Solved Boot crash, even to safe mode - exception in log - please help me

MIRKOSOFT · Feb 23, 2017

Hi!

Yesterday I tried to connect USB switch (sharing 1 device between 2 computers).
After plug in begans driver search and then Windows crashed and shows BSOD where was this:

Then I tried to restart and it failed at boot again. Then I tried to boot into safe mode to help, but failed even when was booting into safe mode.
At that moment I know that something very wrong happened.
So, I tried to use restore point in System Recovery - always fails. Then I tried to use booting recovery and result was error that system is unable to recovery boot - error is in log.

So, I opened log and found error message:

Root cause found:
---------------------------
A recent driver installation or upgrade may be preventing the system from starting.

Log is attached.
So, it means driver found at device connection and its installation is problem for boot...
But this mail I'm writting from Live Windows 10.1607 x64 and cannot access drivers to uninstall on installed Windows...
So what to do? How to access drivers on installed system? Only one succesfull thing was Command Line to access system...
Or exists any other way?
I'm lost and very sad, can anybody help?
For correction:
MB: Asus Z170-A
CPU: Core i5-6400 Quad Core
RAM: 20 GB
OS: Windows 10.1607.14393 Pro x64

Thank you for each help.
Miro

Malnutrition · Feb 23, 2017

On a clean machine, please download FRST 64bit or FRST 32 bit and save it to a flash drive. Note: You need to run the version compatible with your system. Plug the flashdrive into the infected PC.
If you are using Windows 8 or 10 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used. To make a repair disk on Windows 7 consult: https://pchelpforum.net/resources/create-a-windows-7-rescue-disc.114/ To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt Once in the Command Prompt:
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MIRKOSOFT · Feb 23, 2017

Hi!

I did scan and created scan file. Attached.

Miro

Malnutrition · Feb 23, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017

Click to expand...

Ran by SYSTEM on MININT-OB7I5JR (23-02-2017 13:18:44)
Running from D:\
Platform: Windows 10 Pro Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [Turbo LAN] => C:\Program Files\ASUS\Turbo LAN\cFosSpeed.exe [2888104 2015-09-09] (cFos Software GmbH)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [AO Link Server] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ALRun.exe -start
HKLM-x32\...\Run: [ASUS Media Streamer ShareEdit] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe [1194808 2015-07-07] ()
HKLM-x32\...\Run: [ASUS Media Streamer DMS] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe [2569528 2015-07-07] ()
HKLM-x32\...\Run: [ASUS Media Streamer WSAgent] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe [86840 2015-06-03] ()
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFile\WiFileTransfer.exe [1392952 2015-09-11] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [RtlS5Wake Execute] => C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\S5WOW_App\RtlS5Wake\RtlS5Wake.exe [1642496 2015-09-11] (Realtek)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe [63272 2014-12-04] ()
HKLM-x32\...\Run: [$REGNAME] => C:\Gaming Mouse\Gaming Driver.exe [4803584 2013-10-21] (Areson)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-27] (AVAST Software)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-08-14] (VMware, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [101888 2012-09-10] (Leadtek Research Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [170496 2009-02-06] (ArcSoft Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No File
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AHKstart.exe.lnk [2016-12-28]
ShortcutTarget: AHKstart.exe.lnk -> D:\Commodore\Commodore 128\VICE NEW\KeyboardDriver\HotKey\AHKstart\AHKstart.exe (No File)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ANotePortable.exe.lnk [2016-12-28]
ShortcutTarget: ANotePortable.exe.lnk -> E:\Documents\_Install\Windows 10 x64\_Finalized\Personalize Windows 10\Tools\ANotePortable\ANotePortable.exe (No File)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aprp.exe.lnk [2017-01-07]
ShortcutTarget: aprp.exe.lnk -> C:\Program Files (x86)\ASUS\APRP\aprp.exe ()
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Coolbarz.lnk [2017-01-05]
ShortcutTarget: Coolbarz.lnk -> (No File)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-12-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2016-12-29]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-01-01]
ShortcutTarget: MEGAsync.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar315.lnk [2017-02-22]
ShortcutTarget: Sidebar315.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2016-12-27]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk [2017-01-30]
ShortcutTarget: Super Finder XT.lnk -> (No File)
GroupPolicy: Restriction <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [81872 2015-08-13] (American Megatrends Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-06-05] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe [71168 2014-12-04] (ASUS Cloud Corporation)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.07.00\AsusFanControlService.exe [395736 2015-11-30] (ASUSTeK Computer Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-27] (AVAST Software)
S2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [394752 2016-07-22] (Apple Inc.)
S2 cFosSpeedS; C:\Program Files\ASUS\Turbo LAN\spd.exe [1082280 2015-09-09] (cFos Software GmbH)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [604280 2016-01-28] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-01] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
S2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5098008 2016-12-23] (Binary Fortress Software)
S2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio)
S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [382976 2016-12-28] (Microsoft Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354936 2016-01-28] (Intel Corporation)
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [17408 2016-12-28] (Microsoft Corporation)
S3 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11264 2010-06-07] (Olof Lagerkvist)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
S2 Lsdiorw; C:\Program Files (x86)\LS_Duhem\lsdiorw\lsdiorw.exe [53760 2013-06-18] (Logiciels & Services Duhem, Paris (France))
S3 LxssManager; C:\Windows\system32\lxss\LxssManager.dll [327168 2016-10-15] (Microsoft Corporation)
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [398208 2017-01-23] (Mailbird)
S2 MOPSender; C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\AWService.exe [116224 2015-09-11] (BARCO \ AWIND)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2016-12-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2015-12-02] (Stardock Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2016-12-28] (Microsoft Corporation)
S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-21] (Intel(R) Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [908672 2012-01-17] (ITE Technologies )
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
S3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [22192 2015-10-19] (ASUSTek Computer Inc.)
S3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2013-10-12] (AnvSoft Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-12-27] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-12-27] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-12-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-27] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-12-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-12-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-12-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-27] (AVAST Software)
S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [17360 2010-03-08] (Olof Lagerkvist)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2011-10-30] (CrystalIdea Software)
S3 DSDrv4AMD64; C:\Program Files (x86)\DScaler\DSDrv4amd64.sys [22488 2009-08-28] ()
S1 DuoVMDrv; C:\Windows\system32\DRIVERS\DuoVMDrv.sys [239536 2015-08-06] (American Megatrends Inc.)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [559080 2016-04-19] (Intel Corporation)
S3 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [34776 2010-06-07] (Olof Lagerkvist)
S2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-09-21] (Intel Corporation)
S4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2015-05-14] (ASUSTeK Computer Inc.)
S0 lxss; C:\Windows\System32\drivers\lxss.sys [15712 2016-12-28] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2017-02-02] ()
S3 RtlWlanu_OldIC; C:\Windows\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation )
S3 SA7160.X64; C:\Windows\SYSTEM32\DRIVERS\SA7160.X64.SYS [3590016 2014-03-26] ()
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2017-02-12] (Macrovision Europe Ltd)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
S1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation)
S0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
S2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: LxssManager -> C:\Windows\system32\lxss\LxssManager.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-23 13:18 - 2017-02-23 13:18 - 00000000 ____D C:\FRST
2017-02-22 01:47 - 2017-02-22 01:50 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\A Note
2017-02-21 13:46 - 2017-02-21 13:46 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2017-02-21 13:45 - 2017-02-21 13:45 - 00000000 ____D C:\Program Files (x86)\TechSmith
2017-02-21 13:45 - 2017-02-21 13:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-02-21 13:19 - 2017-02-21 13:19 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\VOS
2017-02-20 12:12 - 2017-02-20 12:12 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\TortoiseSVN
2017-02-20 12:04 - 2017-02-20 12:04 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\TSVNCache
2017-02-20 11:26 - 2017-02-20 11:27 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\TortoiseSVN
2017-02-20 11:26 - 2017-02-20 11:26 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\Subversion
2017-02-20 11:25 - 2017-02-20 11:25 - 00000000 ____D C:\Program Files\TortoiseSVN
2017-02-20 11:25 - 2017-02-20 11:25 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2017-02-17 10:39 - 2017-02-17 10:39 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\nemesys.lgb
2017-02-16 11:46 - 2012-01-17 19:29 - 00908672 _____ (ITE Technologies ) C:\Windows\System32\Drivers\AF9035HB.sys
2017-02-16 11:13 - 2017-02-16 11:22 - 00000000 ____D C:\Program Files (x86)\Noël Danjou
2017-02-16 11:13 - 2017-02-16 11:13 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Noël Danjou
2017-02-16 10:45 - 2017-02-16 10:45 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\DScaler4
2017-02-16 10:45 - 2017-02-16 10:45 - 00000000 ____D C:\Program Files (x86)\DScaler
2017-02-14 23:58 - 2017-02-14 23:58 - 00005059 _____ C:\Users\MIRKOSOFT\AppData\Local\recently-used.xbel
2017-02-13 17:19 - 2017-02-13 17:19 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2017-02-13 17:19 - 2017-02-13 17:19 - 00000000 ___HD C:\Program Files\CanonBJ
2017-02-13 17:19 - 2007-04-17 09:17 - 01177088 _____ (CANON INC.) C:\Windows\System32\CNQ2412L.DLL
2017-02-13 17:19 - 2007-03-23 16:33 - 01439744 _____ (CANON INC.) C:\Windows\System32\CNQ2412C.DLL
2017-02-13 17:19 - 2007-03-23 16:32 - 00092672 _____ (CANON INC.) C:\Windows\System32\CNQ2412I.DLL
2017-02-13 17:19 - 2007-03-15 14:13 - 00229888 _____ (Canon Inc.) C:\Windows\System32\CNQ2412O.DLL
2017-02-12 15:20 - 2017-02-12 15:20 - 00012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2017-02-12 01:00 - 2017-02-18 12:52 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\JDownloader v2.0
2017-02-10 23:11 - 2017-02-10 23:11 - 00000000 ____D C:\Program Files (x86)\StarWind Software
2017-02-10 23:11 - 2016-10-21 11:48 - 00033432 _____ (VMware, Inc.) C:\Windows\System32\Drivers\vstor2-mntapi10-shared.sys
2017-02-09 03:57 - 2017-02-12 17:26 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\gtk-2.0
2017-02-09 01:38 - 2017-02-09 04:17 - 00007608 _____ C:\Users\MIRKOSOFT\AppData\Local\Resmon.ResmonCfg
2017-02-08 17:08 - 2017-02-10 23:36 - 00000000 ____D C:\avast! sandbox
2017-02-08 17:01 - 2016-12-27 10:38 - 00391496 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2017-02-08 03:54 - 2017-02-08 03:55 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\KeyMapper
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys
2017-02-06 18:54 - 2017-02-06 18:54 - 00230424 _____ C:\img2-001.raw
2017-02-06 03:29 - 2017-02-06 03:29 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\Trimble Connect for SketchUp
2017-02-06 03:28 - 2017-02-06 03:28 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\SketchUp
2017-02-06 03:20 - 2017-02-06 03:20 - 00000000 ___HD C:\Users\MIRKOSOFT\AppData\Local\{F66F5828-6EF5-4CEE-93A1-CB534D874C67}
2017-02-06 03:07 - 2017-02-06 03:07 - 00000000 ____D C:\ProgramData\SketchUp
2017-02-06 03:07 - 2017-02-06 03:07 - 00000000 ____D C:\Program Files\SketchUp
2017-02-04 21:09 - 2004-01-22 00:35 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2017-02-04 21:09 - 2004-01-22 00:35 - 00040960 _____ (vbAccelerator) C:\Windows\System32\ssubtmr6.dll
2017-02-04 15:47 - 2017-02-04 15:45 - 00096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5FR.DLL
2017-02-04 15:47 - 2017-02-04 15:45 - 00096256 _____ (Microsoft Corporation) C:\Windows\System32\VB5FR.DLL
2017-02-04 15:42 - 2017-02-04 15:39 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2017-02-04 15:41 - 2017-02-04 15:39 - 01355776 _____ (Microsoft Corporation) C:\Windows\System32\msvbvm50.dll
2017-02-04 12:11 - 2017-02-04 12:11 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\soft-evolution
2017-02-04 12:11 - 2017-02-04 12:11 - 00000000 ____D C:\Program Files (x86)\WebAnimator Plus
2017-02-03 17:28 - 2017-02-03 17:28 - 00000000 ____D C:\Users\MIRKOSOFT\.thumbnails
2017-02-03 17:23 - 2017-02-14 23:58 - 00000000 ____D C:\Users\MIRKOSOFT\.gimp-2.8
2017-02-03 17:23 - 2017-02-03 17:23 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\gegl-0.2
2017-02-03 17:23 - 2017-02-03 17:23 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\fontconfig
2017-02-03 00:53 - 2017-02-06 03:26 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Deployment
2017-02-03 00:30 - 1999-06-10 12:20 - 00006112 _____ C:\Windows\SysWOW64\Drivers\cdenable.sys
2017-02-03 00:27 - 2002-02-01 17:00 - 00022016 _____ (Borland Software Corporation) C:\Windows\SysWOW64\borlndmm.dll
2017-02-03 00:27 - 2002-02-01 16:00 - 01497088 _____ (Borland Corporation) C:\Windows\SysWOW64\cc3260mt.dll
2017-02-03 00:27 - 2002-02-01 16:00 - 01326080 _____ (Borland Software Corporation) C:\Windows\SysWOW64\vcl60.bpl
2017-02-03 00:27 - 2002-02-01 16:00 - 00676352 _____ (Borland Software Corporation) C:\Windows\SysWOW64\rtl60.bpl
2017-02-03 00:27 - 1997-03-25 05:02 - 00303104 _____ (Borland International) C:\Windows\SysWOW64\cw3230.dll
2017-02-03 00:26 - 2017-02-03 00:28 - 00000000 ____D C:\Program Files (x86)\LS_Duhem
2017-02-03 00:26 - 2017-02-03 00:26 - 00000000 ____D C:\Program Files (x86)\ClipShop
2017-02-03 00:26 - 2007-12-11 21:04 - 01874944 _____ (CodeGear) C:\Windows\SysWOW64\vcl100.bpl
2017-02-03 00:26 - 2007-12-11 21:04 - 00853504 _____ (CodeGear) C:\Windows\SysWOW64\rtl100.bpl
2017-02-03 00:26 - 2007-08-26 20:03 - 00738816 _____ (CodeGear) C:\Windows\SysWOW64\cc3280mt.dll
2017-02-03 00:13 - 2017-02-03 00:25 - 00000000 ____D C:\Program Files (x86)\Executor
2017-02-03 00:13 - 1999-06-10 13:20 - 00006112 _____ C:\Windows\SysWOW64\cdenable.sys
2017-02-03 00:00 - 2017-02-06 03:07 - 00000000 ____D C:\ProgramData\Reprise
2017-02-02 23:55 - 2017-02-02 23:55 - 00000000 ___HD C:\Users\MIRKOSOFT\.DuOS
2017-02-02 23:55 - 2017-02-02 23:55 - 00000000 ____D C:\Users\MIRKOSOFT\DuOSShare
2017-02-02 23:55 - 2017-02-02 23:55 - 00000000 ____D C:\Users\MIRKOSOFT\.VBox
2017-02-02 23:53 - 2017-02-02 23:53 - 00000000 ____D C:\ProgramData\AMI
2017-02-02 23:53 - 2017-02-02 23:53 - 00000000 ____D C:\Program Files\AMI
2017-02-02 23:53 - 2015-08-06 19:40 - 00239536 _____ (American Megatrends Inc.) C:\Windows\System32\Drivers\DuoVMDrv.sys
2017-02-02 23:52 - 2017-02-02 23:52 - 00015992 _____ C:\Windows\System32\ami_ipower.sys
2017-01-31 04:24 - 2017-01-31 04:24 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Chromium
2017-01-30 20:59 - 2017-01-30 20:59 - 00085016 ____H (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCMON23.SYS
2017-01-30 01:44 - 2015-08-23 23:33 - 00000091 _____ C:\BOOTDISK.KEY
2017-01-30 01:38 - 2017-02-18 19:04 - 00000000 ____D C:\ProgramData\TEMP
2017-01-30 00:12 - 2017-01-30 00:12 - 00000000 ____D C:\Program Files (x86)\ImageMagick-6.2.1-Q8
2017-01-27 22:39 - 2017-02-08 16:59 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-01-27 22:39 - 2017-01-27 22:39 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-26 01:19 - 2017-01-26 01:19 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\TechSmith
2017-01-26 01:16 - 2017-01-26 01:16 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\TechSmith
2017-01-26 01:09 - 2017-02-21 13:45 - 00000000 ____D C:\ProgramData\TechSmith
2017-01-26 00:10 - 2017-01-26 00:10 - 00000000 ____D C:\Program Files (x86)\RevEngE6502
2017-01-26 00:10 - 2017-01-26 00:10 - 00000000 ____D C:\Program Files (x86)\ConGo
2017-01-26 00:08 - 2017-01-26 00:08 - 00000000 ____D C:\Program Files (x86)\ConGo4se
2017-01-26 00:07 - 2017-01-26 00:08 - 00000000 ____D C:\Program Files (x86)\ConGo4
2017-01-25 22:38 - 2017-01-25 22:36 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMCTL32.OCX
2017-01-25 22:38 - 2017-01-25 22:36 - 00608448 _____ (Microsoft Corporation) C:\Windows\System32\COMCTL32.OCX
2017-01-25 22:38 - 2017-01-25 22:36 - 00608448 _____ (Microsoft Corporation) C:\Windows\COMCTL32.OCX
2017-01-25 21:50 - 2017-01-25 21:50 - 00000000 ____D C:\Program Files (x86)\Retro-X
2017-01-25 21:43 - 2001-02-20 02:47 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\COMDLG32.OCX
2017-01-25 21:41 - 2001-02-20 02:47 - 00140288 _____ (Microsoft Corporation) C:\Windows\COMDLG32.OCX
2017-01-25 21:39 - 2017-01-25 22:37 - 00000000 ____D C:\Program Files (x86)\IFFPro
2017-01-25 19:25 - 2017-01-25 19:25 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2017-01-25 19:25 - 2017-01-25 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2017-01-25 19:25 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-01-25 19:25 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-01-25 18:34 - 2017-01-25 18:34 - 00000000 ____D C:\Program Files (x86)\WinImage
2017-01-25 18:31 - 2017-01-25 18:31 - 00000000 ____D C:\Games
2017-01-25 18:30 - 2016-07-31 23:34 - 06978978 _____ C:\Windows\RandomPhotoScreensaver.exe
2017-01-25 18:30 - 2016-07-04 20:15 - 01300162 _____ (Style-7 ) C:\Windows\photo_clock-7.exe
2017-01-25 18:30 - 2015-10-30 08:19 - 00515584 _____ (Microsoft Corporation) C:\Windows\PhotoScreensaver.scr
2017-01-25 18:30 - 2015-07-15 03:14 - 00000077 _____ C:\Windows\SereneScreen Marine Aquarium 3 serial.txt
2017-01-25 18:30 - 2010-07-19 16:15 - 00534720 _____ (Photo-Screensavers.com) C:\Windows\3D_Photo_Album.scr
2017-01-25 18:30 - 2010-07-19 08:04 - 00640172 _____ (Photo-Screensavers.com) C:\Windows\Photo-Slideshow.scr
2017-01-25 18:23 - 2017-01-25 18:23 - 00000000 ____D C:\Program Files (x86)\IconLover
2017-01-25 18:21 - 2017-01-25 18:24 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\Aha-soft
2017-01-25 18:20 - 2017-01-25 18:20 - 00000000 ____D C:\Program Files (x86)\Any to Icon
2017-01-25 18:17 - 2017-01-25 18:18 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\AmPro
2017-01-25 17:47 - 2017-01-25 17:47 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Lanex
2017-01-25 17:46 - 2017-01-25 17:46 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-01-25 17:46 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-01-25 17:46 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-01-25 17:46 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-01-25 17:46 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-01-25 17:46 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-01-25 17:46 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-01-25 01:37 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2017-01-25 01:37 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-25 00:41 - 2017-01-25 00:42 - 00000000 ____D C:\Program Files (x86)\ZxThumbnailers
2017-01-24 22:05 - 2017-01-24 22:07 - 00000762 _____ C:\Windows\SIDPLAYW.INI

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 21:27 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-02-22 21:23 - 2016-12-27 08:41 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-02-22 20:14 - 2016-12-27 16:13 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Clipboarder
2017-02-22 18:54 - 2016-12-31 18:47 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\ClassicShell
2017-02-22 18:45 - 2016-12-27 16:13 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Sidebar7
2017-02-22 16:32 - 2016-12-27 15:42 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\DisplayFusion
2017-02-22 14:13 - 2016-12-27 20:46 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\CrashDumps
2017-02-22 13:08 - 2016-12-30 18:06 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\LocalLow\Mozilla
2017-02-22 13:08 - 2016-12-27 16:08 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\Mozilla
2017-02-22 08:36 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 08:36 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-22 04:04 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-22 02:37 - 2016-12-27 16:12 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\LocalLow\Clover
2017-02-22 01:46 - 2017-01-01 21:18 - 00000000 ___RD C:\Users\MIRKOSOFT\Dropbox
2017-02-22 01:45 - 2016-12-27 23:58 - 00000000 ____D C:\ProgramData\Mailbird
2017-02-22 01:44 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\System32\inetsrv
2017-02-22 01:43 - 2016-12-27 09:16 - 00000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-22 01:43 - 2016-12-27 09:16 - 00000000 __SHD C:\Users\MIRKOSOFT\IntelGraphicsProfiles
2017-02-22 01:43 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-22 01:41 - 2016-12-30 17:27 - 00000000 ____D C:\ProgramData\VMware
2017-02-22 01:41 - 2016-12-27 10:14 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-22 01:41 - 2016-12-27 08:41 - 00860064 _____ C:\Windows\System32\FNTCACHE.DAT
2017-02-22 01:41 - 2016-12-27 08:41 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-21 13:46 - 2016-12-27 08:49 - 00000000 ____D C:\users\MIRKOSOFT
2017-02-21 13:42 - 2016-12-27 09:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-20 11:25 - 2016-12-30 17:33 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\VMware
2017-02-20 11:25 - 2016-12-30 17:33 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\VMware
2017-02-18 14:05 - 2016-12-31 11:36 - 00000000 ____D C:\users\DefaultAppPool
2017-02-18 12:23 - 2016-12-30 18:14 - 00000000 ____D C:\Users\MIRKOSOFT\.VirtualBox
2017-02-17 10:41 - 2016-12-29 00:04 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\xemu-lgb
2017-02-14 20:16 - 2016-12-29 13:13 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\LangSoft
2017-02-13 17:21 - 2016-07-16 12:47 - 00000000 __RSD C:\Windows\Media
2017-02-13 17:12 - 2017-01-06 02:38 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\ElevatedDiagnostics
2017-02-13 10:49 - 2016-12-27 16:34 - 00000000 ____D C:\temp
2017-02-12 23:13 - 2016-12-27 20:17 - 00539931 _____ C:\Windows\KickAss.jar
2017-02-12 14:56 - 2017-01-07 00:09 - 08144176 _____ C:\Windows\PE_Rom.dll
2017-02-12 14:42 - 2017-01-10 21:55 - 1686591510 _____ C:\Windows\MEMORY.DMP
2017-02-12 14:42 - 2017-01-10 21:55 - 00000000 ____D C:\Windows\Minidump
2017-02-10 23:36 - 2016-07-16 07:04 - 00524288 _____ C:\Windows\System32\config\BBI
2017-02-08 17:10 - 2017-01-01 20:57 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\MEGAsync
2017-02-08 17:07 - 2017-01-01 21:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-08 17:02 - 2016-12-27 10:39 - 00004004 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-02-08 16:59 - 2017-01-06 01:48 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\Imagine
2017-02-08 16:59 - 2016-12-31 18:47 - 00000000 ____D C:\ProgramData\ClassicShell
2017-02-08 16:59 - 2016-12-28 06:39 - 00000000 ____D C:\users\.NET v4.5 Classic
2017-02-08 16:59 - 2016-12-28 06:39 - 00000000 ____D C:\users\.NET v4.5
2017-02-08 16:59 - 2016-12-27 23:57 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Mailbird
2017-02-08 16:59 - 2016-12-27 16:12 - 00000000 ____D C:\Program Files (x86)\Clover
2017-02-08 16:59 - 2016-12-27 09:57 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\cFos
2017-02-08 16:59 - 2016-12-27 09:50 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\AO Link
2017-02-08 16:59 - 2016-12-27 08:47 - 00000000 ____D C:\users\defaultuser0
2017-02-08 16:53 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\registration
2017-02-07 11:00 - 2017-01-09 01:09 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-06 20:48 - 2016-12-27 19:20 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-12-27 19:20 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 03:22 - 2016-12-27 16:32 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Stardock_Corporation
2017-02-04 22:45 - 2016-12-27 15:39 - 00368984 _____ C:\Windows\System32\perfh01B.dat
2017-02-04 22:45 - 2016-12-27 15:39 - 00118572 _____ C:\Windows\System32\perfc01B.dat
2017-02-04 22:45 - 2016-12-27 08:52 - 01695606 _____ C:\Windows\System32\PerfStringBackup.INI
2017-02-04 11:17 - 2016-12-27 08:50 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Packages
2017-02-03 00:53 - 2016-12-27 16:28 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Local\Apps\2.0
2017-01-24 02:39 - 2016-12-27 23:57 - 00000000 ____D C:\Users\MIRKOSOFT\AppData\Roaming\Mailbird
2017-01-24 02:39 - 2016-12-27 23:57 - 00000000 ____D C:\Program Files (x86)\Mailbird

Some files in TEMP:
====================
2017-02-16 11:42 - 2017-02-16 11:42 - 0147456 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\DevSetup32.dll
2017-02-16 11:42 - 2017-02-16 11:42 - 0151552 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\DevSetup64.dll
2017-02-16 11:42 - 2017-02-16 11:42 - 0094208 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\DriverInstall32.exe
2017-02-16 11:42 - 2017-02-16 11:42 - 0094208 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\DriverInstall64.exe
2017-02-16 11:42 - 2017-02-16 11:42 - 0016384 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\KillProcess.exe
2017-02-18 13:21 - 2016-01-21 16:25 - 0004608 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\MinimizedPreview7Sidebar.exe
2017-02-18 12:52 - 2017-02-18 12:52 - 0040448 ____N () C:\Users\MIRKOSOFT\AppData\Local\Temp\proxy_vole3546226289449258931.dll
2017-02-18 12:52 - 2017-02-18 12:52 - 0040448 ____N () C:\Users\MIRKOSOFT\AppData\Local\Temp\proxy_vole6263668175531038176.dll
2017-02-18 12:52 - 2017-02-18 12:52 - 0040448 ____N () C:\Users\MIRKOSOFT\AppData\Local\Temp\proxy_vole678499167258400493.dll
2016-12-27 10:10 - 2012-11-13 06:51 - 0227896 ____N (MSI) C:\Users\MIRKOSOFT\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
2017-02-18 13:21 - 2015-10-29 01:56 - 0056320 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\Sidebar7Hook32.dll
2017-02-06 16:36 - 2017-02-06 16:36 - 0008704 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\xeuzma2y.dll

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2017-01-10 21:47] - [2016-12-14 05:24] - 0673792 ____A (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE

C:\Windows\System32\wininit.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0304240 ____A (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70

C:\Windows\explorer.exe
[2016-12-27 16:53] - [2016-11-11 10:56] - 4673304 ____A (Microsoft Corporation) 4E10FB1A015B49AC68F76C1A3F4D9C0F

C:\Windows\SysWOW64\explorer.exe
[2016-12-27 17:01] - [2016-11-11 08:41] - 4311736 ____A (Microsoft Corporation) AF46710DDB8B0E304AA4FD2B940CABD8

C:\Windows\System32\svchost.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0044496 ____A (Microsoft Corporation) 36F670D89040709013F6A460176767EC

C:\Windows\SysWOW64\svchost.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0038792 ____A (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B

C:\Windows\System32\services.exe
[2016-12-27 16:54] - [2016-11-11 10:51] - 0454592 ____A (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31

C:\Windows\System32\User32.dll
[2016-12-27 16:54] - [2016-12-09 11:10] - 1461200 ____A (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26

C:\Windows\SysWOW64\User32.dll
[2016-12-27 17:02] - [2016-12-09 10:52] - 1435896 ____A (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B

C:\Windows\System32\userinit.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0033280 ____A (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69

C:\Windows\SysWOW64\userinit.exe
[2016-07-16 12:42] - [2016-07-16 12:42] - 0027648 ____A (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B

C:\Windows\System32\rpcss.dll
[2016-07-16 12:42] - [2016-07-16 12:42] - 0888320 ____A (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6

C:\Windows\System32\dnsapi.dll
[2016-12-27 16:53] - [2016-09-15 18:30] - 0646136 ____A (Microsoft Corporation) 96B8A433F6407DE34850927C96C6CE9B

C:\Windows\SysWOW64\dnsapi.dll
[2016-12-27 17:01] - [2016-09-15 18:37] - 0496872 ____A (Microsoft Corporation) 227CFE3EDA82029AAC1C088A16297CD7

C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 12:42] - [2016-07-16 12:42] - 0391520 ____A (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230

==================== Association (Whitelisted) =============

==================== Restore Points =========================

Restore point date: 2017-02-13 17:58
Restore point date: 2017-02-15 03:30
Restore point date: 2017-02-16 10:44
Restore point date: 2017-02-16 10:59
Restore point date: 2017-02-16 12:01
Restore point date: 2017-02-18 13:24
Restore point date: 2017-02-18 20:20
Restore point date: 2017-02-19 02:56
Restore point date: 2017-02-20 03:38
Restore point date: 2017-02-20 19:04
Restore point date: 2017-02-21 01:10
Restore point date: 2017-02-22 02:01
Restore point date: 2017-02-22 04:33
Restore point date: 2017-02-22 22:39

==================== Memory info ===========================

Percentage of memory in use: 5%
Total physical RAM: 20075.8 MB
Available physical RAM: 19058.14 MB
Total Virtual: 20075.8 MB
Available Virtual: 19096.05 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:173.82 GB) (Free:25.18 GB) NTFS
Drive d: (DOWNLOADS) (Fixed) (Total:78.12 GB) (Free:7.67 GB) NTFS
Drive e: (FPGA) (Fixed) (Total:195.31 GB) (Free:174.91 GB) NTFS
Drive f: (APPLE) (Fixed) (Total:97.66 GB) (Free:77.38 GB) NTFS
Drive g: (MULTIMEDIA) (Fixed) (Total:1487.72 GB) (Free:111.89 GB) NTFS
Drive h: (EMULATORY) (Fixed) (Total:434.03 GB) (Free:164.52 GB) NTFS
Drive i: (MIRKOSOFT) (Fixed) (Total:197.86 GB) (Free:145.27 GB) NTFS
Drive j: (DATA) (Fixed) (Total:1231.12 GB) (Free:150.34 GB) NTFS
Drive k: (VM) (Fixed) (Total:24.41 GB) (Free:22.6 GB) NTFS
Drive l: (VIRTUAL) (Fixed) (Total:732.73 GB) (Free:115.37 GB) NTFS
Drive n: (TRUE BACKUP) (Fixed) (Total:2654.38 GB) (Free:1130.93 GB) NTFS
Drive o: (TEMP BACKUP) (Fixed) (Total:140.13 GB) (Free:131.61 GB) NTFS
Drive p: (Win10PEx64Redstone) (CDROM) (Total:4.33 GB) (Free:0 GB) UDF
Drive q: (Obnovenie) (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
Drive y: (CBM HDD) (Fixed) (Total:4.18 GB) (Free:4.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 54712540)

Partition: GPT.

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 5510F0BA)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 5915727A)

Partition: GPT.

========================================================
Disk: 3 (Size: 2794.5 GB) (Disk ID: 53B5E8D6)

Partition: GPT.

LastRegBack: 2017-02-17 10:46

==================== End of FRST.txt ============================

Malnutrition · Feb 23, 2017

Have you tried last known good configuration?
If not go ahead and attempt that prior to running the fix.
Also, what is the name of the software - hardware you used that caused the issue?

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Code:

LastRegBack: 2017-02-17 10:4

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

On Vista or Windows 7: Now please enter System Recovery Options.

On Windows XP: Now please boot into the PE (Preinstallation Environment) disk.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

MIRKOSOFT · Feb 23, 2017

Last known good configuration in Windows 10 and earlier 8/8.1 doesn't exists!
I'm going try this.

Miro

MIRKOSOFT · Feb 23, 2017

So, I did it.
In log are succesful results, attached.
Device model "Aten USB2.0 221A" 2 port switch.
Miro

Malnutrition · Feb 23, 2017

So are you able to boot now?

MIRKOSOFT · Feb 23, 2017

Tried... after posting reply - same like always...
How it looks?

Miro

Malnutrition · Feb 23, 2017

What is the name of the software - hardware you used that caused the issue? I will search for that name in the logs, and remove anything related to it with FRST.

MIRKOSOFT · Feb 23, 2017

hardware (2-port USB2.0 switch) Aten USB2.0 221A
software/driver installation began Windows automatically at connection, but finished not 'cause Windows crash.
Miro

Malnutrition · Feb 23, 2017

Alright, lets try the earliest restore point then we will move onto removing files if needed...
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Code:

Restore point date: 2017-02-13 17:5

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

On Vista or Windows 7: Now please enter System Recovery Options.

On Windows XP: Now please boot into the PE (Preinstallation Environment) disk.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

MIRKOSOFT · Feb 23, 2017

Please wait any time, I'm not at computer, when I'll be back then do it and reply.
Miro

Malnutrition · Feb 23, 2017

MIRKOSOFT said:
Please wait any time, I'm not at computer, when I'll be back then do it and reply.

?? I posted instructions, do them when you wish today tomorrow... :thumbsup:

MIRKOSOFT · Feb 23, 2017

So, did it = problem found.. see log.
I was confused with time of restore point 17:5
I mean there is missing one digit.
Miro

Malnutrition · Feb 23, 2017

Sorry, please run this....

Restore point date: 2017-02-13 17:58

Malnutrition · Feb 23, 2017

If that one fails, here is your new fix.

Code:

SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No File
ShortcutTarget: AHKstart.exe.lnk -> D:\Commodore\Commodore 128\VICE NEW\KeyboardDriver\HotKey\AHKstart\AHKstart.exe (No File)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Coolbarz.lnk [2017-01-05]
ShortcutTarget: Coolbarz.lnk -> (No File)
Startup: C:\Users\MIRKOSOFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar315.lnk [2017-02-22]
ShortcutTarget: Sidebar315.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShortcutTarget: Super Finder XT.lnk -> (No File)
GroupPolicy: Restriction <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-16 11:42 - 2017-02-16 11:42 - 0147456 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\DevSetup32.dll
2017-02-16 11:42 - 2017-02-16 11:42 - 0151552 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\DevSetup64.dll
2017-02-16 11:42 - 2017-02-16 11:42 - 0094208 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\DriverInstall32.exe
2017-02-16 11:42 - 2017-02-16 11:42 - 0094208 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\DriverInstall64.exe
2017-02-16 11:42 - 2017-02-16 11:42 - 0016384 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\KillProcess.exe
2017-02-18 13:21 - 2016-01-21 16:25 - 0004608 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\MinimizedPreview7Sidebar.exe
2017-02-18 12:52 - 2017-02-18 12:52 - 0040448 ____N () C:\Users\MIRKOSOFT\AppData\Local\Temp\proxy_vole3546226289449258931.dll
2017-02-18 12:52 - 2017-02-18 12:52 - 0040448 ____N () C:\Users\MIRKOSOFT\AppData\Local\Temp\proxy_vole6263668175531038176.dll
2017-02-18 12:52 - 2017-02-18 12:52 - 0040448 ____N () C:\Users\MIRKOSOFT\AppData\Local\Temp\proxy_vole678499167258400493.dll
2016-12-27 10:10 - 2012-11-13 06:51 - 0227896 ____N (MSI) C:\Users\MIRKOSOFT\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
2017-02-18 13:21 - 2015-10-29 01:56 - 0056320 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\Sidebar7Hook32.dll
2017-02-06 16:36 - 2017-02-06 16:36 - 0008704 _____ () C:\Users\MIRKOSOFT\AppData\Local\Temp\xeuzma2y.dll

Malnutrition · Feb 23, 2017

If the above fails, then lets repair the MBR...

Download the Ultimate Boot CD for windows.
Or the FalconFour CD
Start the video below at 53 minutes.
Follow the instructions for using the Ultimate Boot CD.
Run the Fix HDC Hard Drive Controller fix...

MIRKOSOFT · Feb 23, 2017

Restore point failed, second fix looks success, but boot failed.
Before I decide to follow video or reinstall Windows - sure you're asking why - I had great tuned OS and after these fixes will be need big fix if will run, or not?
Please look at last log - attached are both - restore point and then last.
OS always crashes.

Miro

Malnutrition · Feb 23, 2017

Make a new scan with FRST and make sure the items are ticked the same as the picture below.

MIRKOSOFT

Attachments

Malnutrition

Malnurished Mod

MIRKOSOFT

Attachments

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

MIRKOSOFT

MIRKOSOFT

Attachments

Malnutrition

Malnurished Mod

MIRKOSOFT

Malnutrition

Malnurished Mod

MIRKOSOFT

Malnutrition

Malnurished Mod

MIRKOSOFT

Malnutrition

Malnurished Mod

MIRKOSOFT

Attachments

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

MIRKOSOFT

Attachments

Malnutrition

Malnurished Mod

Search

Search

Solved Boot crash, even to safe mode - exception in log - please help me