1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Need help with c000021a error

Discussion in 'Malware and Virus Removal' started by Denzel, 2016/11/17.

Tags:
  1. 2016/11/17
    Denzel

    Denzel Active Member Thread Starter

    Joined:
    2016/11/17
    Messages:
    5
    Likes Received:
    0
    This morning I ran into the c000021a error. I'm having the same symptoms and so far have taken the same steps as in this thread here,

    Solved - Error during startup: Stop: c000021a (Fatal System Error)

    I've taken the first steps towards fixing this but it was noted by broni that no one else should use the attached fixes due to them being specific to that system. I've scanned my PC, the log is below.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
    Ran by SYSTEM on MININT-VIMR73E (18-11-2016 03:12:25)
    Running from J:\
    Platform: Windows 7 Ultimate (X64) Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery
    Default: ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    ATTENTION: Software hive is not loaded.

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-05] ()
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-22] (BlueStack Systems, Inc.)
    S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-22] (BlueStack Systems, Inc.)
    S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [917016 2016-03-22] (BlueStack Systems, Inc.)
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
    S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-24] (Digital Wave Ltd.)
    S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
    S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
    S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
    S4 lxcf_device; C:\Windows\system32\lxcfcoms.exe [566192 2007-02-23] ( )
    S4 lxcf_device; C:\Windows\SysWOW64\lxcfcoms.exe [537520 2007-02-23] ( )
    S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
    S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [54544 2016-11-13] (Copyright (c) 2016 Plays.tv, LLC)
    S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-07-20] ()
    S4 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2015-07-20] ()
    S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S4 AxAutoMntSrv; G:\Alcohol 120\AxAutoMntSrv.exe [X]
    S2 StarWindServiceAE; G:\Alcohol 120\StarWind\StarWindServiceAE.exe [X]
    S3 Visual Studio Analyzer RPC bridge; D:\vb6\Tools\VS-Ent98\Vanalyzr\varpc.exe [X]
    S2 VMAuthdService; K:\VM\vmware-authd.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
    S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-22] (BlueStack Systems)
    S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
    S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
    S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-17] (Disc Soft Ltd)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-24] (Qualcomm Atheros Co., Ltd.)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
    S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
    S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-02-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-08-12] (Duplex Secure Ltd.)
    S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1917576 2010-06-07] (Syntek)
    S3 TDIMSYS; C:\Windows\SysWOW64\drivers\TDIMSYS.SYS [31312 2014-08-03] ()
    S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
    S1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2016-01-19] (Oracle Corporation)
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2014-11-24] (Oracle Corporation)
    S0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
    S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-19] (VIA Technologies, Inc.)
    S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [33624 2016-07-07] (Windows (R) Win 7 DDK provider)
    S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-19] (VIA Technologies, Inc.)
    S3 ALSysIO; \??\C:\Users\denzel\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S1 ISODrive; \??\G:\ULTRA\UltraISO\drivers\ISODrv64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 VSPerfDrv100; \??\D:\visual studio\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-18 03:12 - 2016-11-18 03:12 - 00000000 ____D C:\FRST
    2016-11-18 01:29 - 2016-11-18 01:29 - 00024576 _____ C:\BCD_backup
    2016-11-17 13:40 - 2016-11-17 13:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\.goutputstream-G012QY
    2016-11-17 13:40 - 2009-07-13 17:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\csrss.exe
    2016-11-16 09:46 - 2016-11-16 09:46 - 07650529 _____ C:\Users\denzel\Downloads\FTB_Launcher (1).exe
    2016-11-15 15:01 - 2016-11-15 15:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2016-11-14 15:52 - 2016-11-14 15:52 - 03015061 _____ C:\Users\denzel\Desktop\Untitled.mp4
    2016-11-14 15:51 - 2016-11-14 15:53 - 00031952 _____ C:\Users\denzel\Desktop\Untitled.m2ts.sfk
    2016-11-14 15:50 - 2016-11-14 15:50 - 39708672 _____ C:\Users\denzel\Desktop\Untitled.m2ts
    2016-11-14 15:50 - 2016-11-14 15:50 - 00000074 _____ C:\Users\denzel\Desktop\Untitled.m2ts.sfl
    2016-11-14 15:47 - 2016-11-14 15:50 - 00004464 _____ C:\Users\denzel\Desktop\videoplayback (1).mp4.sfk
    2016-11-14 15:47 - 2016-11-14 15:47 - 00321728 _____ C:\Users\denzel\Desktop\videoplayback (1).mp4
    2016-11-14 15:45 - 2016-11-14 15:46 - 00006496 _____ C:\Users\denzel\Desktop\videoplayback.mp4.sfk
    2016-11-14 15:45 - 2016-11-14 15:45 - 00220456 _____ C:\Users\denzel\Desktop\videoplayback.mp4
    2016-11-14 12:50 - 2016-11-14 12:59 - 00017411 _____ C:\Users\denzel\Desktop\kresh msg.txt
    2016-11-14 10:59 - 2016-11-14 10:59 - 00000000 ____D C:\Users\denzel\Documents\Curse
    2016-11-14 10:47 - 2016-11-14 10:48 - 23602658 _____ C:\Users\denzel\Downloads\FTBPresentsHermitPack-1.4.0-1.10.2.zip
    2016-11-14 10:25 - 2016-11-16 09:31 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Curse Client
    2016-11-14 10:25 - 2016-11-14 10:25 - 00001050 _____ C:\Users\denzel\Desktop\Curse.lnk
    2016-11-14 10:23 - 2016-11-14 10:23 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Curse
    2016-11-14 10:20 - 2016-11-14 10:23 - 77869008 _____ (Curse) C:\Users\denzel\Downloads\CurseClientSetup_[plugin-Minecraft].exe
    2016-11-13 06:04 - 2016-11-13 06:05 - 09510210 _____ C:\Users\denzel\Desktop\14653531_1781004575490151_6410364690735562752_n.mp4
    2016-11-11 12:56 - 2016-11-11 12:56 - 00000000 _____ C:\Windows\System32\Drivers\SETD435.tmp
    2016-11-11 12:56 - 2016-11-11 12:56 - 00000000 _____ C:\Windows\System32\Drivers\SET2679.tmp
    2016-11-11 12:55 - 2016-11-11 12:55 - 00000000 _____ C:\Windows\System32\Drivers\SET82FA.tmp
    2016-11-11 12:50 - 2016-11-11 12:50 - 00000000 ____D C:\hp
    2016-11-11 12:50 - 2007-01-23 22:26 - 00081920 _____ ( ) C:\Windows\SysWOW64\rsnp2uvc.dll
    2016-11-11 12:50 - 2007-01-16 19:04 - 09599872 _____ () C:\Windows\SysWOW64\Drivers\snp2uvc.sys
    2016-11-11 12:50 - 2007-01-16 19:01 - 00027904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\sncduvc.sys
    2016-11-11 12:50 - 2007-01-13 02:17 - 00299008 _____ (Sonix) C:\Windows\SysWOW64\vsnp2uvc.dll
    2016-11-11 12:50 - 2006-12-29 03:48 - 00569344 _____ (Sonix) C:\Windows\vsnp2uvc.exe
    2016-11-11 12:50 - 2006-05-19 19:53 - 00013022 _____ C:\Windows\snp2uvc.src
    2016-11-11 12:50 - 2006-05-19 19:39 - 00015497 _____ C:\Windows\snp2uvc.ini
    2016-11-11 12:50 - 2005-11-22 12:40 - 00018944 _____ ( ) C:\Windows\System32\csnp2uvc.dll
    2016-11-11 12:50 - 2004-08-09 09:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe
    2016-11-11 12:49 - 2016-11-11 12:49 - 12734256 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\denzel\Downloads\Voodoo_m152_Webcam_Driver_5.8.9.2.exe
    2016-11-11 12:47 - 2016-11-11 12:48 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2016-11-11 12:47 - 2016-11-11 12:47 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Universal Village Corporation
    2016-11-11 12:47 - 2016-11-11 12:47 - 00000000 ____D C:\ProgramData\Caphyon
    2016-11-11 12:44 - 2016-11-11 12:47 - 22098008 _____ (Universal Village Corporation) C:\Users\denzel\Downloads\uvc_setup.exe
    2016-11-11 12:43 - 2016-11-11 12:43 - 00000000 _____ C:\Windows\System32\Drivers\SETB8F7.tmp
    2016-11-11 12:22 - 2016-11-11 12:22 - 00000000 ____D C:\Users\denzel\AppData\Local\DriverToolkit
    2016-11-11 12:22 - 2016-11-11 12:22 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
    2016-11-11 12:21 - 2016-11-11 12:21 - 02449376 _____ (Megaify Software ) C:\Users\denzel\Downloads\DriverToolkitInstaller.exe
    2016-11-11 12:20 - 2016-11-11 12:20 - 02460564 _____ C:\Users\denzel\Downloads\usbcam_2.8.9_tis.zip
    2016-11-11 12:17 - 2016-11-11 12:17 - 00000000 _____ C:\Windows\System32\Drivers\SET8B91.tmp
    2016-11-09 12:49 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2016-11-09 12:49 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
    2016-11-09 12:49 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
    2016-11-09 12:49 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
    2016-11-09 12:49 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
    2016-11-09 12:49 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-11-09 12:49 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2016-11-09 12:49 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2016-11-09 12:49 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2016-11-09 12:49 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-11-09 12:49 - 2016-10-27 19:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2016-11-09 12:49 - 2016-10-27 19:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-11-09 12:49 - 2016-10-27 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2016-11-09 12:49 - 2016-10-27 11:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
    2016-11-09 12:49 - 2016-10-27 10:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2016-11-09 12:49 - 2016-10-27 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
    2016-11-09 12:49 - 2016-10-27 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
    2016-11-09 12:49 - 2016-10-27 10:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2016-11-09 12:49 - 2016-10-27 10:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
    2016-11-09 12:49 - 2016-10-27 10:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2016-11-09 12:49 - 2016-10-27 10:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2016-11-09 12:49 - 2016-10-27 10:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2016-11-09 12:49 - 2016-10-27 10:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2016-11-09 12:49 - 2016-10-27 10:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2016-11-09 12:49 - 2016-10-27 10:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
    2016-11-09 12:49 - 2016-10-27 10:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2016-11-09 12:49 - 2016-10-27 10:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
    2016-11-09 12:49 - 2016-10-27 10:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2016-11-09 12:49 - 2016-10-27 10:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2016-11-09 12:49 - 2016-10-27 10:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2016-11-09 12:49 - 2016-10-27 10:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2016-11-09 12:49 - 2016-10-27 10:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
    2016-11-09 12:49 - 2016-10-27 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2016-11-09 12:49 - 2016-10-27 10:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2016-11-09 12:49 - 2016-10-27 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2016-11-09 12:49 - 2016-10-27 10:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2016-11-09 12:49 - 2016-10-27 10:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
    2016-11-09 12:49 - 2016-10-27 09:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2016-11-09 12:49 - 2016-10-27 09:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2016-11-09 12:49 - 2016-10-27 09:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2016-11-09 12:49 - 2016-10-27 09:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2016-11-09 12:49 - 2016-10-27 09:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2016-11-09 12:49 - 2016-10-27 09:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2016-11-09 12:49 - 2016-10-27 09:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2016-11-09 12:49 - 2016-10-27 09:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2016-11-09 12:49 - 2016-10-27 08:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2016-11-09 12:49 - 2016-10-27 07:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-11-09 12:49 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2016-11-09 12:49 - 2016-10-22 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-11-09 12:49 - 2016-10-22 09:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-11-09 12:49 - 2016-10-22 09:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-11-09 12:49 - 2016-10-22 09:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-11-09 12:49 - 2016-10-22 09:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-11-09 12:49 - 2016-10-22 09:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-11-09 12:49 - 2016-10-22 09:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-11-09 12:49 - 2016-10-22 09:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-11-09 12:49 - 2016-10-22 09:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-11-09 12:49 - 2016-10-22 09:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-11-09 12:49 - 2016-10-22 09:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-11-09 12:49 - 2016-10-22 09:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-11-09 12:49 - 2016-10-22 09:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-11-09 12:49 - 2016-10-22 09:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-11-09 12:49 - 2016-10-22 09:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-11-09 12:49 - 2016-10-22 09:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-11-09 12:49 - 2016-10-22 08:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-11-09 12:49 - 2016-10-22 08:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-11-09 12:49 - 2016-10-22 08:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-11-09 12:49 - 2016-10-22 08:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-11-09 12:49 - 2016-10-22 08:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-11-09 12:49 - 2016-10-22 08:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-11-09 12:49 - 2016-10-22 08:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-11-09 12:49 - 2016-10-22 08:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-11-09 12:49 - 2016-10-22 08:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-11-09 12:49 - 2016-10-22 08:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-11-09 12:49 - 2016-10-22 08:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-11-09 12:49 - 2016-10-22 08:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-11-09 12:49 - 2016-10-22 08:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-11-09 12:49 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
    2016-11-09 12:49 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
    2016-11-09 12:49 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-11-09 12:49 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2016-11-09 12:49 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
    2016-11-09 12:49 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10.IME
    2016-11-09 12:49 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
    2016-11-09 12:49 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
    2016-11-09 12:49 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\System32\imkr80.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\input.dll
    2016-11-09 12:49 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\System32\tintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\quick.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\qintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\phon.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\cintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\chajei.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\System32\pintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
    2016-11-09 12:49 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2016-11-09 12:49 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2016-11-09 12:49 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
    2016-11-09 12:49 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2016-11-09 12:49 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
    2016-11-09 12:49 - 2016-10-10 07:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2016-11-09 12:49 - 2016-10-10 07:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2016-11-09 12:49 - 2016-10-10 07:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
    2016-11-09 12:49 - 2016-10-10 07:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2016-11-09 12:49 - 2016-10-10 07:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
    2016-11-09 12:49 - 2016-10-10 07:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-11-09 12:49 - 2016-10-10 07:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
    2016-11-09 12:49 - 2016-10-10 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
    2016-11-09 12:49 - 2016-10-10 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
    2016-11-09 12:49 - 2016-10-10 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
    2016-11-09 12:49 - 2016-10-10 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2016-11-09 12:49 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-11-09 12:49 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-11-09 12:49 - 2016-10-07 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2016-11-09 12:49 - 2016-10-07 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2016-11-09 12:49 - 2016-10-07 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
    2016-11-09 12:49 - 2016-10-07 07:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-11-09 12:49 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-11-09 12:49 - 2016-10-07 07:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 01114112 ____N C:\Windows\SysWOW64\kernel32.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
    2016-11-09 12:49 - 2016-10-07 07:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
    2016-11-09 12:49 - 2016-10-07 07:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
    2016-11-09 12:49 - 2016-10-07 07:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2016-11-09 12:49 - 2016-10-07 07:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
    2016-11-09 12:49 - 2016-10-07 06:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
    2016-11-09 12:49 - 2016-10-07 06:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-11-09 12:49 - 2016-10-07 06:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-11-09 12:49 - 2016-10-07 06:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-11-09 12:49 - 2016-10-07 06:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-11-09 12:49 - 2016-10-07 06:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 06:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 06:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 06:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
    2016-11-09 12:49 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
    2016-11-09 12:49 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2016-11-09 12:49 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-11-09 12:49 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2016-11-09 12:49 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2016-11-09 12:49 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
    2016-11-06 12:25 - 2016-11-06 12:26 - 08185885 _____ C:\Users\denzel\Downloads\xposed-v84-sdk23-arm64.zip
    2016-11-06 12:21 - 2016-11-06 12:22 - 00311894 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-arm64 (2).zip
    2016-11-06 12:21 - 2016-11-06 12:21 - 00000819 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-arm64.zip.asc
    2016-11-06 12:20 - 2016-11-06 12:20 - 00454869 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-x86.zip
    2016-11-06 12:20 - 2016-11-06 12:20 - 00000819 _____ C:\Users\denzel\Downloads\xposed-v86-sdk23-arm64.zip.asc
    2016-11-06 12:20 - 2016-11-06 12:20 - 00000819 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-x86.zip.asc
    2016-11-06 12:15 - 2016-11-06 12:22 - 08189211 _____ C:\Users\denzel\Downloads\xposed-v86-sdk23-arm64 (1).zip
    2016-11-06 09:58 - 2016-11-06 09:58 - 00000873 _____ C:\Users\denzel\Downloads\UPDATE-unSU.zip
    2016-11-06 09:54 - 2016-11-06 09:54 - 00311154 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-arm64.zip
    2016-11-06 09:54 - 2016-11-06 09:54 - 00311154 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-arm64 (1).zip
    2016-11-06 09:46 - 2016-11-06 09:48 - 08188734 _____ C:\Users\denzel\Downloads\xposed-v86-sdk23-arm64.zip
    2016-11-06 00:37 - 2016-11-06 00:37 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
    2016-11-06 00:36 - 2016-11-06 00:37 - 00000000 ____D C:\Users\denzel\Documents\Controller Vibration Tester
    2016-11-06 00:35 - 2016-11-06 00:35 - 06860294 _____ () C:\Users\denzel\Downloads\ControllerVibrationTester_v0.6b_Fixed.exe
    2016-11-04 08:04 - 2016-10-07 21:33 - 00000000 ____D C:\Users\denzel\Downloads\mcedit2-win64-2.0.0-beta6
    2016-11-04 08:00 - 2016-11-04 08:04 - 38500732 _____ (Igor Pavlov) C:\Users\denzel\Downloads\mcedit2-win64-2.0.0-beta6.exe
    2016-11-02 03:43 - 2016-11-02 03:43 - 00000000 ____D C:\Users\denzel\Documents\Virtual Machines
    2016-10-26 16:18 - 2016-10-28 07:07 - 00000000 ____D C:\Users\denzel\AppData\Local\YzvqPack
    2016-10-26 16:14 - 2016-10-26 16:19 - 00000000 ____D C:\Program Files (x86)\DPower
    2016-10-26 16:03 - 2016-10-26 16:03 - 00000000 ____D C:\Users\denzel\.QtWebEngineProcess
    2016-10-26 16:03 - 2016-10-26 16:03 - 00000000 ____D C:\Users\denzel\.Plays.tv
    2016-10-25 07:46 - 2016-10-25 07:47 - 00002441 _____ C:\Users\denzel\Downloads\beep.zip
    2016-10-23 14:51 - 2016-10-23 14:52 - 16642048 _____ C:\Users\denzel\Downloads\mumble-1.2.17.msi
    2016-10-23 11:56 - 2016-10-23 11:56 - 00304531 _____ C:\Users\denzel\Downloads\XRay-33.jar
    2016-10-23 11:36 - 2016-10-23 11:36 - 01936025 _____ C:\Users\denzel\Downloads\OptiFine_1.10.2_HD_U_D1.jar
    2016-10-23 11:32 - 2016-10-23 11:32 - 00570370 _____ C:\Users\denzel\Downloads\Xray-Ultimate-1.10.zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-16 21:53 - 2016-02-18 14:19 - 00506682 _____ C:\Windows\ntbtlog.txt
    2016-11-16 21:32 - 2016-04-01 08:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2016-11-16 21:23 - 2013-05-23 17:16 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Audacity
    2016-11-16 21:16 - 2014-07-14 12:09 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Skype
    2016-11-16 21:12 - 2009-07-13 20:45 - 00017184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-11-16 21:12 - 2009-07-13 20:45 - 00017184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-11-16 21:04 - 2014-10-05 07:18 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-11-16 21:04 - 2014-09-11 08:40 - 00000000 ____D C:\Users\denzel\AppData\Roaming\TS3Client
    2016-11-16 21:04 - 2013-05-20 15:19 - 00000000 ____D C:\ProgramData\Skype
    2016-11-16 21:03 - 2013-06-12 14:18 - 00000000 ____D C:\Users\denzel\AppData\Roaming\vlc
    2016-11-16 19:11 - 2016-10-09 07:56 - 00000000 ____D C:\Users\denzel\AppData\Roaming\PlaysTV
    2016-11-16 19:11 - 2016-01-16 04:50 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Raptr
    2016-11-16 16:35 - 2016-03-21 14:08 - 00000000 ____D C:\Users\denzel\AppData\Local\ftblauncher
    2016-11-16 10:38 - 2014-12-03 12:29 - 00000000 ____D C:\Users\denzel\AppData\Local\LogMeIn Hamachi
    2016-11-16 10:34 - 2015-02-14 18:56 - 00000000 ____D C:\Users\denzel\AppData\Local\CrashDumps
    2016-11-16 09:46 - 2016-03-21 14:08 - 00000000 ____D C:\Users\denzel\AppData\Roaming\ftblauncher
    2016-11-16 08:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
    2016-11-16 07:40 - 2013-05-20 15:17 - 00000000 ____D C:\Users\denzel\AppData\Roaming\BitTorrent
    2016-11-16 07:40 - 2009-07-13 21:13 - 00872498 _____ C:\Windows\System32\PerfStringBackup.INI
    2016-11-16 07:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
    2016-11-16 07:32 - 2014-02-09 14:31 - 25302016 ___SH C:\Users\denzel\Desktop\Thumbs.db
    2016-11-16 07:17 - 2015-12-07 07:53 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2016-11-16 07:09 - 2016-10-13 22:16 - 00000000 ____D C:\ProgramData\VMware
    2016-11-16 07:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-11-15 18:07 - 2016-09-24 04:07 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
    2016-11-15 18:07 - 2016-09-24 04:07 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
    2016-11-13 02:17 - 2016-03-09 11:51 - 00000000 ____D C:\Windows\rescache
    2016-11-11 12:50 - 2013-05-20 14:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-11-11 09:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2016-11-11 05:47 - 2014-03-27 19:25 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
    2016-11-10 12:32 - 2009-07-13 20:45 - 05059696 _____ C:\Windows\System32\FNTCACHE.DAT
    2016-11-09 19:13 - 2013-07-11 11:41 - 00000000 ____D C:\Windows\System32\MRT
    2016-11-09 19:09 - 2013-05-20 16:13 - 141011376 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2016-11-07 17:39 - 2009-07-13 18:34 - 00000730 _____ C:\Windows\win.ini
    2016-11-07 07:18 - 2013-05-20 14:53 - 00000000 ____D C:\users\denzel
    2016-11-02 10:43 - 2013-05-20 14:55 - 00000000 ____D C:\Users\denzel\AppData\Local\Google
    2016-11-02 03:48 - 2016-10-13 22:24 - 00000000 ____D C:\Users\denzel\AppData\Local\VMware
    2016-11-02 03:44 - 2016-10-13 22:24 - 00000000 ____D C:\Users\denzel\AppData\Roaming\VMware
    2016-11-02 03:16 - 2015-01-31 10:40 - 00001908 _____ C:\Windows\diagwrn.xml
    2016-11-02 03:16 - 2015-01-31 10:40 - 00001908 _____ C:\Windows\diagerr.xml
    2016-10-31 14:24 - 2009-07-13 21:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-10-29 16:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
    2016-10-27 06:09 - 2014-09-03 16:50 - 00000000 ____D C:\ProgramData\ParetoLogic
    2016-10-27 06:09 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
    2016-10-26 08:29 - 2013-05-20 15:23 - 00485032 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2016-10-25 07:01 - 2015-08-06 15:56 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Adobe
    2016-10-23 12:35 - 2013-11-03 12:57 - 00000000 ____D C:\Users\denzel\AppData\Roaming\.minecraft
    2016-10-23 07:22 - 2016-05-31 07:22 - 00000000 ____D C:\Program Files (x86)\Minecraft
    2016-10-19 16:47 - 2013-05-20 15:28 - 00000000 ____D C:\Users\denzel\AppData\Local\Microsoft Games

    Files to move or delete:
    ====================
    C:\Users\denzel\AppData\Roaming\cache.ini


    ==================== Known DLLs (Whitelisted) =========================

    [2016-11-09 12:49] - [2016-10-07 07:12] - 1114112 ____N () C:\Windows\SysWOW64\kernel32.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe
    [2016-10-12 08:55] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

    C:\Windows\SysWOW64\explorer.exe
    [2016-10-12 08:55] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll
    [2015-12-09 09:37] - [2016-08-16 09:36] - 1009152 ____A (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652

    C:\Windows\SysWOW64\User32.dll
    [2015-12-09 09:37] - [2016-08-15 18:48] - 0833024 ____A (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510

    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\dnsapi.dll => MD5 is legit
    C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 8%
    Total physical RAM: 16344.03 MB
    Available physical RAM: 15007.87 MB
    Total Virtual: 16342.18 MB
    Available Virtual: 15078.44 MB

    ==================== Drives ================================

    Drive c: (Local Disk) (Fixed) (Total:238.37 GB) (Free:4.73 GB) NTFS
    Drive d: (threeT) (Fixed) (Total:51.88 GB) (Free:51.76 GB) NTFS
    Drive f: (threeT2) (Fixed) (Total:2794.39 GB) (Free:1395.24 GB) NTFS
    Drive g: (oneT) (Fixed) (Total:931.39 GB) (Free:14.69 GB) NTFS
    Drive i: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.25 GB) (Free:0 GB) UDF
    Drive j: () (Removable) (Total:115.11 GB) (Free:44.1 GB) NTFS
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 873B252A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 2794.5 GB) (Disk ID: EB4FEB4F)

    Partition: GPT.

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: EB4FEB50)

    Partition: GPT.

    ========================================================
    Disk: 3 (Size: 931.5 GB) (Disk ID: EB3AEB3A)

    Partition: GPT.

    ========================================================
    Disk: 4 (Size: 115.1 GB) (Disk ID: 6E697373)
    No partition Table on disk 4.


    LastRegBack: 2016-04-28 09:35

    ==================== End of FRST.txt ============================
     
    Denzel,
    #1
  2. 2016/11/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    I don't see anything malicious there but let's see if we can fix something here.

    From the recovery console select Command Prompt

    At the prompt type the following command and press enter :

    chkdsk c: /r

    Wait for it to complete and then try a normal boot

    If that fails then run an FRST scan again
     
    broni,
    #2


  3. to hide this advert.

  4. 2016/11/19
    Denzel

    Denzel Active Member Thread Starter

    Joined:
    2016/11/17
    Messages:
    5
    Likes Received:
    0
    Thank you for the reply broni, I have followed these instructions and will post the first log below.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
    Ran by SYSTEM on MININT-E1AJTP4 (19-11-2016 17:40:02)
    Running from J:\
    Platform: Windows 7 Ultimate (X64) Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery
    Default: ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    ATTENTION: Software hive is not loaded.

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-05] ()
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-22] (BlueStack Systems, Inc.)
    S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-22] (BlueStack Systems, Inc.)
    S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [917016 2016-03-22] (BlueStack Systems, Inc.)
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
    S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-24] (Digital Wave Ltd.)
    S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software)
    S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
    S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
    S4 lxcf_device; C:\Windows\system32\lxcfcoms.exe [566192 2007-02-23] ( )
    S4 lxcf_device; C:\Windows\SysWOW64\lxcfcoms.exe [537520 2007-02-23] ( )
    S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
    S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [54544 2016-11-13] (Copyright (c) 2016 Plays.tv, LLC)
    S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-07-20] ()
    S4 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2015-07-20] ()
    S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S2 Realtek11nCU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S4 AxAutoMntSrv; G:\Alcohol 120\AxAutoMntSrv.exe [X]
    S2 StarWindServiceAE; G:\Alcohol 120\StarWind\StarWindServiceAE.exe [X]
    S3 Visual Studio Analyzer RPC bridge; D:\vb6\Tools\VS-Ent98\Vanalyzr\varpc.exe [X]
    S2 VMAuthdService; K:\VM\vmware-authd.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
    S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-22] (BlueStack Systems)
    S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-12] (CSR, plc)
    S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
    S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-17] (Disc Soft Ltd)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
    S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-24] (Qualcomm Atheros Co., Ltd.)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
    S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
    S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-02-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-08-12] (Duplex Secure Ltd.)
    S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1917576 2010-06-07] (Syntek)
    S3 TDIMSYS; C:\Windows\SysWOW64\drivers\TDIMSYS.SYS [31312 2014-08-03] ()
    S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
    S1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2016-01-19] (Oracle Corporation)
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2014-11-24] (Oracle Corporation)
    S0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
    S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-19] (VIA Technologies, Inc.)
    S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [33624 2016-07-07] (Windows (R) Win 7 DDK provider)
    S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-19] (VIA Technologies, Inc.)
    S3 ALSysIO; \??\C:\Users\denzel\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S1 ISODrive; \??\G:\ULTRA\UltraISO\drivers\ISODrv64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 VSPerfDrv100; \??\D:\visual studio\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-18 03:12 - 2016-11-19 17:40 - 00000000 ____D C:\FRST
    2016-11-18 01:29 - 2016-11-18 01:29 - 00024576 _____ C:\BCD_backup
    2016-11-17 13:40 - 2016-11-17 13:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\.goutputstream-G012QY
    2016-11-17 13:40 - 2009-07-13 17:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\csrss.exe
    2016-11-16 09:46 - 2016-11-16 09:46 - 07650529 _____ C:\Users\denzel\Downloads\FTB_Launcher (1).exe
    2016-11-15 15:01 - 2016-11-15 15:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2016-11-14 15:52 - 2016-11-14 15:52 - 03015061 _____ C:\Users\denzel\Desktop\Untitled.mp4
    2016-11-14 15:51 - 2016-11-14 15:53 - 00031952 _____ C:\Users\denzel\Desktop\Untitled.m2ts.sfk
    2016-11-14 15:50 - 2016-11-14 15:50 - 39708672 _____ C:\Users\denzel\Desktop\Untitled.m2ts
    2016-11-14 15:50 - 2016-11-14 15:50 - 00000074 _____ C:\Users\denzel\Desktop\Untitled.m2ts.sfl
    2016-11-14 15:47 - 2016-11-14 15:50 - 00004464 _____ C:\Users\denzel\Desktop\videoplayback (1).mp4.sfk
    2016-11-14 15:47 - 2016-11-14 15:47 - 00321728 _____ C:\Users\denzel\Desktop\videoplayback (1).mp4
    2016-11-14 15:45 - 2016-11-14 15:46 - 00006496 _____ C:\Users\denzel\Desktop\videoplayback.mp4.sfk
    2016-11-14 15:45 - 2016-11-14 15:45 - 00220456 _____ C:\Users\denzel\Desktop\videoplayback.mp4
    2016-11-14 12:50 - 2016-11-14 12:59 - 00017411 _____ C:\Users\denzel\Desktop\kresh msg.txt
    2016-11-14 10:59 - 2016-11-14 10:59 - 00000000 ____D C:\Users\denzel\Documents\Curse
    2016-11-14 10:47 - 2016-11-14 10:48 - 23602658 _____ C:\Users\denzel\Downloads\FTBPresentsHermitPack-1.4.0-1.10.2.zip
    2016-11-14 10:25 - 2016-11-16 09:31 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Curse Client
    2016-11-14 10:25 - 2016-11-14 10:25 - 00001050 _____ C:\Users\denzel\Desktop\Curse.lnk
    2016-11-14 10:23 - 2016-11-14 10:23 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Curse
    2016-11-14 10:20 - 2016-11-14 10:23 - 77869008 _____ (Curse) C:\Users\denzel\Downloads\CurseClientSetup_[plugin-Minecraft].exe
    2016-11-13 06:04 - 2016-11-13 06:05 - 09510210 _____ C:\Users\denzel\Desktop\14653531_1781004575490151_6410364690735562752_n.mp4
    2016-11-12 19:29 - 2016-11-12 19:29 - 00015221 _____ C:\Users\denzel\Downloads\Brotherhood.2016.DVDRip.Full_.Movie_.torrent
    2016-11-11 12:56 - 2016-11-11 12:56 - 00000000 _____ C:\Windows\System32\Drivers\SETD435.tmp
    2016-11-11 12:56 - 2016-11-11 12:56 - 00000000 _____ C:\Windows\System32\Drivers\SET2679.tmp
    2016-11-11 12:55 - 2016-11-11 12:55 - 00000000 _____ C:\Windows\System32\Drivers\SET82FA.tmp
    2016-11-11 12:50 - 2016-11-11 12:50 - 00000000 ____D C:\hp
    2016-11-11 12:50 - 2007-01-23 22:26 - 00081920 _____ ( ) C:\Windows\SysWOW64\rsnp2uvc.dll
    2016-11-11 12:50 - 2007-01-16 19:04 - 09599872 _____ () C:\Windows\SysWOW64\Drivers\snp2uvc.sys
    2016-11-11 12:50 - 2007-01-16 19:01 - 00027904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\sncduvc.sys
    2016-11-11 12:50 - 2007-01-13 02:17 - 00299008 _____ (Sonix) C:\Windows\SysWOW64\vsnp2uvc.dll
    2016-11-11 12:50 - 2006-12-29 03:48 - 00569344 _____ (Sonix) C:\Windows\vsnp2uvc.exe
    2016-11-11 12:50 - 2006-05-19 19:53 - 00013022 _____ C:\Windows\snp2uvc.src
    2016-11-11 12:50 - 2006-05-19 19:39 - 00015497 _____ C:\Windows\snp2uvc.ini
    2016-11-11 12:50 - 2005-11-22 12:40 - 00018944 _____ ( ) C:\Windows\System32\csnp2uvc.dll
    2016-11-11 12:50 - 2004-08-09 09:43 - 00094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe
    2016-11-11 12:49 - 2016-11-11 12:49 - 12734256 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\denzel\Downloads\Voodoo_m152_Webcam_Driver_5.8.9.2.exe
    2016-11-11 12:47 - 2016-11-11 12:48 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2016-11-11 12:47 - 2016-11-11 12:47 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Universal Village Corporation
    2016-11-11 12:47 - 2016-11-11 12:47 - 00000000 ____D C:\ProgramData\Caphyon
    2016-11-11 12:44 - 2016-11-11 12:47 - 22098008 _____ (Universal Village Corporation) C:\Users\denzel\Downloads\uvc_setup.exe
    2016-11-11 12:43 - 2016-11-11 12:43 - 00000000 _____ C:\Windows\System32\Drivers\SETB8F7.tmp
    2016-11-11 12:22 - 2016-11-11 12:22 - 00000000 ____D C:\Users\denzel\AppData\Local\DriverToolkit
    2016-11-11 12:22 - 2016-11-11 12:22 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
    2016-11-11 12:21 - 2016-11-11 12:21 - 02449376 _____ (Megaify Software ) C:\Users\denzel\Downloads\DriverToolkitInstaller.exe
    2016-11-11 12:20 - 2016-11-11 12:20 - 02460564 _____ C:\Users\denzel\Downloads\usbcam_2.8.9_tis.zip
    2016-11-11 12:17 - 2016-11-11 12:17 - 00000000 _____ C:\Windows\System32\Drivers\SET8B91.tmp
    2016-11-09 12:49 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2016-11-09 12:49 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
    2016-11-09 12:49 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
    2016-11-09 12:49 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
    2016-11-09 12:49 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
    2016-11-09 12:49 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-11-09 12:49 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2016-11-09 12:49 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2016-11-09 12:49 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2016-11-09 12:49 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-11-09 12:49 - 2016-10-27 19:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2016-11-09 12:49 - 2016-10-27 19:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-11-09 12:49 - 2016-10-27 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2016-11-09 12:49 - 2016-10-27 11:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
    2016-11-09 12:49 - 2016-10-27 10:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2016-11-09 12:49 - 2016-10-27 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
    2016-11-09 12:49 - 2016-10-27 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
    2016-11-09 12:49 - 2016-10-27 10:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2016-11-09 12:49 - 2016-10-27 10:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
    2016-11-09 12:49 - 2016-10-27 10:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2016-11-09 12:49 - 2016-10-27 10:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2016-11-09 12:49 - 2016-10-27 10:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2016-11-09 12:49 - 2016-10-27 10:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2016-11-09 12:49 - 2016-10-27 10:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2016-11-09 12:49 - 2016-10-27 10:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
    2016-11-09 12:49 - 2016-10-27 10:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2016-11-09 12:49 - 2016-10-27 10:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
    2016-11-09 12:49 - 2016-10-27 10:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2016-11-09 12:49 - 2016-10-27 10:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2016-11-09 12:49 - 2016-10-27 10:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2016-11-09 12:49 - 2016-10-27 10:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2016-11-09 12:49 - 2016-10-27 10:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
    2016-11-09 12:49 - 2016-10-27 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2016-11-09 12:49 - 2016-10-27 10:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2016-11-09 12:49 - 2016-10-27 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2016-11-09 12:49 - 2016-10-27 10:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2016-11-09 12:49 - 2016-10-27 10:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
    2016-11-09 12:49 - 2016-10-27 09:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2016-11-09 12:49 - 2016-10-27 09:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2016-11-09 12:49 - 2016-10-27 09:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2016-11-09 12:49 - 2016-10-27 09:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2016-11-09 12:49 - 2016-10-27 09:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2016-11-09 12:49 - 2016-10-27 09:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2016-11-09 12:49 - 2016-10-27 09:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2016-11-09 12:49 - 2016-10-27 09:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2016-11-09 12:49 - 2016-10-27 08:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2016-11-09 12:49 - 2016-10-27 07:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-11-09 12:49 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2016-11-09 12:49 - 2016-10-22 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-11-09 12:49 - 2016-10-22 09:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-11-09 12:49 - 2016-10-22 09:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-11-09 12:49 - 2016-10-22 09:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-11-09 12:49 - 2016-10-22 09:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-11-09 12:49 - 2016-10-22 09:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-11-09 12:49 - 2016-10-22 09:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-11-09 12:49 - 2016-10-22 09:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-11-09 12:49 - 2016-10-22 09:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-11-09 12:49 - 2016-10-22 09:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-11-09 12:49 - 2016-10-22 09:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-11-09 12:49 - 2016-10-22 09:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-11-09 12:49 - 2016-10-22 09:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-11-09 12:49 - 2016-10-22 09:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-11-09 12:49 - 2016-10-22 09:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-11-09 12:49 - 2016-10-22 09:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-11-09 12:49 - 2016-10-22 08:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-11-09 12:49 - 2016-10-22 08:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-11-09 12:49 - 2016-10-22 08:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-11-09 12:49 - 2016-10-22 08:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-11-09 12:49 - 2016-10-22 08:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-11-09 12:49 - 2016-10-22 08:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-11-09 12:49 - 2016-10-22 08:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-11-09 12:49 - 2016-10-22 08:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-11-09 12:49 - 2016-10-22 08:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-11-09 12:49 - 2016-10-22 08:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-11-09 12:49 - 2016-10-22 08:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-11-09 12:49 - 2016-10-22 08:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-11-09 12:49 - 2016-10-22 08:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-11-09 12:49 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
    2016-11-09 12:49 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
    2016-11-09 12:49 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-11-09 12:49 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2016-11-09 12:49 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
    2016-11-09 12:49 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10.IME
    2016-11-09 12:49 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
    2016-11-09 12:49 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
    2016-11-09 12:49 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\System32\imkr80.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\input.dll
    2016-11-09 12:49 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\System32\tintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\quick.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\qintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\phon.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\cintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\chajei.ime
    2016-11-09 12:49 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\System32\pintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
    2016-11-09 12:49 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2016-11-09 12:49 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2016-11-09 12:49 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
    2016-11-09 12:49 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
    2016-11-09 12:49 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
    2016-11-09 12:49 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2016-11-09 12:49 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
    2016-11-09 12:49 - 2016-10-10 07:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2016-11-09 12:49 - 2016-10-10 07:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2016-11-09 12:49 - 2016-10-10 07:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
    2016-11-09 12:49 - 2016-10-10 07:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2016-11-09 12:49 - 2016-10-10 07:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
    2016-11-09 12:49 - 2016-10-10 07:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2016-11-09 12:49 - 2016-10-10 07:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-11-09 12:49 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-11-09 12:49 - 2016-10-10 07:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
    2016-11-09 12:49 - 2016-10-10 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
    2016-11-09 12:49 - 2016-10-10 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
    2016-11-09 12:49 - 2016-10-10 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
    2016-11-09 12:49 - 2016-10-10 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2016-11-09 12:49 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-11-09 12:49 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-11-09 12:49 - 2016-10-07 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2016-11-09 12:49 - 2016-10-07 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2016-11-09 12:49 - 2016-10-07 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
    2016-11-09 12:49 - 2016-10-07 07:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-11-09 12:49 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-11-09 12:49 - 2016-10-07 07:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 01114112 ____N C:\Windows\SysWOW64\kernel32.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 07:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
    2016-11-09 12:49 - 2016-10-07 07:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
    2016-11-09 12:49 - 2016-10-07 07:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
    2016-11-09 12:49 - 2016-10-07 07:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2016-11-09 12:49 - 2016-10-07 07:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
    2016-11-09 12:49 - 2016-10-07 06:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
    2016-11-09 12:49 - 2016-10-07 06:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-11-09 12:49 - 2016-10-07 06:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-11-09 12:49 - 2016-10-07 06:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-11-09 12:49 - 2016-10-07 06:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-11-09 12:49 - 2016-10-07 06:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 06:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 06:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-07 06:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-11-09 12:49 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
    2016-11-09 12:49 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
    2016-11-09 12:49 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2016-11-09 12:49 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-11-09 12:49 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2016-11-09 12:49 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2016-11-09 12:49 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
    2016-11-06 12:25 - 2016-11-06 12:26 - 08185885 _____ C:\Users\denzel\Downloads\xposed-v84-sdk23-arm64.zip
    2016-11-06 12:21 - 2016-11-06 12:22 - 00311894 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-arm64 (2).zip
    2016-11-06 12:21 - 2016-11-06 12:21 - 00000819 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-arm64.zip.asc
    2016-11-06 12:20 - 2016-11-06 12:20 - 00454869 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-x86.zip
    2016-11-06 12:20 - 2016-11-06 12:20 - 00000819 _____ C:\Users\denzel\Downloads\xposed-v86-sdk23-arm64.zip.asc
    2016-11-06 12:20 - 2016-11-06 12:20 - 00000819 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-x86.zip.asc
    2016-11-06 12:15 - 2016-11-06 12:22 - 08189211 _____ C:\Users\denzel\Downloads\xposed-v86-sdk23-arm64 (1).zip
    2016-11-06 09:58 - 2016-11-06 09:58 - 00000873 _____ C:\Users\denzel\Downloads\UPDATE-unSU.zip
    2016-11-06 09:54 - 2016-11-06 09:54 - 00311154 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-arm64.zip
    2016-11-06 09:54 - 2016-11-06 09:54 - 00311154 _____ C:\Users\denzel\Downloads\xposed-uninstaller-20160829-arm64 (1).zip
    2016-11-06 09:46 - 2016-11-06 09:48 - 08188734 _____ C:\Users\denzel\Downloads\xposed-v86-sdk23-arm64.zip
    2016-11-06 00:37 - 2016-11-06 00:37 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
    2016-11-06 00:36 - 2016-11-06 00:37 - 00000000 ____D C:\Users\denzel\Documents\Controller Vibration Tester
    2016-11-06 00:35 - 2016-11-06 00:35 - 06860294 _____ () C:\Users\denzel\Downloads\ControllerVibrationTester_v0.6b_Fixed.exe
    2016-11-04 08:04 - 2016-10-07 21:33 - 00000000 ____D C:\Users\denzel\Downloads\mcedit2-win64-2.0.0-beta6
    2016-11-04 08:00 - 2016-11-04 08:04 - 38500732 _____ (Igor Pavlov) C:\Users\denzel\Downloads\mcedit2-win64-2.0.0-beta6.exe
    2016-11-02 03:43 - 2016-11-02 03:43 - 00000000 ____D C:\Users\denzel\Documents\Virtual Machines
    2016-10-26 16:18 - 2016-10-28 07:07 - 00000000 ____D C:\Users\denzel\AppData\Local\YzvqPack
    2016-10-26 16:14 - 2016-10-26 16:19 - 00000000 ____D C:\Program Files (x86)\DPower
    2016-10-26 16:03 - 2016-10-26 16:03 - 00000000 ____D C:\Users\denzel\.QtWebEngineProcess
    2016-10-26 16:03 - 2016-10-26 16:03 - 00000000 ____D C:\Users\denzel\.Plays.tv
    2016-10-25 07:46 - 2016-10-25 07:47 - 00002441 _____ C:\Users\denzel\Downloads\beep.zip
    2016-10-23 14:51 - 2016-10-23 14:52 - 16642048 _____ C:\Users\denzel\Downloads\mumble-1.2.17.msi
    2016-10-23 11:56 - 2016-10-23 11:56 - 00304531 _____ C:\Users\denzel\Downloads\XRay-33.jar
    2016-10-23 11:36 - 2016-10-23 11:36 - 01936025 _____ C:\Users\denzel\Downloads\OptiFine_1.10.2_HD_U_D1.jar
    2016-10-23 11:32 - 2016-10-23 11:32 - 00570370 _____ C:\Users\denzel\Downloads\Xray-Ultimate-1.10.zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-16 21:53 - 2016-02-18 14:19 - 00506682 _____ C:\Windows\ntbtlog.txt
    2016-11-16 21:32 - 2016-04-01 08:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2016-11-16 21:23 - 2013-05-23 17:16 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Audacity
    2016-11-16 21:16 - 2014-07-14 12:09 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Skype
    2016-11-16 21:12 - 2009-07-13 20:45 - 00017184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-11-16 21:12 - 2009-07-13 20:45 - 00017184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-11-16 21:04 - 2014-10-05 07:18 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-11-16 21:04 - 2014-09-11 08:40 - 00000000 ____D C:\Users\denzel\AppData\Roaming\TS3Client
    2016-11-16 21:04 - 2013-05-20 15:19 - 00000000 ____D C:\ProgramData\Skype
    2016-11-16 21:03 - 2013-06-12 14:18 - 00000000 ____D C:\Users\denzel\AppData\Roaming\vlc
    2016-11-16 19:11 - 2016-10-09 07:56 - 00000000 ____D C:\Users\denzel\AppData\Roaming\PlaysTV
    2016-11-16 19:11 - 2016-01-16 04:50 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Raptr
    2016-11-16 16:35 - 2016-03-21 14:08 - 00000000 ____D C:\Users\denzel\AppData\Local\ftblauncher
    2016-11-16 10:38 - 2014-12-03 12:29 - 00000000 ____D C:\Users\denzel\AppData\Local\LogMeIn Hamachi
    2016-11-16 10:34 - 2015-02-14 18:56 - 00000000 ____D C:\Users\denzel\AppData\Local\CrashDumps
    2016-11-16 09:46 - 2016-03-21 14:08 - 00000000 ____D C:\Users\denzel\AppData\Roaming\ftblauncher
    2016-11-16 08:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
    2016-11-16 07:40 - 2013-05-20 15:17 - 00000000 ____D C:\Users\denzel\AppData\Roaming\BitTorrent
    2016-11-16 07:40 - 2009-07-13 21:13 - 00872498 _____ C:\Windows\System32\PerfStringBackup.INI
    2016-11-16 07:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
    2016-11-16 07:32 - 2014-02-09 14:31 - 25302016 ___SH C:\Users\denzel\Desktop\Thumbs.db
    2016-11-16 07:17 - 2015-12-07 07:53 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2016-11-16 07:09 - 2016-10-13 22:16 - 00000000 ____D C:\ProgramData\VMware
    2016-11-16 07:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-11-15 18:07 - 2016-09-24 04:07 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
    2016-11-15 18:07 - 2016-09-24 04:07 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
    2016-11-13 02:17 - 2016-03-09 11:51 - 00000000 ____D C:\Windows\rescache
    2016-11-11 12:50 - 2013-05-20 14:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-11-11 09:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2016-11-11 05:47 - 2014-03-27 19:25 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
    2016-11-10 12:32 - 2009-07-13 20:45 - 05059696 _____ C:\Windows\System32\FNTCACHE.DAT
    2016-11-09 19:13 - 2013-07-11 11:41 - 00000000 ____D C:\Windows\System32\MRT
    2016-11-09 19:09 - 2013-05-20 16:13 - 141011376 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2016-11-07 17:39 - 2009-07-13 18:34 - 00000730 _____ C:\Windows\win.ini
    2016-11-07 07:18 - 2013-05-20 14:53 - 00000000 ____D C:\users\denzel
    2016-11-02 10:43 - 2013-05-20 14:55 - 00000000 ____D C:\Users\denzel\AppData\Local\Google
    2016-11-02 03:48 - 2016-10-13 22:24 - 00000000 ____D C:\Users\denzel\AppData\Local\VMware
    2016-11-02 03:44 - 2016-10-13 22:24 - 00000000 ____D C:\Users\denzel\AppData\Roaming\VMware
    2016-11-02 03:16 - 2015-01-31 10:40 - 00001908 _____ C:\Windows\diagwrn.xml
    2016-11-02 03:16 - 2015-01-31 10:40 - 00001908 _____ C:\Windows\diagerr.xml
    2016-10-31 14:24 - 2009-07-13 21:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-10-29 16:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
    2016-10-27 06:09 - 2014-09-03 16:50 - 00000000 ____D C:\ProgramData\ParetoLogic
    2016-10-27 06:09 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
    2016-10-26 08:29 - 2013-05-20 15:23 - 00485032 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2016-10-25 07:01 - 2015-08-06 15:56 - 00000000 ____D C:\Users\denzel\AppData\Roaming\Adobe
    2016-10-23 12:35 - 2013-11-03 12:57 - 00000000 ____D C:\Users\denzel\AppData\Roaming\.minecraft
    2016-10-23 07:22 - 2016-05-31 07:22 - 00000000 ____D C:\Program Files (x86)\Minecraft

    Files to move or delete:
    ====================
    C:\Users\denzel\AppData\Roaming\cache.ini


    ==================== Known DLLs (Whitelisted) =========================

    [2016-11-09 12:49] - [2016-10-07 07:12] - 1114112 ____N () C:\Windows\SysWOW64\kernel32.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe
    [2016-10-12 08:55] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

    C:\Windows\SysWOW64\explorer.exe
    [2016-10-12 08:55] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll
    [2015-12-09 09:37] - [2016-08-16 09:36] - 1009152 ____A (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652

    C:\Windows\SysWOW64\User32.dll
    [2015-12-09 09:37] - [2016-08-15 18:48] - 0833024 ____A (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510

    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\dnsapi.dll => MD5 is legit
    C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 6%
    Total physical RAM: 16344.03 MB
    Available physical RAM: 15318.23 MB
    Total Virtual: 16342.18 MB
    Available Virtual: 15326.63 MB

    ==================== Drives ================================

    Drive c: (Local Disk) (Fixed) (Total:238.37 GB) (Free:4.73 GB) NTFS
    Drive d: (threeT) (Fixed) (Total:51.88 GB) (Free:51.76 GB) NTFS
    Drive f: (threeT2 ) (Fixed) (Total:2794.39 GB) (Free:1395.24 GB) NTFS
    Drive g: (oneT) (Fixed) (Total:931.39 GB) (Free:14.69 GB) NTFS
    Drive i: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.25 GB) (Free:0 GB) UDF
    Drive j: () (Removable) (Total:115.11 GB) (Free:44.1 GB) NTFS
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 873B252A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 2794.5 GB) (Disk ID: EB4FEB4F)

    Partition: GPT.

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: EB4FEB50)

    Partition: GPT.

    ========================================================
    Disk: 3 (Size: 931.5 GB) (Disk ID: EB3AEB3A)

    Partition: GPT.

    ========================================================
    Disk: 4 (Size: 115.1 GB) (Disk ID: 6E697373)
    No partition Table on disk 4.


    LastRegBack: 2016-04-28 09:35

    ==================== End of FRST.txt ============================
     
    Denzel,
    #3
  5. 2016/11/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's start with checking on one system file.

    Re-run FRST again.
    Type the following in the edit box after "Search: ".

    kernel32.dll

    Click Search files button and post the log (Search.txt) it makes in your reply.
     
    broni,
    #4
  6. 2016/11/20
    Denzel

    Denzel Active Member Thread Starter

    Joined:
    2016/11/17
    Messages:
    5
    Likes Received:
    0
    Here is the log from the search option

    Farbar Recovery Scan Tool (x64) Version: 16-11-2016
    Ran by SYSTEM (20-11-2016 18:14:59)
    Running from J:\
    Boot Mode: Recovery

    ================== Search Files: "kernel32.dll" =============

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23569_none_fc90f42dba8db537\kernel32.dll
    [2016-11-09 12:49][2016-10-07 07:12] 1114112 ____N () 37955A94A66FF111D850E75C5B58DEBC

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23543_none_fca09249ba82e54b\kernel32.dll
    [2016-10-12 08:55][2016-09-09 10:00] 1114112 ____A (Microsoft Corporation) 007F92891ADD2F4785ABBD84966B51EF

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23539_none_fcb163f1ba756164\kernel32.dll
    [2016-09-15 01:52][2016-09-02 07:16] 1114112 ____A (Microsoft Corporation) 9FFAA819B32476804ED0FED6DD245094

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23418_none_fcc60199ba661304\kernel32.dll
    [2016-05-10 14:29][2016-04-08 22:54] 1114112 ____A (Microsoft Corporation) 7214F85DDE720F547C88746044A9DF50

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23392_none_fc697e97baac5d5b\kernel32.dll
    [2016-04-13 07:09][2016-03-17 14:31] 1114112 ____A (Microsoft Corporation) 002E17D37479281C5D241A189F973C5F

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23391_none_fc687e4dbaad4404\kernel32.dll
    [2016-04-13 07:09][2016-03-16 10:31] 1114112 ____A (Microsoft Corporation) 991D33667BEB392CD6C9828893F165B0

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23338_none_fcb05fdbba764dbf\kernel32.dll
    [2016-02-10 08:59][2016-01-21 22:06] 1114112 ____A (Microsoft Corporation) 0395FCC1F6DE5155ACB84F6BBF771B45

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_fc9f8a67ba83d758\kernel32.dll
    [2015-09-08 16:35][2015-07-22 15:56] 1114112 ____A (Microsoft Corporation) 6F5C056D1AEB8713E403259B5FB38EE8

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_fcae5b7bba7820c3\kernel32.dll
    [2015-08-12 07:46][2015-07-15 09:48] 1114112 ____A (Microsoft Corporation) 50159C0AEE9029D43B7E27022B6C0B37

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_fcb92b67ba7004d2\kernel32.dll
    [2015-08-12 07:46][2015-07-14 18:58] 1114112 ____A (Microsoft Corporation) CA1A5EE549FE248BC127C1A5CAB72B70

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_fc7f18bdba9c2e04\kernel32.dll
    [2015-06-09 09:33][2015-05-25 10:05] 1114112 ____A (Microsoft Corporation) 5EA4D6D52DB2679B8F9DE67A7F8BC41A

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_fc9d87edba85a783\kernel32.dll
    [2015-05-12 15:47][2015-04-27 10:54] 1114112 ____A (Microsoft Corporation) B4E11856DF2535DF158D32DA7B780FDF

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll
    [2014-05-13 14:18][2014-04-11 18:05] 1114112 ____A (Microsoft Corporation) C8C41EBEE097FEB29FB816854D3AD1E7

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll
    [2013-05-20 16:08][2012-11-29 20:57] 1114112 ____A (Microsoft Corporation) 9CC2571E3646B9A24296AD7ADCC71682

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19135_none_fc23c04ca15b64c9\kernel32.dll
    [2016-02-10 08:59][2016-01-21 22:06] 1114112 ____A (Microsoft Corporation) 8A4577DE02C55182ED46202BA2E06DA5

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_fc27e76ca15799bc\kernel32.dll
    [2015-09-08 16:35][2015-07-22 09:52] 1114112 ____A (Microsoft Corporation) 1E679BB6671C67B2097A5E53D884D4D0

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_fc21e5b0a15d01b2\kernel32.dll
    [2015-08-12 07:46][2015-07-15 09:53] 1114112 ____A (Microsoft Corporation) A38E10B4143A19F32D64517B6A1FCB98

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_fc2cb59ca154e5c1\kernel32.dll
    [2015-08-12 07:46][2015-07-14 18:54] 1114112 ____A (Microsoft Corporation) C3856345C4FB053140237236D1146242

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_fc0775c2a16ff068\kernel32.dll
    [2015-06-09 09:33][2015-05-25 09:59] 1114112 ____A (Microsoft Corporation) F81920ADB15012CF4E9FF8238C85686A

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_fc27e586a1579c95\kernel32.dll
    [2015-05-12 15:47][2015-04-27 11:03] 1114112 ____A (Microsoft Corporation) 1569F20BB9DB9FDC87A6D3C8A3726ABF

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll
    [2014-04-09 06:42][2014-03-04 01:16] 1114112 ____A (Microsoft Corporation) 76161B9D78A275F8F28DD67436013110

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
    [2013-05-20 16:08][2012-11-29 20:53] 1114112 ____A (Microsoft Corporation) AC0B6F41882FC6ED186962D770EBF1D2

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_fc038d48a1736e92\kernel32.dll
    [2013-05-20 16:07][2012-10-04 08:47] 1114112 ____A (Microsoft Corporation) D4F3176082566CEFA633B4945802D4C4

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
    [2013-05-21 14:56][2010-11-20 04:08] 0837632 ____A (Microsoft Corporation) E80758CF485DB142FCA1EE03A34EAD05

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21386_none_fa9205a1bd7a26eb\kernel32.dll
    [2013-05-20 16:08][2012-11-29 20:51] 1114112 ____A (Microsoft Corporation) E747ADB6223DBBE1BB138F08A09ADAD6

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17179_none_fa1637baa451ba0e\kernel32.dll
    [2013-05-20 16:08][2012-11-29 21:06] 1114112 ____A (Microsoft Corporation) C95793F4BE3471AEED92F5BF367BE69E

    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
    [2009-07-13 15:16][2009-07-13 17:11] 0836608 ____A (Microsoft Corporation) 606ECB76A424CC535407E7A24E2A34BC

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23569_none_f23c49db862cf33c\kernel32.dll
    [2016-11-09 12:49][2016-10-07 07:32] 1163264 ____A (Microsoft Corporation) BBCAD604A848F959CCF81ECBDC8BB8C4

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23543_none_f24be7f786222350\kernel32.dll
    [2016-10-12 08:55][2016-09-09 10:20] 1163264 ____A (Microsoft Corporation) 409B4B2F559F62F136FC14B8BFC18931

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23539_none_f25cb99f86149f69\kernel32.dll
    [2016-09-15 01:52][2016-09-02 07:30] 1163264 ____A (Microsoft Corporation) C9805CDE0B275E7554F9023497169B9B

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23418_none_f271574786055109\kernel32.dll
    [2016-05-10 14:29][2016-04-08 22:57] 1163264 ____A (Microsoft Corporation) ACEDF96749861DB3DA92AE9B9D94FE72

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23392_none_f214d445864b9b60\kernel32.dll
    [2016-04-13 07:09][2016-03-17 14:53] 1163264 ____A (Microsoft Corporation) B46D03BABD31B23E6FCB226CB22D4D6B

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23391_none_f213d3fb864c8209\kernel32.dll
    [2016-04-13 07:09][2016-03-16 10:48] 1163264 ____A (Microsoft Corporation) 97027CD66BA95E4C832600EE57F97241

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23338_none_f25bb58986158bc4\kernel32.dll
    [2016-02-10 08:59][2016-01-21 22:28] 1164288 ____A (Microsoft Corporation) 57194C298622069B98BC40FD80A2BEFF

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_f24ae0158623155d\kernel32.dll
    [2015-09-08 16:35][2015-07-22 14:03] 1164288 ____A (Microsoft Corporation) 313D319AB74D0218F44CC66BE393E38A

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8\kernel32.dll
    [2015-08-12 07:46][2015-07-15 10:09] 1164288 ____A (Microsoft Corporation) A3A71E4BEE2BA121C969B39AD1EB30FC

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7\kernel32.dll
    [2015-08-12 07:46][2015-07-14 19:20] 1164288 ____A (Microsoft Corporation) 093861BB2A36B95CE824683714737CAD

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_f22a6e6b863b6c09\kernel32.dll
    [2015-06-09 09:33][2015-05-25 10:22] 1163776 ____A (Microsoft Corporation) 3A2E4CB43CC4AE0195F686146ADCAD3D

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_f248dd9b8624e588\kernel32.dll
    [2015-05-12 15:47][2015-04-27 11:17] 1163776 ____A (Microsoft Corporation) 2A782D0DD0C53C8B0A0A2318EBBCEC5D

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_f24130b9862a22c7\kernel32.dll
    [2014-05-13 14:18][2014-04-11 18:32] 1164800 ____A (Microsoft Corporation) 77BBBF70BCE286CD19E1E68F248363FA

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42\kernel32.dll
    [2013-05-20 16:08][2012-11-29 21:52] 1163264 ____A (Microsoft Corporation) B3BEA6420D482356E53B7C728E05C637

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19135_none_f1cf15fa6cfaa2ce\kernel32.dll
    [2016-02-10 08:59][2016-01-21 22:15] 1163264 ____A (Microsoft Corporation) 0547E50F916294862FDAF11A4D701547

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_f1d33d1a6cf6d7c1\kernel32.dll
    [2015-09-08 16:35][2015-07-22 16:02] 1163264 ____A (Microsoft Corporation) 9C261AB78DE420AA52FC08D69FD5745D

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_f1cd3b5e6cfc3fb7\kernel32.dll
    [2015-08-12 07:46][2015-07-15 10:10] 1163264 ____A (Microsoft Corporation) 72585BDAF2EC5237EBD71D540657D6A2

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_f1d80b4a6cf423c6\kernel32.dll
    [2015-08-12 07:46][2015-07-14 19:19] 1163264 ____A (Microsoft Corporation) 9D0A88DF1CCB89596DDB876093CD16A4

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_f1b2cb706d0f2e6d\kernel32.dll
    [2015-06-09 09:33][2015-05-25 10:19] 1162752 ____A (Microsoft Corporation) 6FDF03A3B110C5264F52F979335AE301

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_f1d33b346cf6da9a\kernel32.dll
    [2015-05-12 15:47][2015-04-27 11:23] 1162752 ____A (Microsoft Corporation) 1C9F2F4A2C603739BD8CC8C64310AFD7

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_f1f3a3606cde922b\kernel32.dll
    [2014-04-09 06:42][2014-03-04 01:44] 1163264 ____A (Microsoft Corporation) D2A513EE880D71BDE7F0257F38B9D019

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_f1e4cab46cea5424\kernel32.dll
    [2013-05-20 16:08][2012-11-29 21:41] 1161216 ____A (Microsoft Corporation) 65C113214F7B05820F6D8A65B1485196

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_f1aee2f66d12ac97\kernel32.dll
    [2013-05-20 16:07][2012-10-04 09:41] 1161216 ____A (Microsoft Corporation) 1DC3504CA4C57900F1557E9A3F01D272

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
    [2013-05-21 14:56][2010-11-20 05:26] 1161216 ____A (Microsoft Corporation) 7A6326D96D53048FDEC542DF23D875A0

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21386_none_f03d5b4f891964f0\kernel32.dll
    [2013-05-20 16:08][2012-11-29 21:38] 1162752 ____A (Microsoft Corporation) B6B1AB98BA656BA1D8E0CA03F59DED51

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17179_none_efc18d686ff0f813\kernel32.dll
    [2013-05-20 16:08][2012-11-29 21:43] 1161216 ____A (Microsoft Corporation) E3BC37881D92EB59EE0BA3B854A54D1E

    C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
    [2009-07-13 15:28][2009-07-13 17:41] 1162240 ____A (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193

    C:\Windows\SysWOW64\kernel32.dll
    [2016-11-09 12:49][2016-10-07 07:12] 1114112 ____N () 37955A94A66FF111D850E75C5B58DEBC

    C:\Windows\System32\kernel32.dll
    [2016-11-09 12:49][2016-10-07 07:32] 1163264 ____A (Microsoft Corporation) BBCAD604A848F959CCF81ECBDC8BB8C4

    C:\Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_fcb841e5ba70d1da\kernel32.dll
    [2013-05-20 16:07][2012-10-04 08:36] 1114112 ____A (Microsoft Corporation) 5FA395364EE727E4BEE6B1406C207F98

    C:\Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_fc038d48a1736e92\kernel32.dll
    [2013-05-20 16:07][2012-10-04 08:47] 1114112 ____A (Microsoft Corporation) D4F3176082566CEFA633B4945802D4C4

    C:\Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_fac714f3bd5281df\kernel32.dll
    [2013-05-20 16:07][2012-10-04 08:56] 1114112 ____A (Microsoft Corporation) DE7A37CB1F48526A78A2D42786411578

    C:\Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_fa3d7642a434e4ee\kernel32.dll
    [2013-05-20 16:07][2012-10-04 08:54] 1114112 ____A (Microsoft Corporation) A6778FC49011313995A4D718F624CC74

    C:\Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_f263979386100fdf\kernel32.dll
    [2013-05-20 16:07][2012-10-04 09:37] 1162240 ____A (Microsoft Corporation) F3C594D0DA3ACFA6C7B781A490AB4282

    C:\Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_f1aee2f66d12ac97\kernel32.dll
    [2013-05-20 16:07][2012-10-04 09:41] 1161216 ____A (Microsoft Corporation) 1DC3504CA4C57900F1557E9A3F01D272

    C:\Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_f0726aa188f1bfe4\kernel32.dll
    [2013-05-20 16:07][2012-10-04 09:29] 1162752 ____A (Microsoft Corporation) 6EED0D77C20137948979EA47360A890B

    C:\Windows\SoftwareDistribution\Download\1eeeafda1c58ef6e778ff768f9a94a6f\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_efe8cbf06fd422f3\kernel32.dll
    [2013-05-20 16:07][2012-10-04 09:32] 1161216 ____A (Microsoft Corporation) 1DDCACAB8DA5399E5521051923016B18

    X:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
    [2009-07-13 15:28][2009-07-13 17:41] 1162240 ____A (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193

    X:\Windows\System32\kernel32.dll
    [2009-07-13 15:28][2009-07-13 17:41] 1162240 ____A (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193

    ====== End of Search ======
     
    Denzel,
    #5
  7. 2016/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8/10: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run [color= "#0000FF"]FRST(FRST64)[/color] and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
    If not, delete your FRST file, download fresh one and post new FRST log.
     

    Attached Files:

    broni,
    #6
  8. 2016/11/20
    Denzel

    Denzel Active Member Thread Starter

    Joined:
    2016/11/17
    Messages:
    5
    Likes Received:
    0
    It's fixed. I can't explain my gratitude. I'd have had no idea how to do this, thank you very much. Here's the log from the fix.


    Fix result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
    Ran by SYSTEM (20-11-2016 18:49:53) Run:1
    Running from J:\
    Boot Mode: Recovery
    ==============================================

    fixlist content:
    *****************
    Replace: C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23543_none_fca09249ba82e54b\kernel32.dll C:\Windows\SysWOW64\kernel32.dll
    *****************

    C:\Windows\SysWOW64\kernel32.dll => moved successfully
    C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23543_none_fca09249ba82e54b\kernel32.dll copied successfully to C:\Windows\SysWOW64\kernel32.dll

    ==== End of Fixlog 18:49:53 ====
     
    Denzel,
    #7
  9. 2016/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Great news!
    Good luck and stay safe :)
     
    broni,
    #8
  10. 2016/11/20
    Denzel

    Denzel Active Member Thread Starter

    Joined:
    2016/11/17
    Messages:
    5
    Likes Received:
    0
    I will do. Again, many thanks for helping me out with this. I can now complete my pending work.
     
    Denzel,
    #9
  11. 2016/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...