Hi guys. . .
I have been having problems for a few weeks now involving a nasty infection that causes rather small ads to appear on the bottom-right of my screen, then they stack up one on top of the other; as I close each ad, another takes its place and this just goes on and on, but then it eventually lets up after 10-15 minutes and I have control of my system back for a while, until the process begins all over again.
Yesterday, I did a registry search and ended up deleting dozens of binary registry keys; all went well and the ads stopped.
Registry search info - Malware/Virus - Ads - Windows 8.1 x64
Then, this afternoon, I was hit by a BSOD (while the system was idle - I was out of the room when it hit) that named my anti-virus as the probable cause - ESET NOD32. I use it and the Windows Firewall for protection and this combo has served me well for many years.
In general, I don't believe in coincidences and in this case, it just seems uncanny that while trying to get rid of the virus/malware that has infected my system, I end up being hit by a BSOD that names ESET NOD32 anti-virus as the probable cause. I know that it's very well possible that this all is just what it looks like, but I get the feeling that ESET stumbled onto something which ended up bringing my system crashing down.
It started innocent enough earlier today -- I left my room/system for about 30 minutes and upon return found my system at the logon screen. I immediately suspected a BSOD and quickly determined that I was right.
The bugcheck -
Bugcheck 0xc2 (0x7,,,) information -
Probable cause bugcheck text: A driver attempted to free memory that was already freed.
The probable cause - ESET NOD32 anti-virus:
ESET driver information from the DRT - Driver Reference Table (DRT) | eamonm.sys
SysnativeFileCollectionApp.zip is attached. So far, only 1 BSOD has occurred today.
Zipped FULL Kernel Memory Dump uploaded to Sysnative servers - 364.1 MB - https://www.sysnative.com/jcgriff2/dumps/MEMORY.dmp_jcgriff2_06-29-2019_T12-14-20.zip
Going through my ESET installation, I believe that I'm running ESET NOD32 version 12.1.34.0
The only info that I've been able to find about my current ESET installation is this page, which seems worthless (at least when trying to match up version numbers) -
As you can see, it appears that 2 modules were updated today. These two updates seem to coincide with the BSODs. I'm looking for a timestamp as to when exactly these modules were updated, to make sure that both were updated before the BSOD before I label one or both as the probable cause of the so-far lone BSOD.
I'm rather fixated on version number(s) at the moment as it may be the case that I'm running an outdated ESET NOD32. It is possible, but rather unlikely based on the fact that at least 20 ESET modules have been updated so far in 2019 alone (the entire "installed components" page is not visible to you in the above screenshot, but most of it is). 20 updates represent a simple manual count of all modules with a 2019 timestamp on them.
Updating the ESET NOD32 program installation would be my first course of corrective action here as I do believe that this BSOD was caused by software and not by unknown hardware failure.
Anyone have ay comments or conclusions?
ALL help is greatly appreciated.
Thank you,
John
EDIT:
My Security thread with Corrine - Malware/Virus - Ads - Windows 8.1 x64
jcgriff2 - BSOD - Windbg Log
Informational Use Only - "STRINGS" from Process Explorer for the execution of the jcgriff2/Sysnative BSOD File and Dump Collection App -
I have been having problems for a few weeks now involving a nasty infection that causes rather small ads to appear on the bottom-right of my screen, then they stack up one on top of the other; as I close each ad, another takes its place and this just goes on and on, but then it eventually lets up after 10-15 minutes and I have control of my system back for a while, until the process begins all over again.
Yesterday, I did a registry search and ended up deleting dozens of binary registry keys; all went well and the ads stopped.
Registry search info - Malware/Virus - Ads - Windows 8.1 x64
Then, this afternoon, I was hit by a BSOD (while the system was idle - I was out of the room when it hit) that named my anti-virus as the probable cause - ESET NOD32. I use it and the Windows Firewall for protection and this combo has served me well for many years.
In general, I don't believe in coincidences and in this case, it just seems uncanny that while trying to get rid of the virus/malware that has infected my system, I end up being hit by a BSOD that names ESET NOD32 anti-virus as the probable cause. I know that it's very well possible that this all is just what it looks like, but I get the feeling that ESET stumbled onto something which ended up bringing my system crashing down.
It started innocent enough earlier today -- I left my room/system for about 30 minutes and upon return found my system at the logon screen. I immediately suspected a BSOD and quickly determined that I was right.
The bugcheck -
Rich (BB code):
BugCheck 0xc2, {0x7, 0x1200, 0x4230017, 0xffffe00188de5de0}Bugcheck 0xc2 (0x7,,,) information -
Probable cause bugcheck text: A driver attempted to free memory that was already freed.
The probable cause - ESET NOD32 anti-virus:
Code:
eamonm.sys Thu Jan 10 22:18:47 2019 (5C383547)SysnativeFileCollectionApp.zip is attached. So far, only 1 BSOD has occurred today.
Zipped FULL Kernel Memory Dump uploaded to Sysnative servers - 364.1 MB - https://www.sysnative.com/jcgriff2/dumps/MEMORY.dmp_jcgriff2_06-29-2019_T12-14-20.zip
Going through my ESET installation, I believe that I'm running ESET NOD32 version 12.1.34.0
The only info that I've been able to find about my current ESET installation is this page, which seems worthless (at least when trying to match up version numbers) -
As you can see, it appears that 2 modules were updated today. These two updates seem to coincide with the BSODs. I'm looking for a timestamp as to when exactly these modules were updated, to make sure that both were updated before the BSOD before I label one or both as the probable cause of the so-far lone BSOD.
I'm rather fixated on version number(s) at the moment as it may be the case that I'm running an outdated ESET NOD32. It is possible, but rather unlikely based on the fact that at least 20 ESET modules have been updated so far in 2019 alone (the entire "installed components" page is not visible to you in the above screenshot, but most of it is). 20 updates represent a simple manual count of all modules with a 2019 timestamp on them.
Updating the ESET NOD32 program installation would be my first course of corrective action here as I do believe that this BSOD was caused by software and not by unknown hardware failure.
Anyone have ay comments or conclusions?
ALL help is greatly appreciated.
Thank you,
John
EDIT:
My Security thread with Corrine - Malware/Virus - Ads - Windows 8.1 x64
jcgriff2 - BSOD - Windbg Log
Code:
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\062919-49171-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8.1 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.19377.amd64fre.winblue_ltsb_escrow.190524-1500
Machine Name:
Kernel base = 0xfffff800`7660e000 PsLoadedModuleList = 0xfffff800`768d2570
Debug session time: Sat Jun 29 12:12:50.925 2019 (UTC - 4:00)
System Uptime: 1 days 18:48:06.722
Loading Kernel Symbols
...............................................................
................................................................
..........................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {7, 1200, 4230017, ffffe00188de5de0}
*** WARNING: Unable to verify timestamp for eamonm.sys
*** ERROR: Module load completed but symbols could not be loaded for eamonm.sys
GetUlongPtrFromAddress: unable to read from fffff8007695c2a8
GetUlongPtrFromAddress: unable to read from fffff8007695c530
unable to get nt!ExpHeapBackedPoolEnabledState
Probably caused by : eamonm.sys ( eamonm+6c03 )
Followup: MachineOwner
---------
Processing initial command '!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck'
2: kd> !analyze -v;r;kv;lmtn;lmtsmn;.bugcheck
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000007, Attempt to free pool which was already freed
Arg2: 0000000000001200, Pool tag value from the pool header
Arg3: 0000000004230017, Contents of the first 4 bytes of the pool header
Arg4: ffffe00188de5de0, Address of the block of pool being deallocated
Debugging Details:
------------------
GetUlongPtrFromAddress: unable to read from fffff8007695c2a8
GetUlongPtrFromAddress: unable to read from fffff8007695c530
KEY_VALUES_STRING: 1
STACKHASH_ANALYSIS: 1
TIMELINE_ANALYSIS: 1
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 9600.19377.amd64fre.winblue_ltsb_escrow.190524-1500
SYSTEM_MANUFACTURER: Hewlett-Packard
SYSTEM_PRODUCT_NAME: HP ENVY TS 17 Notebook PC
SYSTEM_SKU: E8A04UA#ABA
SYSTEM_VERSION: 097E110000405E00000620100
BIOS_VENDOR: Insyde
BIOS_VERSION: F.70
BIOS_DATE: 10/20/2017
BASEBOARD_MANUFACTURER: Hewlett-Packard
BASEBOARD_PRODUCT: 1965
BASEBOARD_VERSION: KBC Version 93.52
DUMP_TYPE: 2
BUGCHECK_P1: 7
BUGCHECK_P2: 1200
BUGCHECK_P3: 4230017
BUGCHECK_P4: ffffe00188de5de0
POOL_ADDRESS: GetUlongPtrFromAddress: unable to read from fffff8007695c2a8
GetUlongPtrFromAddress: unable to read from fffff8007695c530
ffffe00188de5de0 Nonpaged pool
FREED_POOL_TAG: Amon
BUGCHECK_STR: 0xc2_7_Amon
CPU_COUNT: 8
CPU_MHZ: 95a
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1C'00000000 (cache) 1C'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: TiWorker.exe
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: SYSNATIVEFORUMS
ANALYSIS_SESSION_TIME: 06-29-2019 12:40:21.0907
ANALYSIS_VERSION: 10.0.17763.132 amd64fre
LAST_CONTROL_TRANSFER: from fffff8007689ab68 to fffff8007674e3a0
STACK_TEXT:
ffffd000`2661cd08 fffff800`7689ab68 : 00000000`000000c2 00000000`00000007 00000000`00001200 00000000`04230017 : nt!KeBugCheckEx
ffffd000`2661cd10 fffff800`c5606c03 : 00000000`00000000 ffffd000`2661ce39 ffffe001`00000000 ffffd000`00000023 : nt!ExFreePoolWithTag+0xb68
ffffd000`2661cdb0 00000000`00000000 : ffffd000`2661ce39 ffffe001`00000000 ffffd000`00000023 ffffd000`2661cee8 : eamonm+0x6c03
THREAD_SHA1_HASH_MOD_FUNC: f5be9a9311cf75fdd7621194108347e8ff77502a
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 24bc27a610636e1c1be6bb907046d55272a726c9
THREAD_SHA1_HASH_MOD: 3b59b46bdd64caa44017fab56df10565ea96558d
FOLLOWUP_IP:
eamonm+6c03
fffff800`c5606c03 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: eamonm+6c03
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: eamonm
IMAGE_NAME: eamonm.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5c383547
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 6c03
FAILURE_BUCKET_ID: 0xc2_7_Amon_eamonm!unknown_function
BUCKET_ID: 0xc2_7_Amon_eamonm!unknown_function
PRIMARY_PROBLEM_CLASS: 0xc2_7_Amon_eamonm!unknown_function
TARGET_TIME: 2019-06-29T16:12:50.000Z
OSBUILD: 9600
OSSERVICEPACK: 19377
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 784
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS Personal
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2019-05-24 20:00:40
BUILDDATESTAMP_STR: 190524-1500
BUILDLAB_STR: winblue_ltsb_escrow
BUILDOSVER_STR: 6.3.9600.19377.amd64fre.winblue_ltsb_escrow.190524-1500
ANALYSIS_SESSION_ELAPSED_TIME: 426
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xc2_7_amon_eamonm!unknown_function
FAILURE_ID_HASH: {a6cf2b73-5497-de5c-fa4c-d687b0598e8e}
Followup: MachineOwner
---------
rax=0000000000000423 rbx=ffffe00188de5dd0 rcx=00000000000000c2
rdx=0000000000000007 rsi=ffffe0018857ebd8 rdi=ffffe00188de5de0
rip=fffff8007674e3a0 rsp=ffffd0002661cd08 rbp=ffffd0002661ce39
r8=0000000000001200 r9=0000000004230017 r10=ffffe0018be7fdc0
r11=ffffe0018ed05640 r12=0000000000000000 r13=0000000000000004
r14=0000000000000001 r15=0000000000000023
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000246
nt!KeBugCheckEx:
fffff800`7674e3a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffd000`2661cd10=00000000000000c2
# Child-SP RetAddr : Args to Child : Call Site
00 ffffd000`2661cd08 fffff800`7689ab68 : 00000000`000000c2 00000000`00000007 00000000`00001200 00000000`04230017 : nt!KeBugCheckEx
01 ffffd000`2661cd10 fffff800`c5606c03 : 00000000`00000000 ffffd000`2661ce39 ffffe001`00000000 ffffd000`00000023 : nt!ExFreePoolWithTag+0xb68
02 ffffd000`2661cdb0 00000000`00000000 : ffffd000`2661ce39 ffffe001`00000000 ffffd000`00000023 ffffd000`2661cee8 : eamonm+0x6c03
start end module name
fffff800`7368e000 fffff800`73697000 kd kd.dll Thu Aug 22 04:40:43 2013 (5215F8BB)
fffff800`7660e000 fffff800`76d8b000 nt ntkrnlmp.exe Fri May 24 17:00:40 2019 (5CE885A8)
fffff800`76d8b000 fffff800`76dfa000 hal hal.dll Fri Mar 9 06:53:04 2018 (5AA29FD0)
fffff800`c3e00000 fffff800`c3e15000 PSHED PSHED.dll Sat Sep 14 06:57:19 2013 (52346B3F)
fffff800`c3e15000 fffff800`c3e1f000 BOOTVID BOOTVID.dll Thu Aug 22 04:40:26 2013 (5215F8AA)
fffff800`c3e1f000 fffff800`c3e2a000 cmimcext cmimcext.sys Sun Oct 9 07:08:50 2016 (57FA4F72)
fffff800`c3e2a000 fffff800`c3eb2000 CI CI.dll Sat May 12 12:39:45 2018 (5AF74301)
fffff800`c3edf000 fffff800`c3f6a000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon May 11 11:19:50 2015 (5550F2C6)
fffff800`c3f6a000 fffff800`c3f78000 werkernel werkernel.sys Thu Aug 22 04:40:24 2013 (5215F8A8)
fffff800`c3f78000 fffff800`c3fda000 CLFS CLFS.SYS Sat May 11 09:51:59 2019 (5CD6FDAF)
fffff800`c3fda000 fffff800`c3ffc000 tm tm.sys Thu Dec 6 11:34:36 2018 (5C0979CC)
fffff800`c4000000 fffff800`c4088000 ACPI ACPI.sys Sat Feb 10 08:02:05 2018 (5A7F177D)
fffff800`c4088000 fffff800`c4092000 WMILIB WMILIB.SYS Thu Aug 22 04:40:23 2013 (5215F8A7)
fffff800`c40a0000 fffff800`c40fb000 msrpc msrpc.sys Sat Nov 10 09:46:09 2018 (5BE71961)
fffff800`c40fb000 fffff800`c41ca000 Wdf01000 Wdf01000.sys Thu Aug 22 04:38:56 2013 (5215F850)
fffff800`c41ca000 fffff800`c41db000 WDFLDR WDFLDR.SYS Thu Aug 22 04:39:03 2013 (5215F857)
fffff800`c41db000 fffff800`c41f3000 acpiex acpiex.sys Thu Aug 22 04:37:47 2013 (5215F80B)
fffff800`c41f3000 fffff800`c41fe000 WppRecorder WppRecorder.sys Thu Aug 22 04:39:40 2013 (5215F87C)
fffff800`c4240000 fffff800`c42cd000 cng cng.sys Sat May 12 12:39:45 2018 (5AF74301)
fffff800`c42e4000 fffff800`c42ee000 msisadrv msisadrv.sys Sat Feb 10 09:52:14 2018 (5A7F314E)
fffff800`c42ee000 fffff800`c4334000 pci pci.sys Sat Feb 10 09:51:52 2018 (5A7F3138)
fffff800`c4334000 fffff800`c4341000 vdrvroot vdrvroot.sys Thu Aug 22 04:38:49 2013 (5215F849)
fffff800`c4341000 fffff800`c435d000 pdc pdc.sys Wed Jul 5 23:19:51 2017 (595DD687)
fffff800`c435d000 fffff800`c4375000 partmgr partmgr.sys Wed Oct 8 00:34:42 2014 (5434E912)
fffff800`c4375000 fffff800`c43e0000 spaceport spaceport.sys Tue Jan 10 14:37:47 2017 (5875623B)
fffff800`c43e0000 fffff800`c43f6000 volmgr volmgr.sys Sat Apr 9 14:31:30 2016 (570974B2)
fffff800`c4400000 fffff800`c4495000 fvevol fvevol.sys Mon May 14 21:15:51 2018 (5AFA5EF7)
fffff800`c4495000 fffff800`c44b3000 intelppm intelppm.sys Wed Jun 20 09:58:06 2018 (5B2A879E)
fffff800`c44cd000 fffff800`c452c000 volmgrx volmgrx.sys Fri Jul 7 07:19:15 2017 (595F9863)
fffff800`c452c000 fffff800`c4547000 mountmgr mountmgr.sys Sat May 6 11:34:28 2017 (590E1734)
fffff800`c4547000 fffff800`c458f000 WdFilter WdFilter.sys Mon Nov 14 20:52:54 2016 (582A94A6)
fffff800`c458f000 fffff800`c45c0000 ksecpkg ksecpkg.sys Thu Apr 4 11:07:26 2019 (5CA647DE)
fffff800`c4600000 fffff800`c4661000 storport storport.sys Sun Sep 17 11:52:55 2017 (59BEC487)
fffff800`c4661000 fffff800`c467b000 EhStorClass EhStorClass.sys Thu Aug 22 04:38:15 2013 (5215F827)
fffff800`c467b000 fffff800`c46d7000 fltmgr fltmgr.sys Mon Jan 1 21:40:16 2018 (5A4B1B40)
fffff800`c46d7000 fffff800`c46ed000 fileinfo fileinfo.sys Sat Feb 22 04:13:10 2014 (53089456)
fffff800`c46ed000 fffff800`c49a7000 iaStorA iaStorA.sys Fri Aug 16 10:22:01 2013 (520E5FB9)
fffff800`c49a7000 fffff800`c49d2000 Wof Wof.sys Thu Mar 13 01:27:29 2014 (53216BF1)
fffff800`c49d2000 fffff800`c49ee000 disk disk.sys Thu Jul 6 01:55:00 2017 (595DFAE4)
fffff800`c4a1a000 fffff800`c4c12000 Ntfs Ntfs.sys Fri May 24 16:57:57 2019 (5CE88505)
fffff800`c4c12000 fffff800`c4c2e000 ksecdd ksecdd.sys Sat Aug 20 18:04:14 2016 (57B8FE0E)
fffff800`c4c2e000 fffff800`c4c3e000 pcw pcw.sys Thu Aug 22 01:46:34 2013 (5215CFEA)
fffff800`c4c3e000 fffff800`c4c49000 Fs_Rec Fs_Rec.sys Thu Aug 22 01:46:33 2013 (5215CFE9)
fffff800`c4c49000 fffff800`c4d60000 ndis ndis.sys Sat Jun 30 09:48:29 2018 (5B37B45D)
fffff800`c4d60000 fffff800`c4dd7000 NETIO NETIO.SYS Sat May 27 11:29:31 2017 (5929C58B)
fffff800`c4dd7000 fffff800`c4de6000 intelpep intelpep.sys Tue Oct 14 23:29:44 2014 (543E1458)
fffff800`c4e00000 fffff800`c4e51000 volsnap volsnap.sys Fri Mar 11 06:44:06 2016 (56E2D9B6)
fffff800`c4e51000 fffff800`c4e71000 mup mup.sys Wed Apr 6 11:22:23 2016 (570553DF)
fffff800`c4e7b000 fffff800`c50df000 tcpip tcpip.sys Wed Apr 24 10:11:52 2019 (5CC098D8)
fffff800`c50df000 fffff800`c514b000 fwpkclnt fwpkclnt.sys Thu May 24 06:38:35 2018 (5B06C05B)
fffff800`c514b000 fffff800`c5170000 wfplwfs wfplwfs.sys Thu Apr 4 11:07:05 2019 (5CA647C9)
fffff800`c5170000 fffff800`c517b000 hpdskflt hpdskflt.sys Fri Jun 5 10:59:15 2015 (5571E373)
fffff800`c517b000 fffff800`c51ba000 edevmon edevmon.sys Mon Jul 6 07:33:20 2015 (559A91B0)
fffff800`c51ba000 fffff800`c51fe000 rdyboost rdyboost.sys Mon Jan 1 21:39:40 2018 (5A4B1B1C)
fffff800`c5200000 fffff800`c526e000 rdbss rdbss.sys Mon Jan 1 21:38:59 2018 (5A4B1AF3)
fffff800`c526e000 fffff800`c5295000 dfsc dfsc.sys Mon Jan 1 21:38:50 2018 (5A4B1AEA)
fffff800`c5295000 fffff800`c52a6000 umbus umbus.sys Thu Aug 22 04:38:59 2013 (5215F853)
fffff800`c52b7000 fffff800`c530c000 CLASSPNP CLASSPNP.SYS Tue May 14 06:51:05 2019 (5CDAC7C9)
fffff800`c530c000 fffff800`c5316000 ambakdrv ambakdrv.sys Tue Dec 25 00:46:35 2012 (50D967EB)
fffff800`c5316000 fffff800`c532b000 crashdmp crashdmp.sys Thu Aug 22 04:40:03 2013 (5215F893)
fffff800`c5337000 fffff800`c5365000 em000k_64 em000k_64.dll Fri Jun 7 07:56:15 2019 (5CFA7B0F)
fffff800`c5365000 fffff800`c53a7000 em006_64 em006_64.dll Tue Mar 26 06:21:12 2019 (5C9A2748)
fffff800`c53a7000 fffff800`c53e5000 em018k_64 em018k_64.dll Mon Apr 29 01:55:56 2019 (5CC6BC1C)
fffff800`c5600000 fffff800`c568a000 eamonm eamonm.sys Thu Jan 10 22:18:47 2019 (5C383547)
fffff800`c568a000 fffff800`c5693000 Null Null.SYS Thu Aug 22 04:40:24 2013 (5215F8A8)
fffff800`c5693000 fffff800`c569b000 Beep Beep.SYS Thu Aug 22 04:40:24 2013 (5215F8A8)
fffff800`c569b000 fffff800`c56aa000 CompositeBus CompositeBus.sys Thu Aug 22 04:38:48 2013 (5215F848)
fffff800`c56aa000 fffff800`c56b5000 kdnic kdnic.sys Thu Aug 22 04:38:26 2013 (5215F832)
fffff800`c56b5000 fffff800`c596f000 dump_iaStorA dump_iaStorA.sys Fri Aug 16 10:22:01 2013 (520E5FB9)
fffff800`c5989000 fffff800`c59b8000 cdrom cdrom.sys Tue Dec 5 07:24:08 2017 (5A26BA18)
fffff800`c59b8000 fffff800`c59e5000 ehdrv ehdrv.sys Thu Jan 10 22:19:33 2019 (5C383575)
fffff800`c59e5000 fffff800`c59f2000 BasicRender BasicRender.sys Wed Nov 8 07:55:00 2017 (5A0328D4)
fffff800`c59f2000 fffff800`c59fd000 NdisVirtualBus NdisVirtualBus.sys Thu Aug 22 04:36:25 2013 (5215F7B9)
fffff800`c5a00000 fffff800`c5a2a000 pacer pacer.sys Mon Jan 1 21:37:59 2018 (5A4B1AB7)
fffff800`c5a2a000 fffff800`c5a42000 vwififlt vwififlt.sys Fri Aug 12 17:02:30 2016 (57AE6396)
fffff800`c5a42000 fffff800`c5a5f000 epfwwfp epfwwfp.sys Thu Jan 10 22:19:30 2019 (5C383572)
fffff800`c5a5f000 fffff800`c5a70000 netbios netbios.sys Mon Jan 1 21:39:30 2018 (5A4B1B12)
fffff800`c5a70000 fffff800`c5a89000 wanarp wanarp.sys Sat Dec 8 11:00:49 2018 (5C0C14E1)
fffff800`c5a89000 fffff800`c5a98000 nsiproxy nsiproxy.sys Sun Aug 13 10:19:15 2017 (59908A13)
fffff800`c5a98000 fffff800`c5aa4000 npsvctrig npsvctrig.sys Thu Aug 22 04:38:22 2013 (5215F82E)
fffff800`c5aac000 fffff800`c5c2a000 dxgkrnl dxgkrnl.sys Sat Oct 6 09:46:48 2018 (5BB8E6F8)
fffff800`c5c2a000 fffff800`c5c3c000 watchdog watchdog.sys Sat Feb 22 04:14:39 2014 (530894AF)
fffff800`c5c3c000 fffff800`c5c9f000 dxgmms1 dxgmms1.sys Sat Oct 6 09:46:35 2018 (5BB8E6EB)
fffff800`c5c9f000 fffff800`c5cb1000 BasicDisplay BasicDisplay.sys Thu Aug 22 04:39:31 2013 (5215F873)
fffff800`c5cb1000 fffff800`c5cc5000 Npfs Npfs.SYS Thu Feb 21 09:36:02 2019 (5C6EE182)
fffff800`c5cc5000 fffff800`c5cd1000 Msfs Msfs.SYS Wed Feb 6 11:32:06 2019 (5C5B3636)
fffff800`c5cd1000 fffff800`c5cf1000 tdx tdx.sys Tue Aug 1 20:17:15 2017 (5981443B)
fffff800`c5cf1000 fffff800`c5cff000 TDI TDI.SYS Thu Aug 22 04:39:01 2013 (5215F855)
fffff800`c5cff000 fffff800`c5d4a000 netbt netbt.sys Thu Feb 21 09:34:32 2019 (5C6EE128)
fffff800`c5d4a000 fffff800`c5dda000 afd afd.sys Wed Jan 10 06:48:05 2018 (5A5627A5)
fffff800`c5dda000 fffff800`c5de6000 mssmbios mssmbios.sys Thu Aug 22 04:39:41 2013 (5215F87D)
fffff800`c5de6000 fffff800`c5dff000 ahcache ahcache.sys Thu Mar 19 18:56:10 2015 (550B7E3A)
fffff800`c5e00000 fffff800`c5e11000 ISCTD64 ISCTD64.sys Tue Nov 27 11:52:34 2012 (50B51A02)
fffff800`c5e17000 fffff800`c622d000 igdkmd64 igdkmd64.sys Mon Sep 9 10:27:52 2013 (522E0518)
fffff800`c622d000 fffff800`c6246000 HDAudBus HDAudBus.sys Thu Jul 24 04:45:39 2014 (53D0F1E3)
fffff800`c6246000 fffff800`c629b000 USBXHCI USBXHCI.SYS Sat Apr 28 10:14:44 2018 (5AE4AC04)
fffff800`c629b000 fffff800`c62d4000 fastfat fastfat.SYS Sat Feb 9 09:49:13 2019 (5C5F1299)
fffff800`c62d4000 fffff800`c6305000 ucx01000 ucx01000.sys Sat Apr 28 10:14:49 2018 (5AE4AC09)
fffff800`c6305000 fffff800`c6339000 TeeDriverW8x64 TeeDriverW8x64.sys Mon Oct 2 23:21:38 2017 (59D32C72)
fffff800`c6339000 fffff800`c63bf000 SynTP SynTP.sys Thu Aug 1 17:51:42 2013 (51FB029E)
fffff800`c63bf000 fffff800`c63c9000 WirelessButtonDriver64 WirelessButtonDriver64.sys Tue Mar 8 01:19:53 2016 (56DE9939)
fffff800`c63c9000 fffff800`c63e8000 HIDCLASS HIDCLASS.SYS Fri May 13 16:08:24 2016 (57365E68)
fffff800`c63e8000 fffff800`c63f0080 HIDPARSE HIDPARSE.SYS Tue Mar 5 22:26:45 2019 (5C7F6825)
fffff800`c63f1000 fffff800`c63fb000 wmiacpi wmiacpi.sys Thu Aug 22 04:40:04 2013 (5215F894)
fffff800`c6400000 fffff800`c641f000 i8042prt i8042prt.sys Mon Nov 3 22:54:54 2014 (5458783E)
fffff800`c641f000 fffff800`c6429000 ikbevent ikbevent.sys Tue Aug 6 16:41:35 2013 (520189AF)
fffff800`c6429000 fffff800`c6435000 USBD USBD.SYS Sat Oct 10 11:41:42 2015 (56195BE6)
fffff800`c6435000 fffff800`c6447000 kbdclass kbdclass.sys Mon Nov 3 22:54:54 2014 (5458783E)
fffff800`c6447000 fffff800`c6452000 imsevent imsevent.sys Tue Aug 6 16:45:57 2013 (52018AB5)
fffff800`c6452000 fffff800`c6462000 mouclass mouclass.sys Mon Nov 3 22:54:47 2014 (54587837)
fffff800`c6462000 fffff800`c646f000 Smb_driver_Intel Smb_driver_Intel.sys Thu Aug 1 17:54:20 2013 (51FB033C)
fffff800`c646f000 fffff800`c647d000 Accelerometer Accelerometer.sys Fri Jun 5 10:59:09 2015 (5571E36D)
fffff800`c647d000 fffff800`c647e600 swenum swenum.sys Tue Oct 28 19:47:41 2014 (5450554D)
fffff800`c6480000 fffff800`c681e000 NETwbw02 NETwbw02.sys Tue Mar 26 07:48:19 2019 (5C9A3BB3)
fffff800`c681e000 fffff800`c682b000 vwifibus vwifibus.sys Fri Aug 12 17:03:08 2016 (57AE63BC)
fffff800`c682b000 fffff800`c6898000 RtsPer RtsPer.sys Wed Aug 21 00:23:24 2013 (52146AEC)
fffff800`c6898000 fffff800`c6964000 Rt630x64 Rt630x64.sys Fri Jul 26 00:01:35 2013 (51F21ECF)
fffff800`c6964000 fffff800`c697d000 usbehci usbehci.sys Fri Jan 8 10:22:38 2016 (568FFE6E)
fffff800`c697d000 fffff800`c69ec000 USBPORT USBPORT.SYS Sat Apr 28 10:15:57 2018 (5AE4AC4D)
fffff800`c69ec000 fffff800`c69f2380 CmBatt CmBatt.sys Thu Aug 22 04:39:43 2013 (5215F87F)
fffff800`c69f3000 fffff800`c69ff000 BATTC BATTC.SYS Thu Aug 22 04:40:04 2013 (5215F894)
fffff800`c6a00000 fffff800`c6a79000 UsbHub3 UsbHub3.sys Sat Oct 10 11:40:05 2015 (56195B85)
fffff800`c6ac1000 fffff800`c6b0d000 ks ks.sys Thu Aug 23 15:54:51 2018 (5B7F3B3B)
fffff800`c6b0d000 fffff800`c6b19000 iwdbus iwdbus.sys Wed Jul 24 18:06:12 2013 (51F07A04)
fffff800`c6b19000 fffff800`c6b24000 rdpbus rdpbus.sys Thu Aug 22 04:38:52 2013 (5215F84C)
fffff800`c6b24000 fffff800`c6b99000 usbhub usbhub.sys Fri Sep 1 12:03:39 2017 (59A9AF0B)
fffff800`c6c0b000 fffff800`c6c97000 stwrt64 stwrt64.sys Fri Aug 16 03:26:26 2013 (520DFE52)
fffff800`c6c97000 fffff800`c6cde000 portcls portcls.sys Tue Oct 28 19:46:35 2014 (5450550B)
fffff800`c6cde000 fffff800`c6cfa000 drmk drmk.sys Tue Oct 28 19:47:38 2014 (5450554A)
fffff800`c6cfa000 fffff800`c6cff300 ksthunk ksthunk.sys Thu Aug 22 04:39:31 2013 (5215F873)
fffff800`c6d00000 fffff800`c6d0c000 dump_diskdump dump_diskdump.sys Thu Aug 22 04:40:18 2013 (5215F8A2)
fffff800`c6d0c000 fffff800`c6d22000 dump_dumpfve dump_dumpfve.sys Sat Jun 18 11:32:42 2016 (576593CA)
fffff800`c6d78000 fffff800`c6dd3000 ibtusb ibtusb.sys Thu Jul 7 18:50:19 2016 (577F06DB)
fffff800`c6dd3000 fffff800`c6dec000 BTHUSB BTHUSB.sys Fri May 3 06:51:47 2019 (5CCC4773)
fffff800`c6e00000 fffff800`c6e10000 condrv condrv.sys Thu Aug 22 04:40:17 2013 (5215F8A1)
fffff800`c6e10000 fffff800`c6e37000 ammntdrv ammntdrv.sys Tue Dec 25 00:46:37 2012 (50D967ED)
fffff800`c6e37000 fffff800`c6e83000 mrxsmb10 mrxsmb10.sys Sat Feb 9 09:46:39 2019 (5C5F11FF)
fffff800`c6ef1000 fffff800`c701e000 bthport bthport.sys Fri May 3 06:34:43 2019 (5CCC4373)
fffff800`c701e000 fffff800`c7048000 usbccgp usbccgp.sys Fri Sep 1 12:03:22 2017 (59A9AEFA)
fffff800`c7048000 fffff800`c707bf00 usbvideo usbvideo.sys Sat Jun 21 00:33:39 2014 (53A53553)
fffff800`c707c000 fffff800`c708a000 hidusb hidusb.sys Fri May 13 16:08:13 2016 (57365E5D)
fffff800`c708a000 fffff800`c7097000 mouhid mouhid.sys Mon Nov 3 22:54:47 2014 (54587837)
fffff800`c7097000 fffff800`c70a1000 MTConfig MTConfig.sys Thu Aug 22 04:37:36 2013 (5215F800)
fffff800`c70a1000 fffff800`c70af000 monitor monitor.sys Thu Aug 22 04:36:37 2013 (5215F7C5)
fffff800`c70af000 fffff800`c70d4000 luafv luafv.sys Sat Mar 30 13:57:20 2019 (5C9FD830)
fffff800`c70d4000 fffff800`c70f5000 WudfPf WudfPf.sys Tue Oct 28 19:46:27 2014 (54505503)
fffff800`c70f5000 fffff800`c710e000 WinUsb WinUsb.sys Sat Oct 10 11:40:25 2015 (56195B99)
fffff800`c710e000 fffff800`c714b000 WUDFRd WUDFRd.sys Tue Oct 28 19:46:13 2014 (545054F5)
fffff800`c714b000 fffff800`c715f000 lltdio lltdio.sys Thu Aug 22 04:36:18 2013 (5215F7B2)
fffff800`c715f000 fffff800`c71d3000 nwifi nwifi.sys Mon Jan 1 21:38:07 2018 (5A4B1ABF)
fffff800`c71d3000 fffff800`c71e7000 ndisuio ndisuio.sys Thu Aug 22 04:37:34 2013 (5215F7FE)
fffff800`c71e7000 fffff800`c71ff000 rspndr rspndr.sys Thu Aug 22 04:36:34 2013 (5215F7C2)
fffff800`c7200000 fffff800`c7237000 mrxsmb20 mrxsmb20.sys Wed Feb 1 11:44:06 2017 (58923A86)
fffff800`c7237000 fffff800`c723f000 amwrtdrv amwrtdrv.sys Tue Dec 25 00:46:38 2012 (50D967EE)
fffff800`c723f000 fffff800`c725c000 Ndu Ndu.sys Tue Oct 28 19:45:16 2014 (545054BC)
fffff800`c725d000 fffff800`c7356000 HTTP HTTP.sys Mon Jan 1 21:38:55 2018 (5A4B1AEF)
fffff800`c7356000 fffff800`c7376000 bowser bowser.sys Wed Jul 18 06:34:36 2018 (5B4F41EC)
fffff800`c7376000 fffff800`c738d000 mpsdrv mpsdrv.sys Thu Aug 9 09:41:25 2018 (5B6C6EB5)
fffff800`c738d000 fffff800`c73f9000 mrxsmb mrxsmb.sys Sat Sep 1 09:43:27 2018 (5B8AC1AF)
fffff800`c7489000 fffff800`c7532000 peauth peauth.sys Sat Feb 22 04:09:37 2014 (53089381)
fffff800`c7532000 fffff800`c7574000 srvnet srvnet.sys Sat Jan 5 09:46:01 2019 (5C30ED59)
fffff800`c7574000 fffff800`c7586000 tcpipreg tcpipreg.sys Thu Mar 6 01:19:59 2014 (53183DBF)
fffff800`c822c000 fffff800`c82db000 srv2 srv2.sys Thu Feb 21 09:35:11 2019 (5C6EE14F)
fffff800`c82db000 fffff800`c8369000 srv srv.sys Thu Feb 21 09:34:36 2019 (5C6EE12C)
fffff800`c8369000 fffff800`c8378000 vwifimp vwifimp.sys Fri Aug 12 17:01:24 2016 (57AE6354)
fffff800`c83d2000 fffff800`c83ff000 tunnel tunnel.sys Fri Sep 4 12:24:03 2015 (55E9EFD3)
fffff960`00142000 fffff960`00557000 win32k win32k.sys unavailable (00000000)
fffff960`00661000 fffff960`0066a000 TSDDD TSDDD.dll unavailable (00000000)
fffff960`009c4000 fffff960`009fe000 cdd cdd.dll unavailable (00000000)
fffff960`00ab5000 fffff960`00b15000 ATMFD ATMFD.DLL unavailable (00000000)
Unloaded modules:
fffff800`c83a5000 fffff800`c83d2000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c8378000 fffff800`c83a5000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c83d2000 fffff800`c83ff000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c83a5000 fffff800`c83d2000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c8378000 fffff800`c83a5000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c6d22000 fffff800`c6d3b000 WinUsb.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00019000
fffff800`c6d3b000 fffff800`c6d78000 WUDFRd.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0003D000
fffff800`c532b000 fffff800`c5337000 dump_storpor
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff800`c56b9000 fffff800`c5973000 dump_iaStorA
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 002BA000
fffff800`c5973000 fffff800`c5989000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00016000
fffff800`c5de6000 fffff800`c5df7000 dam.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00011000
fffff800`c42d5000 fffff800`c42e4000 WdBoot.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000F000
fffff800`c42cd000 fffff800`c42d5000 eelam.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00008000
fffff800`c4de6000 fffff800`c4df2000 hwpolicy.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
start end module name
fffff800`c646f000 fffff800`c647d000 Accelerometer Accelerometer.sys Fri Jun 5 10:59:09 2015 (5571E36D)
fffff800`c4000000 fffff800`c4088000 ACPI ACPI.sys Sat Feb 10 08:02:05 2018 (5A7F177D)
fffff800`c41db000 fffff800`c41f3000 acpiex acpiex.sys Thu Aug 22 04:37:47 2013 (5215F80B)
fffff800`c5d4a000 fffff800`c5dda000 afd afd.sys Wed Jan 10 06:48:05 2018 (5A5627A5)
fffff800`c5de6000 fffff800`c5dff000 ahcache ahcache.sys Thu Mar 19 18:56:10 2015 (550B7E3A)
fffff800`c530c000 fffff800`c5316000 ambakdrv ambakdrv.sys Tue Dec 25 00:46:35 2012 (50D967EB)
fffff800`c6e10000 fffff800`c6e37000 ammntdrv ammntdrv.sys Tue Dec 25 00:46:37 2012 (50D967ED)
fffff800`c7237000 fffff800`c723f000 amwrtdrv amwrtdrv.sys Tue Dec 25 00:46:38 2012 (50D967EE)
fffff960`00ab5000 fffff960`00b15000 ATMFD ATMFD.DLL unavailable (00000000)
fffff800`c5c9f000 fffff800`c5cb1000 BasicDisplay BasicDisplay.sys Thu Aug 22 04:39:31 2013 (5215F873)
fffff800`c59e5000 fffff800`c59f2000 BasicRender BasicRender.sys Wed Nov 8 07:55:00 2017 (5A0328D4)
fffff800`c69f3000 fffff800`c69ff000 BATTC BATTC.SYS Thu Aug 22 04:40:04 2013 (5215F894)
fffff800`c5693000 fffff800`c569b000 Beep Beep.SYS Thu Aug 22 04:40:24 2013 (5215F8A8)
fffff800`c3e15000 fffff800`c3e1f000 BOOTVID BOOTVID.dll Thu Aug 22 04:40:26 2013 (5215F8AA)
fffff800`c7356000 fffff800`c7376000 bowser bowser.sys Wed Jul 18 06:34:36 2018 (5B4F41EC)
fffff800`c6ef1000 fffff800`c701e000 bthport bthport.sys Fri May 3 06:34:43 2019 (5CCC4373)
fffff800`c6dd3000 fffff800`c6dec000 BTHUSB BTHUSB.sys Fri May 3 06:51:47 2019 (5CCC4773)
fffff960`009c4000 fffff960`009fe000 cdd cdd.dll unavailable (00000000)
fffff800`c5989000 fffff800`c59b8000 cdrom cdrom.sys Tue Dec 5 07:24:08 2017 (5A26BA18)
fffff800`c3e2a000 fffff800`c3eb2000 CI CI.dll Sat May 12 12:39:45 2018 (5AF74301)
fffff800`c52b7000 fffff800`c530c000 CLASSPNP CLASSPNP.SYS Tue May 14 06:51:05 2019 (5CDAC7C9)
fffff800`c3f78000 fffff800`c3fda000 CLFS CLFS.SYS Sat May 11 09:51:59 2019 (5CD6FDAF)
fffff800`c69ec000 fffff800`c69f2380 CmBatt CmBatt.sys Thu Aug 22 04:39:43 2013 (5215F87F)
fffff800`c3e1f000 fffff800`c3e2a000 cmimcext cmimcext.sys Sun Oct 9 07:08:50 2016 (57FA4F72)
fffff800`c4240000 fffff800`c42cd000 cng cng.sys Sat May 12 12:39:45 2018 (5AF74301)
fffff800`c569b000 fffff800`c56aa000 CompositeBus CompositeBus.sys Thu Aug 22 04:38:48 2013 (5215F848)
fffff800`c6e00000 fffff800`c6e10000 condrv condrv.sys Thu Aug 22 04:40:17 2013 (5215F8A1)
fffff800`c5316000 fffff800`c532b000 crashdmp crashdmp.sys Thu Aug 22 04:40:03 2013 (5215F893)
fffff800`c526e000 fffff800`c5295000 dfsc dfsc.sys Mon Jan 1 21:38:50 2018 (5A4B1AEA)
fffff800`c49d2000 fffff800`c49ee000 disk disk.sys Thu Jul 6 01:55:00 2017 (595DFAE4)
fffff800`c6cde000 fffff800`c6cfa000 drmk drmk.sys Tue Oct 28 19:47:38 2014 (5450554A)
fffff800`c6d00000 fffff800`c6d0c000 dump_diskdump dump_diskdump.sys Thu Aug 22 04:40:18 2013 (5215F8A2)
fffff800`c6d0c000 fffff800`c6d22000 dump_dumpfve dump_dumpfve.sys Sat Jun 18 11:32:42 2016 (576593CA)
fffff800`c56b5000 fffff800`c596f000 dump_iaStorA dump_iaStorA.sys Fri Aug 16 10:22:01 2013 (520E5FB9)
fffff800`c5aac000 fffff800`c5c2a000 dxgkrnl dxgkrnl.sys Sat Oct 6 09:46:48 2018 (5BB8E6F8)
fffff800`c5c3c000 fffff800`c5c9f000 dxgmms1 dxgmms1.sys Sat Oct 6 09:46:35 2018 (5BB8E6EB)
fffff800`c5600000 fffff800`c568a000 eamonm eamonm.sys Thu Jan 10 22:18:47 2019 (5C383547)
fffff800`c517b000 fffff800`c51ba000 edevmon edevmon.sys Mon Jul 6 07:33:20 2015 (559A91B0)
fffff800`c59b8000 fffff800`c59e5000 ehdrv ehdrv.sys Thu Jan 10 22:19:33 2019 (5C383575)
fffff800`c4661000 fffff800`c467b000 EhStorClass EhStorClass.sys Thu Aug 22 04:38:15 2013 (5215F827)
fffff800`c5337000 fffff800`c5365000 em000k_64 em000k_64.dll Fri Jun 7 07:56:15 2019 (5CFA7B0F)
fffff800`c5365000 fffff800`c53a7000 em006_64 em006_64.dll Tue Mar 26 06:21:12 2019 (5C9A2748)
fffff800`c53a7000 fffff800`c53e5000 em018k_64 em018k_64.dll Mon Apr 29 01:55:56 2019 (5CC6BC1C)
fffff800`c5a42000 fffff800`c5a5f000 epfwwfp epfwwfp.sys Thu Jan 10 22:19:30 2019 (5C383572)
fffff800`c629b000 fffff800`c62d4000 fastfat fastfat.SYS Sat Feb 9 09:49:13 2019 (5C5F1299)
fffff800`c46d7000 fffff800`c46ed000 fileinfo fileinfo.sys Sat Feb 22 04:13:10 2014 (53089456)
fffff800`c467b000 fffff800`c46d7000 fltmgr fltmgr.sys Mon Jan 1 21:40:16 2018 (5A4B1B40)
fffff800`c4c3e000 fffff800`c4c49000 Fs_Rec Fs_Rec.sys Thu Aug 22 01:46:33 2013 (5215CFE9)
fffff800`c4400000 fffff800`c4495000 fvevol fvevol.sys Mon May 14 21:15:51 2018 (5AFA5EF7)
fffff800`c50df000 fffff800`c514b000 fwpkclnt fwpkclnt.sys Thu May 24 06:38:35 2018 (5B06C05B)
fffff800`76d8b000 fffff800`76dfa000 hal hal.dll Fri Mar 9 06:53:04 2018 (5AA29FD0)
fffff800`c622d000 fffff800`c6246000 HDAudBus HDAudBus.sys Thu Jul 24 04:45:39 2014 (53D0F1E3)
fffff800`c63c9000 fffff800`c63e8000 HIDCLASS HIDCLASS.SYS Fri May 13 16:08:24 2016 (57365E68)
fffff800`c63e8000 fffff800`c63f0080 HIDPARSE HIDPARSE.SYS Tue Mar 5 22:26:45 2019 (5C7F6825)
fffff800`c707c000 fffff800`c708a000 hidusb hidusb.sys Fri May 13 16:08:13 2016 (57365E5D)
fffff800`c5170000 fffff800`c517b000 hpdskflt hpdskflt.sys Fri Jun 5 10:59:15 2015 (5571E373)
fffff800`c725d000 fffff800`c7356000 HTTP HTTP.sys Mon Jan 1 21:38:55 2018 (5A4B1AEF)
fffff800`c6400000 fffff800`c641f000 i8042prt i8042prt.sys Mon Nov 3 22:54:54 2014 (5458783E)
fffff800`c46ed000 fffff800`c49a7000 iaStorA iaStorA.sys Fri Aug 16 10:22:01 2013 (520E5FB9)
fffff800`c6d78000 fffff800`c6dd3000 ibtusb ibtusb.sys Thu Jul 7 18:50:19 2016 (577F06DB)
fffff800`c5e17000 fffff800`c622d000 igdkmd64 igdkmd64.sys Mon Sep 9 10:27:52 2013 (522E0518)
fffff800`c641f000 fffff800`c6429000 ikbevent ikbevent.sys Tue Aug 6 16:41:35 2013 (520189AF)
fffff800`c6447000 fffff800`c6452000 imsevent imsevent.sys Tue Aug 6 16:45:57 2013 (52018AB5)
fffff800`c4dd7000 fffff800`c4de6000 intelpep intelpep.sys Tue Oct 14 23:29:44 2014 (543E1458)
fffff800`c4495000 fffff800`c44b3000 intelppm intelppm.sys Wed Jun 20 09:58:06 2018 (5B2A879E)
fffff800`c5e00000 fffff800`c5e11000 ISCTD64 ISCTD64.sys Tue Nov 27 11:52:34 2012 (50B51A02)
fffff800`c6b0d000 fffff800`c6b19000 iwdbus iwdbus.sys Wed Jul 24 18:06:12 2013 (51F07A04)
fffff800`c6435000 fffff800`c6447000 kbdclass kbdclass.sys Mon Nov 3 22:54:54 2014 (5458783E)
fffff800`7368e000 fffff800`73697000 kd kd.dll Thu Aug 22 04:40:43 2013 (5215F8BB)
fffff800`c56aa000 fffff800`c56b5000 kdnic kdnic.sys Thu Aug 22 04:38:26 2013 (5215F832)
fffff800`c6ac1000 fffff800`c6b0d000 ks ks.sys Thu Aug 23 15:54:51 2018 (5B7F3B3B)
fffff800`c4c12000 fffff800`c4c2e000 ksecdd ksecdd.sys Sat Aug 20 18:04:14 2016 (57B8FE0E)
fffff800`c458f000 fffff800`c45c0000 ksecpkg ksecpkg.sys Thu Apr 4 11:07:26 2019 (5CA647DE)
fffff800`c6cfa000 fffff800`c6cff300 ksthunk ksthunk.sys Thu Aug 22 04:39:31 2013 (5215F873)
fffff800`c714b000 fffff800`c715f000 lltdio lltdio.sys Thu Aug 22 04:36:18 2013 (5215F7B2)
fffff800`c70af000 fffff800`c70d4000 luafv luafv.sys Sat Mar 30 13:57:20 2019 (5C9FD830)
fffff800`c3edf000 fffff800`c3f6a000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Mon May 11 11:19:50 2015 (5550F2C6)
fffff800`c70a1000 fffff800`c70af000 monitor monitor.sys Thu Aug 22 04:36:37 2013 (5215F7C5)
fffff800`c6452000 fffff800`c6462000 mouclass mouclass.sys Mon Nov 3 22:54:47 2014 (54587837)
fffff800`c708a000 fffff800`c7097000 mouhid mouhid.sys Mon Nov 3 22:54:47 2014 (54587837)
fffff800`c452c000 fffff800`c4547000 mountmgr mountmgr.sys Sat May 6 11:34:28 2017 (590E1734)
fffff800`c7376000 fffff800`c738d000 mpsdrv mpsdrv.sys Thu Aug 9 09:41:25 2018 (5B6C6EB5)
fffff800`c738d000 fffff800`c73f9000 mrxsmb mrxsmb.sys Sat Sep 1 09:43:27 2018 (5B8AC1AF)
fffff800`c6e37000 fffff800`c6e83000 mrxsmb10 mrxsmb10.sys Sat Feb 9 09:46:39 2019 (5C5F11FF)
fffff800`c7200000 fffff800`c7237000 mrxsmb20 mrxsmb20.sys Wed Feb 1 11:44:06 2017 (58923A86)
fffff800`c5cc5000 fffff800`c5cd1000 Msfs Msfs.SYS Wed Feb 6 11:32:06 2019 (5C5B3636)
fffff800`c42e4000 fffff800`c42ee000 msisadrv msisadrv.sys Sat Feb 10 09:52:14 2018 (5A7F314E)
fffff800`c40a0000 fffff800`c40fb000 msrpc msrpc.sys Sat Nov 10 09:46:09 2018 (5BE71961)
fffff800`c5dda000 fffff800`c5de6000 mssmbios mssmbios.sys Thu Aug 22 04:39:41 2013 (5215F87D)
fffff800`c7097000 fffff800`c70a1000 MTConfig MTConfig.sys Thu Aug 22 04:37:36 2013 (5215F800)
fffff800`c4e51000 fffff800`c4e71000 mup mup.sys Wed Apr 6 11:22:23 2016 (570553DF)
fffff800`c4c49000 fffff800`c4d60000 ndis ndis.sys Sat Jun 30 09:48:29 2018 (5B37B45D)
fffff800`c71d3000 fffff800`c71e7000 ndisuio ndisuio.sys Thu Aug 22 04:37:34 2013 (5215F7FE)
fffff800`c59f2000 fffff800`c59fd000 NdisVirtualBus NdisVirtualBus.sys Thu Aug 22 04:36:25 2013 (5215F7B9)
fffff800`c723f000 fffff800`c725c000 Ndu Ndu.sys Tue Oct 28 19:45:16 2014 (545054BC)
fffff800`c5a5f000 fffff800`c5a70000 netbios netbios.sys Mon Jan 1 21:39:30 2018 (5A4B1B12)
fffff800`c5cff000 fffff800`c5d4a000 netbt netbt.sys Thu Feb 21 09:34:32 2019 (5C6EE128)
fffff800`c4d60000 fffff800`c4dd7000 NETIO NETIO.SYS Sat May 27 11:29:31 2017 (5929C58B)
fffff800`c6480000 fffff800`c681e000 NETwbw02 NETwbw02.sys Tue Mar 26 07:48:19 2019 (5C9A3BB3)
fffff800`c5cb1000 fffff800`c5cc5000 Npfs Npfs.SYS Thu Feb 21 09:36:02 2019 (5C6EE182)
fffff800`c5a98000 fffff800`c5aa4000 npsvctrig npsvctrig.sys Thu Aug 22 04:38:22 2013 (5215F82E)
fffff800`c5a89000 fffff800`c5a98000 nsiproxy nsiproxy.sys Sun Aug 13 10:19:15 2017 (59908A13)
fffff800`7660e000 fffff800`76d8b000 nt ntkrnlmp.exe Fri May 24 17:00:40 2019 (5CE885A8)
fffff800`c4a1a000 fffff800`c4c12000 Ntfs Ntfs.sys Fri May 24 16:57:57 2019 (5CE88505)
fffff800`c568a000 fffff800`c5693000 Null Null.SYS Thu Aug 22 04:40:24 2013 (5215F8A8)
fffff800`c715f000 fffff800`c71d3000 nwifi nwifi.sys Mon Jan 1 21:38:07 2018 (5A4B1ABF)
fffff800`c5a00000 fffff800`c5a2a000 pacer pacer.sys Mon Jan 1 21:37:59 2018 (5A4B1AB7)
fffff800`c435d000 fffff800`c4375000 partmgr partmgr.sys Wed Oct 8 00:34:42 2014 (5434E912)
fffff800`c42ee000 fffff800`c4334000 pci pci.sys Sat Feb 10 09:51:52 2018 (5A7F3138)
fffff800`c4c2e000 fffff800`c4c3e000 pcw pcw.sys Thu Aug 22 01:46:34 2013 (5215CFEA)
fffff800`c4341000 fffff800`c435d000 pdc pdc.sys Wed Jul 5 23:19:51 2017 (595DD687)
fffff800`c7489000 fffff800`c7532000 peauth peauth.sys Sat Feb 22 04:09:37 2014 (53089381)
fffff800`c6c97000 fffff800`c6cde000 portcls portcls.sys Tue Oct 28 19:46:35 2014 (5450550B)
fffff800`c3e00000 fffff800`c3e15000 PSHED PSHED.dll Sat Sep 14 06:57:19 2013 (52346B3F)
fffff800`c5200000 fffff800`c526e000 rdbss rdbss.sys Mon Jan 1 21:38:59 2018 (5A4B1AF3)
fffff800`c6b19000 fffff800`c6b24000 rdpbus rdpbus.sys Thu Aug 22 04:38:52 2013 (5215F84C)
fffff800`c51ba000 fffff800`c51fe000 rdyboost rdyboost.sys Mon Jan 1 21:39:40 2018 (5A4B1B1C)
fffff800`c71e7000 fffff800`c71ff000 rspndr rspndr.sys Thu Aug 22 04:36:34 2013 (5215F7C2)
fffff800`c6898000 fffff800`c6964000 Rt630x64 Rt630x64.sys Fri Jul 26 00:01:35 2013 (51F21ECF)
fffff800`c682b000 fffff800`c6898000 RtsPer RtsPer.sys Wed Aug 21 00:23:24 2013 (52146AEC)
fffff800`c6462000 fffff800`c646f000 Smb_driver_Intel Smb_driver_Intel.sys Thu Aug 1 17:54:20 2013 (51FB033C)
fffff800`c4375000 fffff800`c43e0000 spaceport spaceport.sys Tue Jan 10 14:37:47 2017 (5875623B)
fffff800`c82db000 fffff800`c8369000 srv srv.sys Thu Feb 21 09:34:36 2019 (5C6EE12C)
fffff800`c822c000 fffff800`c82db000 srv2 srv2.sys Thu Feb 21 09:35:11 2019 (5C6EE14F)
fffff800`c7532000 fffff800`c7574000 srvnet srvnet.sys Sat Jan 5 09:46:01 2019 (5C30ED59)
fffff800`c4600000 fffff800`c4661000 storport storport.sys Sun Sep 17 11:52:55 2017 (59BEC487)
fffff800`c6c0b000 fffff800`c6c97000 stwrt64 stwrt64.sys Fri Aug 16 03:26:26 2013 (520DFE52)
fffff800`c647d000 fffff800`c647e600 swenum swenum.sys Tue Oct 28 19:47:41 2014 (5450554D)
fffff800`c6339000 fffff800`c63bf000 SynTP SynTP.sys Thu Aug 1 17:51:42 2013 (51FB029E)
fffff800`c4e7b000 fffff800`c50df000 tcpip tcpip.sys Wed Apr 24 10:11:52 2019 (5CC098D8)
fffff800`c7574000 fffff800`c7586000 tcpipreg tcpipreg.sys Thu Mar 6 01:19:59 2014 (53183DBF)
fffff800`c5cf1000 fffff800`c5cff000 TDI TDI.SYS Thu Aug 22 04:39:01 2013 (5215F855)
fffff800`c5cd1000 fffff800`c5cf1000 tdx tdx.sys Tue Aug 1 20:17:15 2017 (5981443B)
fffff800`c6305000 fffff800`c6339000 TeeDriverW8x64 TeeDriverW8x64.sys Mon Oct 2 23:21:38 2017 (59D32C72)
fffff800`c3fda000 fffff800`c3ffc000 tm tm.sys Thu Dec 6 11:34:36 2018 (5C0979CC)
fffff960`00661000 fffff960`0066a000 TSDDD TSDDD.dll unavailable (00000000)
fffff800`c83d2000 fffff800`c83ff000 tunnel tunnel.sys Fri Sep 4 12:24:03 2015 (55E9EFD3)
fffff800`c62d4000 fffff800`c6305000 ucx01000 ucx01000.sys Sat Apr 28 10:14:49 2018 (5AE4AC09)
fffff800`c5295000 fffff800`c52a6000 umbus umbus.sys Thu Aug 22 04:38:59 2013 (5215F853)
fffff800`c701e000 fffff800`c7048000 usbccgp usbccgp.sys Fri Sep 1 12:03:22 2017 (59A9AEFA)
fffff800`c6429000 fffff800`c6435000 USBD USBD.SYS Sat Oct 10 11:41:42 2015 (56195BE6)
fffff800`c6964000 fffff800`c697d000 usbehci usbehci.sys Fri Jan 8 10:22:38 2016 (568FFE6E)
fffff800`c6b24000 fffff800`c6b99000 usbhub usbhub.sys Fri Sep 1 12:03:39 2017 (59A9AF0B)
fffff800`c6a00000 fffff800`c6a79000 UsbHub3 UsbHub3.sys Sat Oct 10 11:40:05 2015 (56195B85)
fffff800`c697d000 fffff800`c69ec000 USBPORT USBPORT.SYS Sat Apr 28 10:15:57 2018 (5AE4AC4D)
fffff800`c7048000 fffff800`c707bf00 usbvideo usbvideo.sys Sat Jun 21 00:33:39 2014 (53A53553)
fffff800`c6246000 fffff800`c629b000 USBXHCI USBXHCI.SYS Sat Apr 28 10:14:44 2018 (5AE4AC04)
fffff800`c4334000 fffff800`c4341000 vdrvroot vdrvroot.sys Thu Aug 22 04:38:49 2013 (5215F849)
fffff800`c43e0000 fffff800`c43f6000 volmgr volmgr.sys Sat Apr 9 14:31:30 2016 (570974B2)
fffff800`c44cd000 fffff800`c452c000 volmgrx volmgrx.sys Fri Jul 7 07:19:15 2017 (595F9863)
fffff800`c4e00000 fffff800`c4e51000 volsnap volsnap.sys Fri Mar 11 06:44:06 2016 (56E2D9B6)
fffff800`c681e000 fffff800`c682b000 vwifibus vwifibus.sys Fri Aug 12 17:03:08 2016 (57AE63BC)
fffff800`c5a2a000 fffff800`c5a42000 vwififlt vwififlt.sys Fri Aug 12 17:02:30 2016 (57AE6396)
fffff800`c8369000 fffff800`c8378000 vwifimp vwifimp.sys Fri Aug 12 17:01:24 2016 (57AE6354)
fffff800`c5a70000 fffff800`c5a89000 wanarp wanarp.sys Sat Dec 8 11:00:49 2018 (5C0C14E1)
fffff800`c5c2a000 fffff800`c5c3c000 watchdog watchdog.sys Sat Feb 22 04:14:39 2014 (530894AF)
fffff800`c40fb000 fffff800`c41ca000 Wdf01000 Wdf01000.sys Thu Aug 22 04:38:56 2013 (5215F850)
fffff800`c4547000 fffff800`c458f000 WdFilter WdFilter.sys Mon Nov 14 20:52:54 2016 (582A94A6)
fffff800`c41ca000 fffff800`c41db000 WDFLDR WDFLDR.SYS Thu Aug 22 04:39:03 2013 (5215F857)
fffff800`c3f6a000 fffff800`c3f78000 werkernel werkernel.sys Thu Aug 22 04:40:24 2013 (5215F8A8)
fffff800`c514b000 fffff800`c5170000 wfplwfs wfplwfs.sys Thu Apr 4 11:07:05 2019 (5CA647C9)
fffff960`00142000 fffff960`00557000 win32k win32k.sys unavailable (00000000)
fffff800`c70f5000 fffff800`c710e000 WinUsb WinUsb.sys Sat Oct 10 11:40:25 2015 (56195B99)
fffff800`c63bf000 fffff800`c63c9000 WirelessButtonDriver64 WirelessButtonDriver64.sys Tue Mar 8 01:19:53 2016 (56DE9939)
fffff800`c63f1000 fffff800`c63fb000 wmiacpi wmiacpi.sys Thu Aug 22 04:40:04 2013 (5215F894)
fffff800`c4088000 fffff800`c4092000 WMILIB WMILIB.SYS Thu Aug 22 04:40:23 2013 (5215F8A7)
fffff800`c49a7000 fffff800`c49d2000 Wof Wof.sys Thu Mar 13 01:27:29 2014 (53216BF1)
fffff800`c41f3000 fffff800`c41fe000 WppRecorder WppRecorder.sys Thu Aug 22 04:39:40 2013 (5215F87C)
fffff800`c70d4000 fffff800`c70f5000 WudfPf WudfPf.sys Tue Oct 28 19:46:27 2014 (54505503)
fffff800`c710e000 fffff800`c714b000 WUDFRd WUDFRd.sys Tue Oct 28 19:46:13 2014 (545054F5)
Unloaded modules:
fffff800`c83a5000 fffff800`c83d2000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c8378000 fffff800`c83a5000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c83d2000 fffff800`c83ff000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c83a5000 fffff800`c83d2000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c8378000 fffff800`c83a5000 tunnel.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002D000
fffff800`c6d22000 fffff800`c6d3b000 WinUsb.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00019000
fffff800`c6d3b000 fffff800`c6d78000 WUDFRd.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0003D000
fffff800`c532b000 fffff800`c5337000 dump_storpor
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff800`c56b9000 fffff800`c5973000 dump_iaStorA
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 002BA000
fffff800`c5973000 fffff800`c5989000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00016000
fffff800`c5de6000 fffff800`c5df7000 dam.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00011000
fffff800`c42d5000 fffff800`c42e4000 WdBoot.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000F000
fffff800`c42cd000 fffff800`c42d5000 eelam.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00008000
fffff800`c4de6000 fffff800`c4df2000 hwpolicy.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
Bugcheck code 000000C2
Arguments 00000000`00000007 00000000`00001200 00000000`04230017 ffffe001`88de5de0
2: kd> lmvm eamonm
Browse full module list
start end module name
fffff800`c5600000 fffff800`c568a000 eamonm T (no symbols)
Loaded symbol image file: eamonm.sys
Image path: \SystemRoot\system32\DRIVERS\eamonm.sys
Image name: eamonm.sys
Browse all global symbols functions data
Timestamp: Thu Jan 10 22:18:47 2019 (5C383547)
CheckSum: 0002AAAF
ImageSize: 0008A000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:Informational Use Only - "STRINGS" from Process Explorer for the execution of the jcgriff2/Sysnative BSOD File and Dump Collection App -
Code:
kernel32
System32
catroot
catroot2
DriverStore
LogFiles
spool
drivers
etc
Sysnative
@Echo %dbg%Off
Set NoExit=
If /I "%~1"=="/R" Set NoExit=1
Set userdir=SysnativeFileCollectionApp
Set OFile=Jcgriff2Log.txt
Set ProgVer=v4.6.0
Set CRDate=2008 - 2014 sysnative.com
Set LastUpdt=July 2014
:: Following line is a single TAB
Set _Tab=
Goto _Start
:CpyRight
Echo.* * * %Indent3%B S O D F I L E C O L L E C T I O N S C R I P T * * *
Echo.%Indent1%Authors:
Echo.%Indent2%jcgriff2 - J. C. Griffith, Microsoft MVP
Echo.%Indent2%TheOutcaste - Jerry Wines, Microsoft MVP
Echo.%Indent2%Patrick - Patrick Barker, Microsoft MVP
Echo.%Indent2%niemiro - Richard
Echo.%Indent2%Tekno Venus - Stephen
Echo.%Indent1%
http://www.sysnative.com/
Echo.%Indent1%
sysnative.com - MVP
Echo.%Indent1%
%CRDate%
Echo.%Indent2%Last Update: %LastUpdt%
Echo.%Indent1%New Jersey, USA; Oregon, USA; New York, USA
Echo.%Indent1%ALL RIGHTS RESERVED
Goto :EOF
:_Start
:: Authors:
:: jcgriff2 - J. C. Griffith, Microsoft MVP
:: TheOutcaste - Jerry Wines, Microsoft MVP
:: Patrick - Patrick Barker, Microsoft MVP
:: niemiro - Richard
:: Tekno Venus - Stephen
2008 - 2014 sysnative.com
If Not Defined NoExit Cls
Color 1E
Set execdate=%date%
Set exectime=%time%
Set ErrFile=%temp%\errinfotmp.txt
Set Spacer1=
Set Spacer2=*********************************************************************
Echo.
Echo.
Call :_TS
Echo.
Echo. * * * H E L L O from jcgriff2 * * *
Echo. * * * H E L L O from jcgriff2 * * *
Echo. * * * H E L L O from jcgriff2 * * *
Echo.
Echo.
Echo.username%_Tab%%_Tab%%_Tab%%username%
Echo.Windows OS%_Tab%%_Tab%%_Tab%%OS%
:: ver
Echo.Computer Name%_Tab%%_Tab%%_Tab%%computername%
Echo.PC Brand%_Tab%%_Tab%%_Tab%%_Tab%%pcbrand%
Echo.
Echo.Processor Architecture%_Tab%%_Tab%%PROCESSOR_ARCHITECTURE%
Echo.Processor%_Tab%%_Tab%%_Tab%%processor_identifier%
Echo.Number of Proc's%_Tab%%_Tab%%number_of_processors%
Echo.
Echo.
Call :_ChkVer
If %_VerChk%==0 Goto _WrongVer
"%SystemRoot%\system32\FSUTIL.exe">Nul 2>&1||Goto _NotAdmin
:: If the above was successful, we are running in an Elevated Prompt
Echo. ----------- We will begin in 5 seconds . . . .
>Nul Timeout /NOBREAK /T 5
Set Logfile=%userdir%\%OFile%
Set _tmpFile1=%temp%\%OFile%
Set _tmpFile2=%temp%\wmic_dump_info.txt
Set _tmpFile3=%temp%\wmic_dump_info1.txt
Set _tmpFile4=%temp%\wmic_dump_info2.txt
Set _tmpFile5=%temp%\BTF.vbs
Set _tmpfnumb=5
If Exist "%_tmpFile1%" Del "%_tmpFile1%"
Set _TaskName=%userdir%
Set _TaskNumb=0
Set DllList=DllList.txt
Set drvq=DrvQuery.txt
Set drvq_fo=DriverqFo.txt
Set drvq_si=DriverqSi.txt
Set drvq_v=DriverqV.txt
Set EnvirVars=SetEnvironmentVar.txt
Set evtx1=EvtxAppDump.txt
Set evtx2=EvtxSysDump.txt
Set ipconfg1=IPconfigAll.txt
Set KrnlDump=KernelDumpList.txt
Set netsh1=NetSHLAN1.txt
Set netst1=NetstatJcgriff2
Set netst1StdErr=NetstatJcgriff2.StdErr
Set Reg1=HKLMSoftMSWinCVUninstall.txt
Set Reg2=HKCUSoftMSWinCVUninstall.txt
Set Reg3=HKLMSoftMSA-SInstalledComponents.txt
Set SysInfo=SystemInfo.txt
Set SysInfo1=SystemInfo1.txt
Set SysList=SysList.txt
Set TlSvcHost=TasklistSVCHOST.txt
Set tracert1=Tracert.txt
Set usrinstr=BSODPostingInstructions.txt
Set Wer1=WERProgramData
Set Wer2=WERLocalAppData
Set Wer3=WERALL.txt
Set WMICRam=RAMInfo.html
Set WMICROS=WMICRecoveros.txt
Set WMIpage=WMICPageCrashdump.txt
Set hdrive=%HomeDrive%
Set Indent1=
Set Indent2=%Indent1%
Set Indent3=
Set _Pad= .
(Echo.
Call :_TS "Begin Logging"
Echo.
Echo.%ProgVer% compiled EXE
Echo.%ProgVer% compiled EXE
Echo.%ProgVer% compiled EXE
Echo.%ProgVer% compiled EXE
Echo.
Call :_TSE "Finished set commands" %errorlevel%
Echo.
Echo.)>"%_tmpFile1%"
Title %username%
>>"%_tmpFile1%" Call :_TSE "Changed the title of the screen" %errorlevel%
PushD "%HomeDrive%%HomePath%\Documents"
>>"%_tmpFile1%" Call :_TSE "Did a PushD to HomeDrive:HomePath\Documents" %errorlevel%
If Errorlevel 1 (
>>"%_tmpFile1%" Echo. %HomeDrive%%HomePath%\Documents Does not exist.
PushD "%Userprofile%\Documents"
>>"%_tmpFile1%" Call :_TSE "Trying Userprofile\Documents" %errorlevel%
If Errorlevel 1 (
>>"%_tmpFile1%" Echo. %Userprofile%\Documents Does not exist.
PushD "%Userprofile%\Desktop"
>>"%_tmpFile1%" Call :_TSE "Trying Userprofile\Desktop" %errorlevel%
If Errorlevel 1 (
>>"%_tmpFile1%" Echo. %Userprofile%\Desktop Does not exist.
Goto _FatalErr
Set WrkDir=%CD%
Set userdir1=%WrkDir%\%userdir%
If Exist "%userdir%" (
>Nul Del /S /Q %userdir%\*.*
If Not Defined NoExit Cls
Echo. & Echo.
Echo.%date%%_Tab%%time%
) Else (
>>"%_tmpFile1%" Call :_TSE "Checked for existance of TSE Sub-Dir" %errorlevel%
Md "%userdir%"
>>"%_tmpFile1%" Call :_TSE "Created user Dir" %errorlevel%
>Nul Copy "%windir%\minidump\*.*" "%userdir%"
>Nul Copy /Y "%_tmpFile1%" "%Logfile%"
Echo.
Echo.%Indent2%Copying mini-kernel dump files . . .
Echo.
>>"%Logfile%" Call :_TSE "Copying mini-kernel dump files" %errorlevel%
(Echo.
Call :_TS
Echo.
Echo.
Echo.%_Tab%%_Tab%LISTING OF MINI KERNEL DUMP FILES
Echo.%_Tab%%_Tab%LISTING OF MINI KERNEL DUMP FILES
Echo.
Dir "%systemroot%\minidump\*.*" /A /Q /X
Echo.
Echo.
Echo._______________________________________________________
Echo.
Call :_TS
Echo.
Echo.
Echo.%_Tab%%_Tab% FULL KERNEL DUMP FILE
Echo.%_Tab%%_Tab% FULL KERNEL DUMP FILE
Echo.
Dir "%systemroot%\memory.dmp" /A /Q /X
Echo.
Echo._______________________________________________________
Echo.
Echo.
Echo.%_Tab%%_Tab% E O J
Echo.%_Tab%%_Tab% E O J
Echo.
Call :_TS
Echo.)>"%userdir%\%KrnlDump%"
Echo.
Echo.%Indent2%Copying mini-kernel dump files . . . D O N E
Echo.
:: :no_kernel_dumps
(Call :_TSE "Copying mini-kernel dump files Done" %errorlevel%
Echo.-
Call :CpyRight
Echo.-
Echo. %execdate% %exectime% ----- Actual Start execution time
Echo.-
Echo. B E G I N jcgriff2 B A T C H E X E C U T I O N
Echo. B E G I N jcgriff2 B A T C H E X E C U T I O N
Echo.-
Echo.-
Call :_TS
Echo.-
Echo.Original home drive = %hdrive%
Echo.home path = %HomePath%
Echo.current directory = %WrkDir%
Echo.-)>>"%Logfile%"
Echo.
Echo.%Indent2%Running WHOAMI command . . .
Echo.
(Call :_TSE "Running WHOAMI command" %errorlevel%
Echo.-
Echo.ALL user SIDs ------
WhoAmI /ALL
Echo.-
Call :_TSE "WHOAMI Command Done" %errorlevel%
Echo.-)>>"%Logfile%"
Echo.
Echo.%Indent2%Running WHOAMI command . . . D O N E
Echo.
Echo.--
(Echo.-
Echo.Get basic system information . . .
Echo.Number of processors . . . . %NUMBER_OF_PROCESSORS%
Echo.PC Brand . . . . . . . . . . %PCBRAND%
Echo.Platform . . . . . . . . . . %Platform%
Echo.Processor Architecture . . . %PROCESSOR_ARCHITECTURE%
Echo.Processor Identifier . . . . %PROCESSOR_IDENTIFIER%
Echo.Processor Level. . . . . . . %PROCESSOR_LEVEL%
Echo.Processor Revision . . . . . %PROCESSOR_REVISION%
Echo.Operating system . . . . . . %OS%
Echo.Windows Dir. . . . . . . . . %windir%
Echo.User Profile Dir . . . . . . %userprofile%
Echo.-
Call :_TS "Starting msinfo32 - save in NFO format"
Echo.-)>>"%Logfile%"
:: -- do reg query - list dll exe -- REG:\HKEY_USERS\S-1-5-21-3623929278-1183198723-2560370784-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Echo.
Echo.
Call :_TS
Echo.
Echo.%Indent1%Starting Separate subtasks
Echo.
Echo.%Indent2%Running msinfo32 - saving as NFO file
Echo.
:: msinfo32 NFO format
Start msinfo32 /nfo %userdir%\MSInfo32.nfo
(Call :_TSE "msinfo32 Started" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting dxdiag"
Echo.-)>>"%Logfile%"
Echo.%Indent2%Begin DirectX Kernel Diagnostics Report . . .
Echo.
Set /A _TaskNumb+=1
rem Start "%_TaskName%%_TaskNumb%" /Min cmd /c dxdiag /t "%WrkDir%\%userdir%\DxDiagx86.txt"
Start "%_TaskName%%_TaskNumb%" /Min cmd /c dxdiag /t %WrkDir%\%userdir%\DxDiagx86.txt
rem set > c:\userdir-before-dxdiag
rem Start "%_TaskName%%_TaskNumb%" /Min cmd /c dxdiag /t "%userprofile%\documents\%userdir%\DxDiagx86.txt"
rem set > c:\userdir-after-dxdiag
:: dxdiag /x %userdir%\DxDiagx86.xml
:: dxdiag /whql:off /64bit /x "%userdir%\DxDiagx86.xml"
(Call :_TSE "dxdiag Started" - %errorlevel%
Echo.-
Echo.-
Call :_TS "Copy Hosts File"
!This program cannot be run in DOS mode.
Rich
.text
`.rdata
@.data
.rsrc
@.reloc
SVP
Sj@j1P
E$PQ
SVWP
WVQSR
rNP
SVWP
SVW
M@QRP
SVWP
SVW
SVWP
SVWP
U(RP
PQRW
SVWP
QRP
uej
j@j!V
PPj\
QRP
SVW
RPV
VSWS
QRPV
PQRV
VWP
SVW
QRP
SWt=
BIu
SVWP
RPW
QRQ
QPQW
PQPW
PQPR
PQVW
RPQV
SVW
SVW
SVW
SVW
SVWP
PQVW
SVW
WWj
d$@hh
SVW
d$xP
d$Dh
d$DP
SVW
L1(WR
SVW3
RWP
PWQ
PWQ
)ND)NP
_DuP9
wTj
RVP
PVQ
w,PQ3
SWQR
RVP
PQj
PQj
PQR3
QSV
F(9F$u
V Wh
9_8tH9_@tC9_Dt>;
t~9_ ty9_$tt
VPQ
9N sp
N$RP
WPS
FDW
w<+wt
GD)_p)_l
GHf
GDf
Flj
FHf
Nl#N4
VDf
Nlf+Np
rRH
VDf
Flj
FHf
Nl#N4
VDf
w0PV
Vl+Vp
Vlf+Vd
Ntf+
VDf
Nxu
Flj
Flj
FlSQ+
Flj
Flj
Flj
ANu
ANu
SVW
QSV
SVW
GKu
QSVW
UWVS
asm686 with masm, optimised assembly code from Brian Raiter, written 1998
t$Wh
SVW
MZt
8csm
SVW
8csm
9MZt
SVW
VVVVV
IsWow64Process
vector<T> too long
deque<T> too long
bad allocation
.-)>>"%Logfile%"
:: HOSTS file
>Nul Copy %windir%\system32\drivers\etc\HOSTS %userdir%\Hosts.txt
(Call :_TSE "Copy Hosts File Done" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting Driver Query #1"
Echo.-)>>"%Logfile%"
Echo.
Call :_TS
Echo.
Echo.%Indent1%Starting Driver Queries
Echo.
Echo.%Indent2%Running Driver Query . . . driverquery - verbose output
Echo.%Indent2% program 1 of 3 . . . executing
Echo.---
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "driverquery /v > "%userdir1%\%drvq_v%""
:: driverquery /v > %userdir%\%drvq%
:: driverquery /v > %temp%\drivers1.txt -- Start notepad %temp%\drivers1.txt
(Call :_TSE "Driver Query #1 Started" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting Driver Query #2"
Echo.-)>>"%Logfile%"
Echo.%Indent2%Running Driver Query . . . driverquery - Signed Drivers
Echo.%Indent2% program 2 of 3 . . . executing
Echo.---
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "driverquery /si >> "%userdir1%\%drvq_si%""
(Call :_TSE "Driver Query #2 Started" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting Driver Query #3"
Echo.-)>>"%Logfile%"
Echo.%Indent2%Running Driver Query . . . driverquery - List Format
Echo.%Indent2% program 3 of 3 . . . executing
Echo.---
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "driverquery /fo list >> "%userdir1%\%drvq_fo%""
(Call :_TSE "Driver Query #3 Started" %errorlevel%
Echo.-
Echo.-
Echo.%Indent1%D R I V E R Q U E R Y E N D
Echo.-)>>"%Logfile%"
Echo.
Call :_TS
Echo.%Indent1%Driver Queries Running
Echo.
Echo.
:: driverquery >> %userdir%\%drvq%
:: driverquery /fo list > %temp%\drivers1.txt -- Start notepad %temp%\drivers1.txt
(Echo.-
Call :_TS "Starting Event Viewer log dump - apps"
Echo.-)>>"%Logfile%"
Echo.
Call :_TS
Echo.
Echo.%Indent2%Dumping Event Viewer Application Log . . . 50,000 records
Echo.
:: dump App log
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "wevtutil qe Application /c:50000 /rd:true /f:text > "%userdir1%\%evtx1%"&Call :_TS&Call :_TS >> "%userdir%\%evtx1%""
(Call :_TSE "Event Viewer log dump - apps - Started" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting Event Viewer log dump - System"
Echo.-)>>"%Logfile%"
Call :_TS
Echo.
Echo.%Indent2%Dumping Event Viewer System Log . . . 50,000 records
Echo.
Echo.
:: dump System Log
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "wevtutil qe System /c:35000 /rd:true /f:text > "%userdir%\%evtx2%"&Call :_TS&Call :_TS >> "%userdir%\%evtx2%""
(Call :_TSE "Event Viewer log dump - System - Started" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting TRACERT and IPCONFIG"
Echo.-)>>"%Logfile%"
Echo.
Call :_TS
Echo.
Echo.%Indent2%Running TRACERT and IPCONFIG . . . .
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "tracert sysnative.com > "%userdir%\%tracert1%"&Echo.>>"%userdir%\%tracert1%"&Call :_TS&Call :_TS >> "%userdir%\%tracert1%""
(Echo.-
Call :_TSE "TRACERT Started" %errorlevel%
Echo.-)>>"%Logfile%"
Echo.
Call :_TS
Echo.
Echo.%Indent2%Running TRACERT . . . D O N E
Echo.%Indent2%Running IPCONFIG . . .
:: ipconfig all
(Ipconfig /All
Echo.
Echo. %Spacer1%
Call :_TS
Echo. %Spacer1%
Echo.
Echo.
Echo.
Echo. %Spacer1%
ipconfig /allcompartments /all
Echo. %Spacer1%
Echo.
Echo.
Echo.
Echo. %Spacer1%)>"%userdir%\%ipconfg1%"
Echo.%Indent2%Running IPCONFIG . . . D O N E
(Call :_TSE "Running IPCONFIG Done" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting SystemInfo"
Echo.-)>>"%Logfile%"
Echo.
Echo.
Echo.%Indent1%Running systeminfo report . . .
Echo.
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "systeminfo /fo list > "%userdir%\%SysInfo1%" & findstr /i /v /c:"Registered Owner" "%UserProfile%\Documents\%userdir%\%SysInfo1%" > "%UserProfile%\Documents\%userdir%\%SysInfo%" & del "%userdir%\%SysInfo1%""
(Call :_TSE "SystemInfo Started" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting SysInfo e-mail removing vbs script"
Echo.-)>>"%Logfile%"
Author: Patrick
:: ' Patrick Barker
Date: June 2014
(c)2014 Sysnative Forums
Call :_TS "Export current variables"
Echo.-)>>"%Logfile%"
(Set
Call :_TS)>"%userdir%\%EnvirVars%"
(Call :_TSE "Export current variables Done" %errorlevel%
Echo.-
Echo.-
Call :_TS "Starting WHERE *.sys Command"
Echo.-)>>"%Logfile%"
:: find drivers - sys - dll %Spacer2%
Echo.
Call :_TS
Echo.
Echo.%Indent2%Starting process to search for Drivers . . .
Echo.
:: Set currdir=cd
:: cd /d %systemdrive%\
Call :_TS "-- WHERE *.sys . . ." > "%userdir%\%SysList%"
Call :_TS "-- WHERE *.sys . . ." >>"%userdir%\%SysList%"
Call :_TS "-- WHERE *.sys . . ." >>"%userdir%\%SysList%"
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "Where /r %systemdrive%\ /f /t *.sys >> "%userdir%\%SysList%""
:: (Call :_TSE "-- WHERE *.sys Started" %errorlevel%
:: Echo.-
:: Echo.-
:: Call :_TS "Starting WHERE *.dll Command"
:: Echo.-)>>"%Logfile%"
:: Echo.%Indent2%Starting process to search for Dynamic Link Library Files - DLL . . .
:: Echo.
:: Set /A _TaskNumb+=1
:: Start "%_TaskName%%_TaskNumb%" /Min cmd /c "Where /r %systemdrive%\ /f /t *.dll > "%userdir%\%DllList%""
:: cd %currdir%
:: Call :_TS "-- WHERE *.sys . . .">>"%userdir%\%DllList%"
:: Call :_TS "-- WHERE *.sys . . .">>"%userdir%\%DllList%"
:: Call :_TS "-- WHERE *.sys . . .">>"%userdir%\%DllList%"
:: (Call :_TSE "-- WHERE *.dll Started" %errorlevel%
Echo.-
Echo.-
Call :_TS "Running NETSH Commands"
Echo.-)>>"%Logfile%"
Echo.
Echo.
Call :_TS
Echo.
Echo.%Indent2%Gathering Network Information . . .
Echo.
(Echo.
Echo.%Spacer2%
Echo.%Spacer2%
Echo.*********** B E G I N *** N E T W O R K *** I N F O ***********
Echo.*********** B E G I N *** N E T W O R K *** I N F O ***********
Echo.%Spacer2%
Echo.%Spacer2%
Echo.
Echo.
Echo. by John C. Griffith, Microsoft MVP
Echo.
Echo.
Echo.***************** WIFI WLAN NETSH WLAN SHOW ALL ******************
Echo.***************** WIFI WLAN NETSH WLAN SHOW ALL ******************
netsh wlan show all
Echo.
Echo.
Echo.*********************** LAN NETSH INTERFACES ***********************
Echo.*********************** LAN NETSH INTERFACES ***********************
netsh lan show interfaces
Echo.
Echo.
Echo.************************ LAN NETSH PROFILES ************************
Echo.************************ LAN NETSH PROFILES ************************
netsh lan show profiles
Echo.
Echo.
Echo.************************ LAN NETSH SETTINGS ************************
Echo.************************ LAN NETSH SETTINGS ************************
netsh lan show settings
Echo.
Echo.
Echo.%Spacer2%
Echo.
Call :_TS "jcgriff2"
Call :_TS "jcgriff2"
Echo.****************************** E O J ******************************
Echo.****************************** E O J ******************************
Echo.****************************** E O J ******************************
Call :_TS
Echo. by John C. Griffith, Microsoft MVP
Echo.
Echo.)>"%userdir%\%netsh1%"
(Call :_TSE "NETSH Commands Done" %errorlevel%
Echo.-
Echo.-
Call :_TS "Running NETSTAT Command"
Echo.-)>>"%Logfile%"
Call :_TS
Echo.
Echo.%Indent2%Gathering Network Statistics, please wait as this may take a moment!
Echo.
:: The Netstat switches cannot be combined, needs to be run three times
(Echo.
Echo.
Echo. %Spacer1%
Echo. %Spacer1%
Echo. %Spacer1%
Echo.
%DATE% %TIME%
NETSTAT
Echo.
%DATE% %TIME%
NETSTAT
Echo.
%DATE% %TIME%
NETSTAT
Echo. %Spacer1%
Echo. %Spacer1%
Echo. %Spacer1%
Echo.
Netstat -e -v
Echo.
Netstat -r
Netstat -a -b -f -o
Echo.
Echo. %Spacer1%
Echo. %Spacer1%
Echo. %Spacer1%
Echo.
%DATE% %TIME%
E O J
Echo.
%DATE% %TIME%
E O J
Echo.
%DATE% %TIME%
E O J
Echo. %Spacer1%
Echo. %Spacer1%
Echo. %Spacer1%
Echo.)>"%userdir%\%netst1%" 2> "%userdir%\%netst1StdErr%"
(Call :_TSE "NETSTAT Command Done" %errorlevel%
Echo.-
Echo.-
Call :_TS "Obtaining Windows Error Reporting information"
Echo.-)>>"%Logfile%"
Call :_TS
Echo.
Echo.%Indent2%Gathering Network Information . . . D O N E
:: get Dir of WER files -
Echo.
Echo.
Echo.
Call :_TS
Echo.
Echo.%Indent2%Obtaining Windows Error Reporting information . . .
Echo.
(Call :_TS
Dir "%programdata%\Microsoft\Windows\WER" /A /O:D /S /A /X)>"%userdir%\%Wer1%"
(Call :_TS
Dir "%localappdata%\Microsoft\Windows\WER" /A /O:D /S /A /X)>"%userdir%\%Wer2%"
>"%userdir%\%Wer3%" Call :_TS
Set /A _TaskNumb+=1
Start "%_TaskName%%_TaskNumb%" /Min cmd /c "Where /r %systemdrive%\ /f /t *.wer >> "%userdir%\%Wer3%""
Call :_TS
Echo.
Echo.%Indent2%Obtaining Windows Error Reporting information . . . D O N E
Echo.
Call :_TS
Echo.
Echo.%Indent2%Running Windows Management Instrumentation -
Echo.
Echo.%Indent2%"Recoveros" and Page File . . .
(Call :_TSE "Windows Error Reporting Done" %errorlevel%
Echo.-
Echo.-
Call :_TS "Running Windows Management Instrumentation"
Echo.-)>>"%Logfile%"
:: Get WMIC RAM info - HTML
wmic memorychip list /format:htable /translate:nocomma > "%userdir%\%WMICRam%"
wmic /output:"%userdir%\%WMICROS%" recoveros get /all /format:list
wmic /append:"%userdir%\%WMICROS%" pagefile get /all /format:list
wmic /append:"%userdir%\%WMICROS%" pagefileset get /all /format:list
(Call :_TSE "Windows Management Instrumentation Done" %errorlevel%
Echo.-
Echo.-
Call :_TS "Listing running Tasks"
Echo.-)>>"%Logfile%"
:: WMIC batch - crash dump / page file
Echo.
Call :_TS
Echo.%Indent2%"Recoveros" and Page File . . . D O N E
Echo.
:: tasklist SVCHOST
Echo.
Echo.
Echo.%Indent2%Listing running Tasks . . . EXECUTING . . . Please Wait . . .
Echo.
(tasklist /svc /fi "imagename eq svchost.exe"
tasklist /v
tasklist /m)>"%userdir%\%TlSvcHost%"
Call :_TS
Echo.
Echo.%Indent2%Running executing Tasks Listing . . . D O N E
(Call :_TS "Running executing Tasks Listing . . . DONE"
Echo.
Echo.Issue cd cmd - Where are we? . . .
Call :_TSE "cd command issued" %errorlevel%
Echo.)>>"%Logfile%"
:autoruns
(Echo.
Call :_TS "Downloading and executing autorunsc.exe. . ."
Echo.)>>"%Logfile%"
:: ------------- A U T O R U N S -------------------
:: Starting the call to Stephen's Autoruns auto-download
:: AutoRuns Downloader - Stephen
echo.
Call :_TS
echo.
echo %Indent2%Downloading and executing autorunsc.exe. . .
set wgetpath=%TEMP%\wget.js
echo. > %wgetpath%
echo var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); >> %wgetpath%
echo WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false); >> %wgetpath%
echo WinHttpReq.Send(); >> %wgetpath%
echo BinStream = new ActiveXObject("ADODB.Stream"); >> %wgetpath%
echo BinStream.Type = 1; >> %wgetpath%
echo BinStream.Open(); >> %wgetpath%
echo BinStream.Write(WinHttpReq.ResponseBody); >> %wgetpath%
echo BinStream.SaveToFile("autorunsc.exe"); >> %wgetpath%
cscript /nologo %wgetpath% http://live.sysinternals.com/autorunsc.exe
autorunsc.exe /accepteula -a > "%UserProfile%\Documents\%userdir%\Autoruns.txt
del autorunsc.exe
echo.
Call :_TS
echo.
echo %Indent2%Autoruns. . . D O N E
(Echo.
Call :_TS "Downloading and executing autorunsc.exe. . . DONE"
Echo.)>>"%Logfile%"
:: ------------- A U T O R U N S -------------------
:: Copy dumps again - to be sure
:CpyDmps
(Echo.
Call :_TS "Copy dumps - 2nd time"
Echo.)>>"%Logfile%"
>Nul Copy /Y "%windir%\minidump\*.*" "%userdir%"
(Call :_TSE "Copy dumps - 2nd time . . . Done" %errorlevel%
Echo.
Call :_TS "Begin registry dump - program un-install strings in case needed")>>"%Logfile%"
Echo.
Echo.
Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
:: Echo.
:: Echo. Almost Finished . . . .
Echo.
>Nul Timeout /NOBREAK /T 4
:: Uninstall Strings
>"%userdir%\%Reg1%" Reg Query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /S
(Echo.
Call :_TSE "Regquery 1 . . . D O N E" %errorlevel%
Echo.)>>"%Logfile%"
>"%userdir%\%Reg2%" Reg Query HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall /S
(Call :_TSE "Regquery 2 . . . D O N E" %errorlevel%
Echo.)>>"%Logfile%"
:: Installed Programs
>"%userdir%\%Reg3%" Reg Query "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /S
(Call :_TSE "Regquery 3 . . . D O N E" %errorlevel%
Echo.
Dir %userdir%\*.* /A
Echo.
Call :_TSE "Dir command . . . Done" %errorlevel%
Echo.
Call :_TS "-- E O J - End of Job . . ."
Call :_TS "-- E O J - End of Job . . ."
Call :_TS "-- E O J - End of Job . . ."
Echo.)>>"%Logfile%"
:: Color 1E
Color 1E
::Cls
:: Write instructions into a text file to be displayed in Notepad
(Echo.set WshShell = WScript.CreateObject^("WScript.Shell"^)
Echo.WshShell.AppActivate "%usrinstr%")>"%_tmpFile5%"
(Echo.
Echo.We're all done! You should find the output already zipped to %userdir%.zip under %WrkDir%.
Echo.
Echo.Here's how to attach this file to your post:
Echo. - If using Quick Reply, click the Go Advanced button under the Reply box.
Echo. - Click the Paperclip at the top of the editor window, or scroll down and
Echo. %Indent3%click the Manage Attachments button in the Additional Options section.
Echo. %Indent3%You may have to expand the Additional Options section.
Echo. - Click the Browse... button and browse to your zipped file.
Echo. - Click the Upload button.
Echo. - Repeat for any more files, then close the Manage Attachments window.
Echo.
Echo.
Call :CpyRight
Echo.
Echo. * * * G O O D B Y E . . . jcgriff2
Echo. * * * G O O D B Y E . . . jcgriff2
Echo.)>"%userdir%\%usrinstr%"
copy /Y "%userdir%\%usrinstr%" "%temp%\%usrinstr%" >nul
(Echo.
Call :CpyRight
Echo.
Call :_TS "-- E O J - End of Job . . ."
Call :_TS "-- E O J - End of Job . . ."
Echo.)>> "%Logfile%"
Echo.
>Nul Timeout /NOBREAK /T 10
:: Set stat=-1
:: Set s1=0x0
:: Set s2=0x0
:: Set s3=0x0
:: Set s4=0x0
:: Set s5=0x0
:: Set s6=0x0
:systeminfo1
Set _Done=True
Tasklist /FI "IMAGENAME eq systeminfo.exe"|Findstr /I /C:"INFO:">Nul
If %ErrorLevel%==1 Set _Done=false
If %_Done%==false Echo.Waiting for SystemInfo&>Nul Timeout /NOBREAK /T 5&Goto SystemInfo1
:: >>"%userdir1%\%SysInfo1%" Call :_TS
:: Set s1=0x1
:_Check
Set _Count=1
Set _Done=True
:_ChkLoop
Tasklist /FI "WINDOWTITLE eq %_TaskName%%_Count%"|Findstr /I /C:"INFO:">Nul
If %ErrorLevel%==1 Set _Done=false
If %_Count% LSS %_TaskNumb% (Set /A _Count+=1) & Goto _ChkLoop
If %_Done%==false Echo.Waiting for Tasks to complete&>Nul Timeout /NOBREAK /T 10&Goto _Check
:_ChkMsinfo
Tasklist /FI "IMAGENAME eq msinfo32.exe"|Findstr /I /C:"INFO:">Nul
If %ErrorLevel%==1 Echo.Waiting for System Information to complete&>Nul Timeout /NOBREAK /T 15&Goto _ChkMsinfo
Echo.
Echo.
Echo.%Indent2%Zipping output files . . .
"%CppWrapperPath%" /z %WrkDir%\%userdir%^|%WrkDir%\%userdir%.zip
Echo.%Indent2%Zipping output files . . . D O N E
Start "" "%SystemRoot%\Explorer.exe" /n,/e,/select,"%WrkDir%\%userdir%.zip"
Echo.
Call :_TS
Echo.
Echo.All tasks complete, the window will close and instructions will appear shortly.
Call :_TS All tasks complete>>"%Logfile%
>Nul Timeout /NOBREAK /T 5
:_UserInst
rem Start "%usrinstr%" Notepad "%temp%\%usrinstr%"
Start /MAX Notepad "%userdir%\%usrinstr%"
Cscript /nologo "%_tmpFile5%"
For /F "Tokens=2 Delims==" %%I In ('Set _tmpFile') Do If Exist "%%~I" Del "%%~I"
If not "%CppWrapperNoDelete%" == "set" rmdir /S /Q "%WrkDir%\%userdir%"
:: ============ E O J ================
:: ============ E O J ================
:: ============ E O J ================
Goto :_EOJ
:: Subroutines
:_TSE
Set _PadTmp=%~1
Set _PadTmp=%_PadTmp%%_Pad%
Echo.%date% %time% %_PadTmp:~0,42%- error level - %2
Goto :EOF
Echo.%date% %time% %~1
Goto :EOF
:_ChkVer
Set _Ver=0
Set _Verchk=0
Ver|Find "[">Nul
If ERRORLEVEL 1 Goto _NoRun
Ver|Find "Version 4">Nul
If ERRORLEVEL 1 Goto _NTType
Ver|Find "Version 4.00">Nul
If ERRORLEVEL 1 Goto _Chk98
Goto _NoRun
:_Chk98
Ver|Find "Version 4.10">Nul
If ERRORLEVEL 1 Goto _ChkME
Goto _NoRun
:_ChkME
Ver|Find "Version 4.90">Nul
If ERRORLEVEL 1 Goto _VerError
Goto _NoRun
:_NTType
For /F "Tokens=1* Delims=[." %%I In ('Ver') Do For /F "Tokens=2,3 Delims=. " %%K In ('Echo %%J') Do (Set /A _Maj=%%K)&(Set /A _Min=%%L)
Set _Ver=%_Maj%%_Min%
If %_Ver% GTR 53 (Set _VerChk=1) & Goto :EOF
:_NoRun
Set _VerChk=0
Goto :EOF
:_VerError
(Echo.
Echo. Unable to determine the Windows OS version.
Echo.)>"%ErrFile%"
Call :_ErrPre
Goto _Errtail
:_FatalErr
(Echo.
Echo. There is a problem with the Environement variables on this system.
Echo. Unable to determine the location of the Documents or Desktop folders.)>"%ErrFile%"
Call :_ErrPre
(Echo. HomeDrive%_Tab%%HomeDrive%
Echo. HomePath%_Tab%%HomePath%
Echo. Userprofile%_Tab%%Userprofile%)>>"%ErrFile%"
:_Errtail
>>"%ErrFile%" Echo.%Spacer2%
Start "" /MAX Notepad "%ErrFile%"
Goto _EOJ
:_ErrPre
(Echo.
Echo. Copy and paste the following information to the
Echo. forum where you are receiving assistance:
Echo.%Spacer2%
Ver
Echo.)>>"%ErrFile%"
Goto :EOF
:_WrongVer
Echo.
Echo.%Spacer2%
Echo.
Echo. This program is not supported on versions of Windows prior to Vista
Goto _EOJp
:_NotAdmin
Echo.
Echo.%Spacer2%
Echo.
Echo. This program must be run with Elevated Privileges.
Echo. Please restart the program by Right clicking the file,
Echo. then clicking Run as Administrator.
:_EOJp
Color 1E
Echo.
Echo.%Spacer2%
Echo.
Pause
:_EOJ
If Defined NoExit (PopD & Goto :EOF) Else Exit
temp
Set CppWrapperPath=
Set CppWrapperNoDelete=set
\SysnativeBSODCollectionApp.bat
%SystemRoot%\System32\cmd.exe
Failed to completely create output zip file with return code %d.
/nodelete
jHq
kdz
rqg
LhX
Qkkbal
Zjz
i]Wb
knv
owG
kaE
MGiI
wn>Jj
ldE
koi
qTp
OYX
hwe
HRp
Fzw
eGn
Bzw
[-&LMb#{'
w+OQvr
mcf
SKyu
AsX
CPh
)\ZEo^m/
vUu
ru&o
wXR
H*0"ZOW
{kHw
!AxU
fAj
Vc0a
Mvc
dQy/
lDa>
C-Yn
Vdk
gqr<
XhL
kkQ
lab
LeM
mj>zjZ
l6qnk
zZg
jpf
iak
IiGM>nw
EVZ
pTq
ewh/?y
TcM
1wsHp
nuS
M8MF
#bML"
vQO+t
ljw
uyO
XsBI
hPU3
gWu
^oEZ_
uUv
w3Xc
OZw3(?
RXw
wHk
LDo
fP~V
UxA
NJ2"v
jAf
fu`z
/yQA
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
need dictionary
RSDS
C:\Users\Richard\Documents\Visual Studio 2010\Projects\SysnativeBSODCollectionApp\SysnativeBSODCollectionApp\Release\SysnativeBSODCollectionApp.pdb
ExpandEnvironmentStringsW
CreatePipe
SetHandleInformation
CloseHandle
CreateProcessW
ReadFile
WaitForSingleObject
GetExitCodeProcess
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetFileAttributesW
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetLastError
GetCurrentProcessId
GetModuleFileNameW
GetEnvironmentVariableW
KERNEL32.dll
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?close@?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??_D?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
MSVCP80.dll
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
fclose
_wcsdup
free
iswspace
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
wprintf_s
malloc
_ftelli64
_fseeki64
fopen
fread
ferror
fwrite
MSVCR80.dll
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
.?AVtype_info@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
wwww
ppp
wwwx
wppwx
pwp
www
wwp
wxw
AAA
EEE
III
MMM
QQQ
UUU
YYY
aaa
eee
iii
nnn
qqq
vvv
yyy
VS_VERSION_INFO
StringFileInfo
CompanyName
Sysnative
FileDescription
Diagnostic Logfile Collection
FileVersion
InternalName
SysnativeFileCollectionApp.exe
LegalCopyright
Copyright 2008-2014, Sysnative
OriginalFilename
SysnativeFileCollectionApp.exe
ProductName
Sysnative File Collection App
ProductVersion
VarFileInfo
Translation
FFF
JJJ
MMM
QQQ
UUU
aaa
ddd
hhh
mmm
qqq
uuu
xxx
CCC
KKK
MMM
WWW
YYY
fff
jjj
ppp
xxx
KzzzKuuuKtttKyyyK
ZZZ
ddd
AAA
ddd
bbb
lll
hhh
ZZZ
ccc
OOO
sss
PPP
FFF
aaa
ttt
jjj
RRR
ppp
LLL
UUU
uuu
HHH
BBB
xxx
ddd
mmm
yyy
ccc
ccc
UUU
Zuuu
rrr
ttt
fff
zzz
lll
ggg
ggg
nnn
LLL
9www
eee
aaa
GGG
RRR
sss
DDD
LLL
III
qqq
QQQ
lll
fff
RRR
^uuu
ttt
KKK
www
kkk
HHH
LLL
PPP
FFF
zzz!
eee
sss
>ppp
ppp
nvvv
uuu
NNN
OOO
lll
DDD
NNN
ooo
nnn
EEE
GGG
NNN
TTT
TTT
NNN
jjj
ddd
YYY
OOO
fff
WWW
WWW
BBB
ggg
EEE
VVV
KKK
KKK
TTT
zzz
qqq
ppp
sss
qqq
ooo iii(ccc)ccc)hhh(ooo"sss
vvv
lll
sss
ggg
zzz
qqq
bbb
iii
|aaa
SSS
bbb
HHH
RRR
III
EEE
{xxx
VVV
kkk
uuu
fff
rrr
UUU
eee
nnn
yyy
wooo
lll
rrr
YYY
www
ccc
jjj
iii
jjj
eee
|lll
sss
GGG
EEE
xxx
HHH
xyyy
GGG
rrr
XXX
iii
fff
qqq
jjj
YYY
8xxx
kkk
hhh
ccc
ZZZ
ggg
nnn
hhh
evvvl
8mmm
LLL
qqq
ccc
/PPP
FFF
yyy
rrr
RRR
BBB
rrr
rrr
aaa
www
FFF
ppp
mmm
aaa
/NNN
EEE
NNN
ttt
Ahhh
uuu
ddd
eee
bbb
XXX
fff
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.42" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
:$:+:;:M:V:\:j:w:
;4;E;Q;];b;k;
</<G<_<j<y<
=)=/=C=I=b=h=
0#0*060?0E0N0^0e0v0
2:2A2[2m2y2
0G0Y0i0
424Q4e4v4
565G5b5r5
4$4*404V4e4y4
:+;1;9;F;r;x;
=-=4=9=J=`=m=y=~=
>+>;>K>U>e>u>
1"272N2T2f2
223M3S3v3
6F6R6f6s6
2"2.2:2N2`2l2y2
3*363J3\3h3u3
3#454A4M4q4
C1U1g1y1b3
2L2V2]2c2h2m2r2w2}2
3+30393>3K3\3b3i3}3
4"4k4q4y4
5#5*51585?5F5M5U5]5e5q5z5
;+;E;N;W;p;
=2=E=N=n=
>(>1>T>e>n>z>
?5?K?e?q?}?
0%0.070f0o0x0
3(313:3C3O3[3d3{3
T2X2\2h2l2
6 8$84888@8X8h8l8|8
9 9(9@9P9T9\9t9
: :(:<:D:X:`:t:|:
>H>\>h>p>
?$?,?4?<?D?L?T?`?
0(040T0\0d0l0t0|0
2$202P2X2d2
3$3D3L3T3\3d3l3t3|3
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
Greater Manchester1
Salford1
COMODO CA Limited1*0(
!COMODO SHA-1 Time Stamping Signer0
RSBm"
tPC}
*TzP
WvBo
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA0
=U5W5H
https://secure.comodo.com/CPS0L
E0C0A
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
low
4NjTL
!XaF^
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA0
Private Organization1
BA2 4DP1
Avon1
Bath110/
(Top Floor Flat, 50 Great Pulteney Street1&0$
Sysnative Forums Software Ltd1&0$
Sysnative Forums Software Ltd0
YeO
uld
https://secure.comodo.com/CPS0U
N0L0J
Dhttp://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
z0x0P
Dhttp://crt.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crt0$
http://ocsp.comodoca.com0S
+sysnative-forums-software-ltd@sysnative.com0
N2qX
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA
bsA
`hyn
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
3%*eHl
uBS
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA0
=U5W5H
https://secure.comodo.com/CPS0L
E0C0A
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
low
4NjTL
!XaF^
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA0
Private Organization1
BA2 4DP1
Avon1
Bath110/
(Top Floor Flat, 50 Great Pulteney Street1&0$
Sysnative Forums Software Ltd1&0$
Sysnative Forums Software Ltd0
YeO
uld
https://secure.comodo.com/CPS0U
N0L0J
Dhttp://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
z0x0P
Dhttp://crt.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crt0$
http://ocsp.comodoca.com0S
+sysnative-forums-software-ltd@sysnative.com0
N2qX
Greater Manchester1
Salford1
COMODO CA Limited1705
.COMODO RSA Extended Validation Code Signing CA
yUr
UvV
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer0
fO\r6{
'1Oqtn
lZGfD{
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
SXX
uyl
LTa
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
3TAeL
Last edited: