sys [X]
S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X]
S3 WinUsb; system32\DRIVERS\WinUsb.sys [X]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
S3 WudfPf; system32\drivers\WudfPf.sys [X]
S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 11:15 - 2014-09-21 11:16 - 00000000 ____D () C:\FRST
2014-09-20 15:21 - 2014-09-20 15:21 - 00024576 _____ () C:\bcdbackup
2014-09-20 15:21 - 2014-09-20 15:21 - 00021504 ___SH () C:\bcdbackup.LOG
2014-09-16 22:28 - 2014-09-16 22:28 - 00000000 __SHD () C:\found.000
2014-09-16 09:37 - 2014-09-16 09:37 - 00000000 ____D () C:\0a84d8ba5a812d0fa3993a
2014-09-16 09:36 - 2014-09-16 09:36 - 00000000 ____D () C:\e41d21b52402b3f6b0eb220699
2014-09-15 02:00 - 2014-09-15 02:00 - 00000000 ____D () C:\d0981656aa39f0ec18
2014-09-15 02:00 - 2014-09-15 02:00 - 00000000 ____D () C:\4527b9e3a78ae83a2c9a3b6f8e18
2014-09-11 09:16 - 2014-09-15 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-11 09:16 - 2014-09-11 09:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-10 02:12 - 2014-08-19 10:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-09-10 02:12 - 2014-08-19 09:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 02:12 - 2014-08-18 15:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-09-10 02:12 - 2014-08-18 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-09-10 02:12 - 2014-08-18 14:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 02:12 - 2014-08-18 14:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-09-10 02:12 - 2014-08-18 14:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-09-10 02:12 - 2014-08-18 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-09-10 02:12 - 2014-08-18 14:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-09-10 02:12 - 2014-08-18 14:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-09-10 02:12 - 2014-08-18 14:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-09-10 02:12 - 2014-08-18 13:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 02:12 - 2014-08-18 13:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 02:12 - 2014-08-18 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 02:12 - 2014-08-18 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 02:12 - 2014-08-18 13:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-09-10 02:12 - 2014-08-18 13:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-09-10 02:12 - 2014-08-18 13:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 02:12 - 2014-08-18 13:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 02:12 - 2014-08-18 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 02:12 - 2014-08-18 13:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-09-10 02:12 - 2014-08-18 13:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-09-10 02:12 - 2014-08-18 13:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-09-10 02:12 - 2014-08-18 13:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 02:12 - 2014-08-18 13:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 02:12 - 2014-08-18 13:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-09-10 02:12 - 2014-08-18 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 02:12 - 2014-08-18 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 02:12 - 2014-08-18 12:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-09-10 02:12 - 2014-08-18 12:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 02:12 - 2014-08-18 12:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-09-10 02:12 - 2014-08-18 12:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 02:01 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2014-09-10 02:01 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 18:51 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-09 18:51 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-09-09 18:51 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-09-09 18:51 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 18:51 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 18:51 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-28 02:30 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-28 02:30 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 02:30 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 11:16 - 2014-09-21 11:15 - 00000000 ____D () C:\FRST
2014-09-20 15:21 - 2014-09-20 15:21 - 00024576 _____ () C:\bcdbackup
2014-09-20 15:21 - 2014-09-20 15:21 - 00021504 ___SH () C:\bcdbackup.LOG
2014-09-17 03:23 - 2014-04-03 12:44 - 00000000 ____D () C:\temp
2014-09-16 22:28 - 2014-09-16 22:28 - 00000000 __SHD () C:\found.000
2014-09-16 09:37 - 2014-09-16 09:37 - 00000000 ____D () C:\0a84d8ba5a812d0fa3993a
2014-09-16 09:37 - 2009-11-02 17:35 - 01089784 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 09:36 - 2014-09-16 09:36 - 00000000 ____D () C:\e41d21b52402b3f6b0eb220699
2014-09-16 09:17 - 2009-11-11 11:28 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965688842-4039756071-3594313719-1000UA.job
2014-09-16 09:11 - 2011-12-31 19:01 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965688842-4039756071-3594313719-1005UA.job
2014-09-16 08:59 - 2014-08-19 20:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-16 07:17 - 2009-11-11 11:28 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965688842-4039756071-3594313719-1000Core.job
2014-09-15 20:31 - 2014-09-11 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-15 20:31 - 2009-11-02 19:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 15:11 - 2011-12-31 19:01 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965688842-4039756071-3594313719-1005Core.job
2014-09-15 02:00 - 2014-09-15 02:00 - 00000000 ____D () C:\d0981656aa39f0ec18
2014-09-15 02:00 - 2014-09-15 02:00 - 00000000 ____D () C:\4527b9e3a78ae83a2c9a3b6f8e18
2014-09-14 02:03 - 2009-07-13 20:45 - 00023056 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 02:03 - 2009-07-13 20:45 - 00023056 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 09:16 - 2014-09-11 09:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-10 21:12 - 2009-11-15 15:48 - 00000000 ____D () C:\Users\Lauren\Dance
2014-09-10 03:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 02:43 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-10 02:37 - 2013-08-18 00:00 - 00007095 _____ () C:\Windows\setupact.log
2014-09-10 02:37 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 02:18 - 2009-11-11 20:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 02:11 - 2014-02-26 03:06 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 02:09 - 2013-07-19 07:12 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-10 02:03 - 2009-11-11 11:45 - 101694776 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-09-10 02:01 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-07 09:34 - 2013-08-02 12:22 - 00000000 ____D () C:\Users\Lauren\Bills
2014-09-04 18:10 - 2014-09-09 18:51 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-03 21:15 - 2009-11-15 15:52 - 00000000 ____D () C:\Users\Lauren\Kethry
2014-08-29 02:18 - 2009-07-13 20:45 - 00342832 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-25 05:53 - 2009-11-02 17:50 - 00270496 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-08-23 19:56 - 2012-02-19 13:08 - 00000000 ____D () C:\Users\Lauren\Ukulele
2014-08-22 18:07 - 2014-08-28 02:30 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 17:45 - 2014-08-28 02:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 16:59 - 2014-08-28 02:30 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
Some content of TEMP:
====================
C:\Users\Lauren\AppData\Local\Temp\helper.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Lauren\AppData\Local\Temp\ose00000.exe
C:\Users\Lauren\AppData\Local\Temp\Quarantine.exe
C:\Users\Lauren\AppData\Local\Temp\sqlite3.exe
C:\Users\Lauren\AppData\Local\Temp\uninst.exe
==================== Known DLLs (Whitelisted) ================
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION!
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 3838.36 MB
Available physical RAM: 3218.56 MB
Total Pagefile: 3836.51 MB
Available Pagefile: 3210.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.2 GB) (Free:195.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EFB2B7D7)
Partition 1: (Active) - (Size=450.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15.6 GB) - (Type=12)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2014-09-15 23:54
==================== End Of Log ============================