Solved W7 Pro Fatal error C000021A

ronald2rd · 2016/10/21

The pc won't boot to windows 7and shows the Fatal error C000021A
I tried most of the repair options but they failed.
Read the topic with the same issue.
I did all the stuff like Bcdedit /export
the bootrec.exe /rebuildbcd, fixmbr and fixboot
sfc /scannow
chkdsk c: /r

After reboot again the BSOD

Then I run FRST64.exe
The results are listed below:
Hopefully anyone has a proper solution, thanks

ronald2rd · 2016/10/21

The logfile content part 1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by SYSTEM on MININT-4V0AB27 (21-10-2016 16:08:11)
Running from l:\
Platform: WIN_7 (X64) Language: English (United States)
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [X]
HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess] <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION
HKU\Eduard\...\Run: [Steam] => d:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\Eduard\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29642368 2016-09-12] (Skype Technologies S.A.)
HKU\Eduard\...\Run: [nw] => D:\Program Files (x86)\Crytek\GFACE Launcher\live\nw.exe [18552 2016-07-14] ()
HKU\Eduard\...\Run: [ComputerZ-Tray] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2977192 2016-09-17] ()
HKU\Eduard\...\Run: [JXEV43LUZB] => "C:\Program Files (x86)\DPower\PZU3HC2SJQ.exe "
HKU\Eduard\...\Run: [CPWFHRDMQI] => "C:\Program Files (x86)\DPower\FORD61CHC8.exe "
HKU\Eduard\...\Run: [4QY9JXS4TN] => "C:\Program Files (x86)\DPower\0120DG3XZV.exe "
HKU\Eduard\...\Run: [Y3DJ8TRALT] => "C:\Program Files (x86)\DPower\ERGW53W66F.exe "
Startup: C:\Users\Eduard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2016-10-01]
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 985ca816deb456dee797d211a9787bbb; C:\Program Files\c21473097cceae271698f76ea8dee8ec\7fe5b82d4c2e0793d0da99727b09beac.exe [520192 2016-09-29] ()
S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-10-12] (Advanced Micro Devices, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-06-28] ()
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [249104 2016-06-29] (EasyAntiCheat Ltd)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2621448 2016-09-13] (LogMeIn Inc.)
S2 HpSvc; c:\program files (x86)\ludashi\lpi\HpSvc.dll [239016 2016-07-20] () <==== ATTENTION
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-08-31] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]
S4 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [X]
S3 idsvc; "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 5cca3a99fba4b64c16214b1bf3add6e9; C:\Windows\System32\DRIVERS\5cca3a99fba4b64c16214b1bf3add6e9.sys [79936 2016-09-29] ()
S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 ComputerZLock; C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [44480 2016-09-13] (www.ludashi.com) <==== ATTENTION
S3 ComputerZ_x64; C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [49152 2016-06-27] (ludashi.com) <==== ATTENTION
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-27] (Ralink Technology Corp.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-18] ()
S1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-29] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-21 16:07 - 2016-10-21 16:08 - 00000000 ____D C:\FRST
2016-10-19 10:07 - 2016-10-20 10:48 - 00490394 _____ C:\Windows\ntbtlog.txt
2016-10-18 08:53 - 2016-10-18 08:53 - 00003536 ____N C:\bootsqm.dat
2016-10-18 08:52 - 2016-10-18 08:52 - 00000000 __SHD C:\found.000
2016-10-17 03:14 - 2016-10-17 03:14 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-10-17 03:13 - 2012-09-19 19:00 - 00390656 _____ (CANON INC.) C:\Windows\System32\CNMLMBN.DLL
2016-10-12 04:03 - 2016-09-30 12:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2016-10-12 04:03 - 2016-09-30 11:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 04:03 - 2016-09-30 07:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2016-10-12 04:03 - 2016-09-30 07:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 04:03 - 2016-09-30 07:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 04:03 - 2016-09-29 23:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2016-10-12 04:03 - 2016-09-29 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2016-10-12 04:03 - 2016-09-29 22:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2016-10-12 04:03 - 2016-09-29 22:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2016-10-12 04:03 - 2016-09-29 22:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2016-10-12 04:03 - 2016-09-29 22:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2016-10-12 04:03 - 2016-09-29 22:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2016-10-12 04:03 - 2016-09-29 22:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2016-10-12 04:03 - 2016-09-29 22:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2016-10-12 04:03 - 2016-09-29 22:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2016-10-12 04:03 - 2016-09-29 22:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2016-10-12 04:03 - 2016-09-29 22:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2016-10-12 04:03 - 2016-09-29 22:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2016-10-12 04:03 - 2016-09-29 22:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2016-10-12 04:03 - 2016-09-29 22:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2016-10-12 04:03 - 2016-09-29 22:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2016-10-12 04:03 - 2016-09-29 22:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2016-10-12 04:03 - 2016-09-29 22:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2016-10-12 04:03 - 2016-09-29 22:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2016-10-12 04:03 - 2016-09-29 21:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-10-12 04:03 - 2016-09-29 21:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 04:03 - 2016-09-29 21:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2016-10-12 04:03 - 2016-09-29 21:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2016-10-12 04:03 - 2016-09-29 21:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2016-10-12 04:03 - 2016-09-29 21:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 04:03 - 2016-09-29 21:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2016-10-12 04:03 - 2016-09-29 21:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2016-10-12 04:03 - 2016-09-29 21:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 04:03 - 2016-09-29 21:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 04:03 - 2016-09-29 21:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 04:03 - 2016-09-29 21:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 04:03 - 2016-09-29 21:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 04:03 - 2016-09-29 21:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 04:03 - 2016-09-29 21:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 04:03 - 2016-09-29 21:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2016-10-12 04:03 - 2016-09-29 21:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 04:03 - 2016-09-29 21:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2016-10-12 04:03 - 2016-09-29 21:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 04:03 - 2016-09-29 21:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2016-10-12 04:03 - 2016-09-29 21:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 04:03 - 2016-09-29 21:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 04:03 - 2016-09-29 21:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 04:03 - 2016-09-29 21:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2016-10-12 04:03 - 2016-09-29 21:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2016-10-12 04:03 - 2016-09-29 21:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 04:03 - 2016-09-29 21:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2016-10-12 04:03 - 2016-09-29 21:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 04:03 - 2016-09-29 21:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 04:03 - 2016-09-29 21:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2016-10-12 04:03 - 2016-09-29 21:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 04:03 - 2016-09-29 21:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 04:03 - 2016-09-29 21:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 04:03 - 2016-09-29 21:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 04:03 - 2016-09-29 21:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 04:03 - 2016-09-29 21:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 04:03 - 2016-09-29 21:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 04:03 - 2016-09-29 21:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2016-10-12 04:03 - 2016-09-29 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 04:03 - 2016-09-29 21:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 04:03 - 2016-09-29 21:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 04:03 - 2016-09-29 20:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2016-10-12 04:03 - 2016-09-29 20:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 04:03 - 2016-09-29 20:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 04:03 - 2016-09-29 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 04:03 - 2016-09-15 07:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2016-10-12 04:03 - 2016-09-15 07:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2016-10-12 04:03 - 2016-09-15 07:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 04:03 - 2016-09-15 07:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 04:03 - 2016-09-12 13:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2016-10-12 04:03 - 2016-09-12 13:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2016-10-12 04:03 - 2016-09-12 13:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2016-10-12 04:03 - 2016-09-12 13:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\adsmsext.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2016-10-12 04:03 - 2016-09-12 13:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 04:03 - 2016-09-12 12:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 04:03 - 2016-09-12 12:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2016-10-12 04:03 - 2016-09-12 12:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2016-10-12 04:03 - 2016-09-12 12:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2016-10-12 04:03 - 2016-09-12 12:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2016-10-12 04:03 - 2016-09-12 12:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2016-10-12 04:03 - 2016-09-12 12:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2016-10-12 04:03 - 2016-09-12 12:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 04:03 - 2016-09-12 12:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 04:03 - 2016-09-12 11:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 04:03 - 2016-09-12 10:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2016-10-12 04:03 - 2016-09-12 10:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2016-10-12 04:03 - 2016-09-10 08:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
2016-10-12 04:03 - 2016-09-10 07:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 04:03 - 2016-09-09 10:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2016-10-12 04:03 - 2016-09-09 10:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2016-10-12 04:03 - 2016-09-09 10:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 10:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 04:03 - 2016-09-09 10:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 04:03 - 2016-09-09 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 04:03 - 2016-09-09 10:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 04:03 - 2016-09-09 10:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2016-10-12 04:03 - 2016-09-09 09:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2016-10-12 04:03 - 2016-09-09 09:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2016-10-12 04:03 - 2016-09-09 09:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2016-10-12 04:03 - 2016-09-09 09:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2016-10-12 04:03 - 2016-09-09 09:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2016-10-12 04:03 - 2016-09-09 09:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 04:03 - 2016-09-09 09:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 04:03 - 2016-09-09 09:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 04:03 - 2016-09-09 09:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 04:03 - 2016-09-09 09:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 09:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 04:03 - 2016-09-09 07:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2016-10-12 04:03 - 2016-09-09 07:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2016-10-12 04:03 - 2016-09-09 07:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2016-10-12 04:03 - 2016-09-09 07:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2016-10-12 04:03 - 2016-09-09 07:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2016-10-12 04:03 - 2016-09-09 07:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2016-10-12 04:03 - 2016-09-09 07:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2016-10-12 04:03 - 2016-09-08 12:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2016-10-12 04:03 - 2016-09-08 12:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 04:03 - 2016-09-08 12:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2016-10-12 04:03 - 2016-09-08 12:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 04:03 - 2016-09-08 06:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2016-10-12 04:03 - 2016-09-08 06:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2016-10-12 04:03 - 2016-08-29 07:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2016-10-12 04:03 - 2016-08-29 07:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2016-10-12 04:03 - 2016-08-29 07:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2016-10-12 04:03 - 2016-08-29 07:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-12 04:03 - 2016-08-29 07:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-12 04:03 - 2016-08-29 07:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-12 04:03 - 2016-08-29 07:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-12 04:03 - 2016-08-29 06:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-12 04:03 - 2016-08-16 12:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2016-10-12 04:03 - 2016-08-16 12:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2016-10-12 04:03 - 2016-08-16 12:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2016-10-12 04:03 - 2016-08-16 12:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2016-10-12 04:03 - 2016-08-16 12:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2016-10-12 04:03 - 2016-08-16 12:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2016-10-12 04:03 - 2016-08-16 12:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2016-10-12 04:03 - 2016-08-12 09:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2016-10-12 04:03 - 2016-08-12 09:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2016-10-12 04:03 - 2016-08-12 09:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2016-10-12 04:03 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2016-10-12 04:03 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2016-10-12 04:03 - 2016-08-12 08:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-12 04:03 - 2016-08-12 08:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-12 04:03 - 2016-08-12 08:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-12 04:03 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-12 04:03 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-12 04:03 - 2016-08-12 08:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2016-10-12 04:03 - 2016-08-06 07:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2016-10-12 04:03 - 2016-08-06 07:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2016-10-12 04:03 - 2016-08-06 07:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2016-10-12 04:03 - 2016-08-06 07:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2016-10-12 04:03 - 2016-08-06 07:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\System32\WsmRes.dll
2016-10-12 04:03 - 2016-08-06 07:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\wsmplpxy.dll
2016-10-12 04:03 - 2016-08-06 07:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-12 04:03 - 2016-08-06 07:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-12 04:03 - 2016-08-06 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-12 04:03 - 2016-08-06 07:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-12 04:03 - 2016-08-06 07:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-12 04:03 - 2016-08-06 07:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2016-10-12 04:03 - 2016-08-06 07:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\wsmprovhost.exe
2016-10-12 04:03 - 2016-08-06 06:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-12 04:03 - 2016-08-06 06:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-12 04:03 - 2016-08-06 06:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-12 04:03 - 2016-07-22 06:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2016-10-12 04:03 - 2016-07-22 06:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-12 04:03 - 2016-06-14 09:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2016-10-12 04:03 - 2016-06-14 09:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2016-10-12 04:03 - 2016-06-14 09:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2016-10-12 04:03 - 2016-06-14 09:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2016-10-12 04:03 - 2016-06-14 07:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-12 04:03 - 2016-06-14 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-12 04:03 - 2016-06-14 07:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2016-10-12 04:03 - 2016-06-14 07:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2016-10-12 04:03 - 2016-06-14 07:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2016-10-12 04:03 - 2016-06-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-12 04:03 - 2016-06-14 07:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-12 04:03 - 2016-06-14 07:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
2016-10-12 04:03 - 2016-06-14 07:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2016-10-08 04:10 - 2016-10-08 04:11 - 00000000 ____D C:\Users\Eduard\AppData\Local\Fernbus
2016-10-08 04:10 - 2016-10-08 04:10 - 00000000 ____D C:\Users\Eduard\AppData\Local\UnrealEngine
2016-10-07 11:33 - 2016-10-07 11:33 - 02932783 _____ C:\Users\Eduard\DGC_Farming_trailer.zip
2016-10-07 11:32 - 2016-10-07 11:32 - 39755648 _____ C:\Users\Eduard\FS15_Same190.zip
2016-10-07 11:29 - 2016-10-07 11:29 - 00024901 _____ C:\Users\Eduard\ZZZ_greenFertilizer.zip
2016-10-07 11:29 - 2016-10-07 11:29 - 00020697 _____ C:\Users\Eduard\ZZZ_greenDirectCut.zip
2016-10-07 11:27 - 2016-10-07 11:32 - 397328775 _____ C:\Users\Eduard\West_Hump_Bridge_Farm.zip
2016-10-07 11:27 - 2016-10-07 11:27 - 06423657 _____ C:\Users\Eduard\strautmannTeraVitesse5201multi.zip
2016-10-07 11:27 - 2016-10-07 11:27 - 06392186 _____ C:\Users\Eduard\strautmannTeraVitesse5201.zip
2016-10-07 11:27 - 2016-10-07 11:27 - 00133170 _____ C:\Users\Eduard\stopMilkSale12.zip
2016-10-07 11:27 - 2016-10-07 11:27 - 00133170 _____ C:\Users\Eduard\StopMilkSale_1_2.zip
2016-10-07 11:26 - 2016-10-07 11:27 - 13859595 _____ C:\Users\Eduard\_FDR_Trailer_Lowbed.zip
2016-10-07 11:26 - 2016-10-07 11:26 - 18536887 _____ C:\Users\Eduard\Scania_R730_Streamline_Agrotruck_by_Chris.zip
2016-10-07 11:26 - 2016-10-07 11:26 - 09457900 _____ C:\Users\Eduard\Stoll_LogFork_Duo.zip
2016-10-07 11:26 - 2016-10-07 11:26 - 00131354 _____ C:\Users\Eduard\StopMilkSale.zip
2016-10-07 11:25 - 2016-10-07 11:26 - 25551466 _____ C:\Users\Eduard\SameFortis190_SP77_PR.zip
2016-10-07 11:25 - 2016-10-07 11:25 - 09788581 _____ C:\Users\Eduard\PV_Joskin_Betimax_RDS_7500.zip
2016-10-07 11:25 - 2016-10-07 11:25 - 00009799 _____ C:\Users\Eduard\No_Collision_Camera_FS_2015.zip
2016-10-07 11:24 - 2016-10-07 11:39 - 12609623 _____ C:\Users\Eduard\Kemper_cutter2020_v2.zip
2016-10-07 11:24 - 2016-10-07 11:25 - 44746615 _____ C:\Users\Eduard\NH_t7210_V1.zip
2016-10-07 11:24 - 2016-10-07 11:24 - 19641079 _____ C:\Users\Eduard\JCB_8310_Farmetstyle.zip
2016-10-07 11:24 - 2016-10-07 11:24 - 18840188 _____ C:\Users\Eduard\Kotte_Universal.zip
2016-10-07 11:24 - 2016-10-07 11:24 - 11865636 _____ C:\Users\Eduard\LS15_KroegerSRB35.zip
2016-10-07 11:24 - 2016-10-07 11:24 - 09495629 _____ C:\Users\Eduard\LS15_Fraese.zip
2016-10-07 11:24 - 2016-10-07 11:24 - 01730499 _____ C:\Users\Eduard\Massey_FrontLoader_ModLandNet.zip
2016-10-07 11:24 - 2016-10-07 11:24 - 01581526 _____ C:\Users\Eduard\LS15_Stoll_ProfiLine_FZ80_1.zip
2016-10-07 09:59 - 2016-10-07 12:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-10-07 09:59 - 2016-10-07 09:59 - 00001046 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-10-05 14:05 - 2016-10-05 14:06 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\lockhomepage
2016-10-05 10:34 - 2016-10-05 10:34 - 18898119 _____ C:\Users\Eduard\Kotte_Universal_Small.zip
2016-10-05 10:29 - 2016-10-05 10:29 - 00028870 _____ C:\Users\Eduard\FruitFilltypeIconText.zip
2016-10-05 10:21 - 2016-10-05 10:21 - 24635555 _____ C:\Users\Eduard\DeutzTTV250.zip
2016-10-05 06:18 - 2016-10-05 06:21 - 370605271 _____ C:\Users\Eduard\FS15_SouthWestNorway_V1.zip
2016-10-05 06:17 - 2016-10-05 06:17 - 00092040 _____ C:\Users\Eduard\AnimationMapTrigger.zip
2016-10-05 06:15 - 2016-10-05 06:15 - 01448614 _____ C:\Users\Eduard\winrar-32Bit-400.exe
2016-10-02 09:15 - 2016-10-02 09:28 - 00000000 ____D C:\Program Files (x86)\Farming Simulator 2015
2016-10-02 05:02 - 2016-10-02 05:05 - 00002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-01 09:39 - 2016-10-01 09:39 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\OGame
2016-10-01 09:35 - 2016-10-18 08:41 - 00000458 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2016-10-01 09:35 - 2016-10-17 22:13 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\Ludashi
2016-10-01 09:35 - 2016-10-17 22:11 - 00000294 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2016-10-01 09:35 - 2016-10-01 09:53 - 00000000 ____D C:\Program Files (x86)\host
2016-10-01 09:35 - 2016-10-01 09:49 - 00002560 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
2016-10-01 09:35 - 2016-10-01 09:38 - 00000000 ____D C:\Program Files (x86)\LuDaShi
2016-10-01 09:35 - 2016-10-01 09:35 - 00003434 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2016-10-01 09:35 - 2016-10-01 09:35 - 00000000 ____D C:\Users\Eduard\AppData\Local\UCBrowser
2016-10-01 09:35 - 2016-10-01 09:35 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-10-01 09:35 - 2016-10-01 09:35 - 00000000 ____D C:\Program Files (x86)\LDSGameCenter
2016-10-01 09:35 - 2016-08-29 02:50 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\System32\Drivers\ucguard.sys
2016-10-01 09:33 - 2016-10-01 09:53 - 00000000 ____D C:\Program Files (x86)\mpck
2016-10-01 09:33 - 2016-10-01 09:34 - 00000000 ____D C:\Users\Eduard\AppData\Local\app
2016-10-01 09:33 - 2016-10-01 09:33 - 00000000 __SHD C:\Users\Eduard\AppData\Local\svchost
2016-10-01 09:33 - 2016-10-01 09:33 - 00000000 ____D C:\Users\Public\Thunder Network
2016-10-01 09:33 - 2016-10-01 09:33 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\Softlink
2016-10-01 09:33 - 2016-10-01 09:33 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\Kuaizip
2016-10-01 09:33 - 2016-10-01 09:33 - 00000000 ____D C:\ProgramData\Thunder Network
2016-10-01 09:31 - 2016-10-01 09:31 - 00000000 _____ C:\TOSTACK
2016-10-01 09:29 - 2016-10-01 09:53 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\Tibation
2016-10-01 09:29 - 2016-10-01 09:53 - 00000000 ____D C:\Program Files (x86)\Permisp
2016-10-01 09:29 - 2016-10-01 09:29 - 00000000 ____D C:\Users\Eduard\AppData\Local\Lispymoverght
2016-10-01 09:26 - 2016-10-01 09:29 - 00000000 ____D C:\Program Files\c21473097cceae271698f76ea8dee8ec
2016-10-01 08:55 - 2016-10-01 10:11 - 00000803 _____ C:\Users\Public\Desktop\Notruf 112 DEMO.lnk
2016-09-29 10:16 - 2016-09-29 10:16 - 02084001 _____ C:\Windows\c08211fc6789462a779de01e54669473.exe
2016-09-29 10:15 - 2016-09-29 10:15 - 00079936 _____ C:\Windows\System32\Drivers\5cca3a99fba4b64c16214b1bf3add6e9.sys
2016-09-28 09:05 - 2016-09-13 08:53 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
2016-09-28 09:04 - 2016-10-18 03:43 - 00000000 ____D C:\Users\Eduard\AppData\Local\LogMeIn Hamachi
2016-09-28 09:04 - 2016-09-28 09:04 - 21874200 _____ (LastPass) C:\Windows\SysWOW64\lastpass_1337.exe
2016-09-28 09:04 - 2016-09-28 09:04 - 00702464 _____ C:\Windows\SysWOW64\lastpass_downloader.exe
2016-09-28 09:04 - 2016-09-28 09:04 - 00000000 ____D C:\Users\Eduard\AppData\Local\lptmp
2016-09-28 09:04 - 2016-09-28 09:04 - 00000000 ____D C:\Users\Eduard\AppData\Local\LogMeIn
2016-09-28 09:04 - 2016-09-28 09:04 - 00000000 ____D C:\ProgramData\LogMeIn
2016-09-28 09:04 - 2016-09-28 09:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-09-24 03:51 - 2016-09-29 09:44 - 791324684 ____N C:\Windows\MEMORY.DMP
2016-09-22 09:01 - 2016-10-01 10:11 - 00000818 _____ C:\Users\Public\Desktop\Join our server!.lnk
2016-09-22 09:01 - 2016-10-01 10:11 - 00000780 _____ C:\Users\Public\Desktop\Craften Terminal.lnk
2016-09-22 09:00 - 2016-10-17 10:03 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\Craften Terminal
2016-09-21 05:29 - 2016-08-05 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2016-09-21 05:29 - 2016-08-05 07:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

ronald2rd · 2016/10/21

The logfile content part 2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-18 08:47 - 2016-03-01 09:03 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\Skype
2016-10-18 08:44 - 2016-02-23 11:35 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-18 07:46 - 2016-08-24 10:10 - 00000000 ____D C:\Users\Eduard\AppData\LocalLow\Heroes and Generals
2016-10-18 07:43 - 2016-02-22 12:28 - 00000000 ____D C:\users\Eduard
2016-10-17 23:44 - 2016-02-23 11:35 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-17 22:21 - 2009-07-13 20:45 - 00032768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-17 22:21 - 2009-07-13 20:45 - 00032768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-17 22:17 - 2011-04-12 05:00 - 00745020 _____ C:\Windows\System32\perfh013.dat
2016-10-17 22:17 - 2011-04-12 05:00 - 00152972 _____ C:\Windows\System32\perfc013.dat
2016-10-17 22:17 - 2009-07-13 21:13 - 01668596 _____ C:\Windows\System32\PerfStringBackup.INI
2016-10-17 22:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-10-17 22:11 - 2016-04-20 09:45 - 00000000 ____D C:\Users\Eduard\AppData\Local\u-launcher
2016-10-17 22:11 - 2016-04-20 09:45 - 00000000 ____D C:\ProgramData\GFACE
2016-10-17 22:11 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-17 10:10 - 2016-06-25 11:18 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\TS3Client
2016-10-17 10:03 - 2016-02-27 11:53 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\.minecraft
2016-10-17 03:23 - 2016-02-23 11:01 - 00000000 ____D C:\Users\Eduard\AppData\Local\ElevatedDiagnostics
2016-10-17 02:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-10-12 13:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2016-10-12 08:28 - 2009-07-13 20:45 - 00433856 _____ C:\Windows\System32\FNTCACHE.DAT
2016-10-12 08:27 - 2016-02-26 14:08 - 00000000 ___SD C:\Windows\System32\CompatTel
2016-10-12 08:27 - 2016-02-26 14:08 - 00000000 ____D C:\Windows\System32\appraiser
2016-10-12 08:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-12 08:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2016-10-12 07:53 - 2016-02-24 01:46 - 00000000 ____D C:\Windows\System32\MRT
2016-10-12 07:50 - 2016-02-24 01:46 - 143495576 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-10-12 04:02 - 2016-04-28 11:59 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-09 07:43 - 2016-09-11 10:22 - 00000717 _____ C:\Users\Public\Desktop\Euro Truck Simulator 2 Multiplayer.lnk
2016-10-09 07:43 - 2016-09-11 10:22 - 00000714 _____ C:\Users\Public\Desktop\American Truck Simulator Multiplayer.lnk
2016-10-08 05:19 - 2016-02-22 13:13 - 00111056 _____ C:\Users\Eduard\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-08 04:10 - 2016-02-22 12:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-07 11:29 - 2016-09-01 11:09 - 243239200 _____ C:\Users\Eduard\mods.rar
2016-10-07 10:24 - 2016-08-25 04:58 - 00000000 ____D C:\Users\Eduard\AppData\Roaming\TeamViewer
2016-10-05 14:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2016-10-05 13:55 - 2016-05-26 07:24 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-10-02 05:16 - 2016-02-23 11:35 - 00000000 ____D C:\Users\Eduard\AppData\Local\Apps\2.0
2016-10-02 03:20 - 2016-06-26 05:19 - 00000002 _____ C:\END
2016-10-01 10:11 - 2016-08-30 09:49 - 00000837 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-10-01 10:11 - 2016-08-18 03:43 - 00000582 _____ C:\Users\Public\Desktop\Medal of Honor Pacific Assault(tm).lnk
2016-10-01 10:11 - 2016-06-26 09:05 - 00000884 _____ C:\Users\Public\Desktop\Airport Firefighter Simulator.lnk
2016-10-01 10:11 - 2016-05-26 07:24 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-01 10:11 - 2016-04-28 11:59 - 00002052 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-10-01 10:11 - 2016-04-21 10:00 - 00000604 _____ C:\Users\Public\Desktop\WarThunder.lnk
2016-10-01 10:11 - 2016-03-01 09:03 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-01 10:11 - 2016-02-26 11:37 - 00000684 _____ C:\Users\Public\Desktop\Steam.lnk
2016-10-01 09:53 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-10-01 09:53 - 2009-07-13 21:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-01 09:36 - 2016-08-05 04:30 - 00000000 ____D C:\Windows\System32\appmgmt
2016-10-01 08:54 - 2016-02-22 12:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-29 09:44 - 2016-07-29 04:20 - 00000000 ____D C:\Windows\Minidump
2016-09-28 13:46 - 2016-03-01 09:03 - 00000000 ____D C:\ProgramData\Skype

Files to move or delete:
====================
C:\Users\Eduard\winrar-32Bit-400.exe

Some files in TEMP:
====================
C:\Users\Eduard\AppData\Local\Temp\003NWEBV0O.exe
C:\Users\Eduard\AppData\Local\Temp\3ZPKFWN6BL.exe
C:\Users\Eduard\AppData\Local\Temp\5PCDUYWN73.exe
C:\Users\Eduard\AppData\Local\Temp\5ZHI0YAVMF.exe
C:\Users\Eduard\AppData\Local\Temp\6ONQOK4S8P.exe
C:\Users\Eduard\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Eduard\AppData\Local\Temp\AutoRun.exe
C:\Users\Eduard\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Eduard\AppData\Local\Temp\avgnt.exe
C:\Users\Eduard\AppData\Local\Temp\Browser_V5.6.14087.902_f_4730_(Build1608021049).exe
C:\Users\Eduard\AppData\Local\Temp\Browser_V5.7.15319.5_r_4700_(Build1608291541).exe
C:\Users\Eduard\AppData\Local\Temp\Cleanup.dll
C:\Users\Eduard\AppData\Local\Temp\ddu.exe
C:\Users\Eduard\AppData\Local\Temp\difxapi.dll
C:\Users\Eduard\AppData\Local\Temp\DNGZM15TGI.exe
C:\Users\Eduard\AppData\Local\Temp\DriverInstall.exe
C:\Users\Eduard\AppData\Local\Temp\DriverInstall_X64.exe
C:\Users\Eduard\AppData\Local\Temp\DriverTool.dll
C:\Users\Eduard\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Eduard\AppData\Local\Temp\eauninstall.exe
C:\Users\Eduard\AppData\Local\Temp\HORSE9M5I4.exe
C:\Users\Eduard\AppData\Local\Temp\KuaiZip.exe
C:\Users\Eduard\AppData\Local\Temp\ludashisetup.exe
C:\Users\Eduard\AppData\Local\Temp\maohasubstat.dll
C:\Users\Eduard\AppData\Local\Temp\msvcm80.dll
C:\Users\Eduard\AppData\Local\Temp\msvcp80.dll
C:\Users\Eduard\AppData\Local\Temp\msvcr80.dll
C:\Users\Eduard\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
C:\Users\Eduard\AppData\Local\Temp\nslA5E1.tmp.exe
C:\Users\Eduard\AppData\Local\Temp\nsn517B.tmp.exe
C:\Users\Eduard\AppData\Local\Temp\OUONE83BS7.exe
C:\Users\Eduard\AppData\Local\Temp\raptrpatch.exe
C:\Users\Eduard\AppData\Local\Temp\raptr_stub.exe
C:\Users\Eduard\AppData\Local\Temp\RYNLOUSFQ0.exe
C:\Users\Eduard\AppData\Local\Temp\S3YKGTQZCX.exe
C:\Users\Eduard\AppData\Local\Temp\setup.exe
C:\Users\Eduard\AppData\Local\Temp\softconfig.dll
C:\Users\Eduard\AppData\Local\Temp\T1KK3OSFCJ.exe
C:\Users\Eduard\AppData\Local\Temp\uninstall.dll
C:\Users\Eduard\AppData\Local\Temp\updengine.exe
C:\Users\Eduard\AppData\Local\Temp\utils.dll
C:\Users\Eduard\AppData\Local\Temp\XFB0U37D9U.exe
C:\Users\Eduard\AppData\Local\Temp\YWDTKGFG6M.exe
C:\Users\Eduard\AppData\Local\Temp\Z20F0UICXR.exe

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-12 04:03] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-10-12 04:03] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-09-14 18:17] - [2016-08-16 09:36] - 1009152 ____A (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652

C:\Windows\SysWOW64\User32.dll
[2016-09-14 18:17] - [2016-08-15 18:48] - 0833024 ____A (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

HKLM\...\.exe: => <===== ATTENTION
HKLM\...\exefile\DefaultIcon: <===== ATTENTION
HKLM\...\exefile\shell\open\command: <===== ATTENTION

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8189.37 MB
Available physical RAM: 7417.94 MB
Total Virtual: 8187.52 MB
Available Virtual: 7412.27 MB

==================== Drives ================================

Drive c: (Windows7Pro) (Fixed) (Total:55.8 GB) (Free:4.06 GB) NTFS
Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:499.43 GB) NTFS
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive l: (TT-PAUZE) (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 1538751F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 99E499E5)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 1.9 GB) (Disk ID: 500A0DFF)
No partition Table on disk 6.

LastRegBack: 2016-10-17 02:14

==================== End of FRST.txt ============================

retiredlearner · 2016/10/21

Hi ronald2rd, Welcome to WindowsBBS. Sorry you have the W7 boot problem. Have you removed all peripherals and tried 'barebones' start? No external hardware plugged in (printer/HDD storage/USB drives etc.) I know that some have found it necessary to reduce the RAM. If you have 2 sticks of 2GB RAM - take 1 stick out while trying the suggested methods. If you have built in Graphics chip - remove any cards you have installed. Only 1 (ONE) HDD connected - the one you are trying to boot. Let's know if it helps.

broni · 2016/10/22

One of the mods asked me to take a look here and yes there is some infection present so let's see if we can get rid of it.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run [color= "#0000FF"]FRST(FRST64)[/color] and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

ronald2rd · 2016/10/22

Hello Broni.
Thx for the help.

The fix didn't solve the problem Yet. The issue still remains

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by SYSTEM (22-10-2016 10:31:13) Run:2
Running from L:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM-x32\...\Winlogon: [Userinit] [X]
HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess] <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION
HKU\Eduard\...\Run: [nw] => D:\Program Files (x86)\Crytek\GFACE Launcher\live\nw.exe [18552 2016-07-14] ()
HKU\Eduard\...\Run: [ComputerZ-Tray] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2977192 2016-09-17] ()
HKU\Eduard\...\Run: [JXEV43LUZB] => "C:\Program Files (x86)\DPower\PZU3HC2SJQ.exe "
HKU\Eduard\...\Run: [CPWFHRDMQI] => "C:\Program Files (x86)\DPower\FORD61CHC8.exe "
HKU\Eduard\...\Run: [4QY9JXS4TN] => "C:\Program Files (x86)\DPower\0120DG3XZV.exe "
HKU\Eduard\...\Run: [Y3DJ8TRALT] => "C:\Program Files (x86)\DPower\ERGW53W66F.exe "
D:\Program Files (x86)\Crytek
C:\Program Files (x86)\LuDaShi
C:\Program Files (x86)\DPower
S2 985ca816deb456dee797d211a9787bbb; C:\Program Files\c21473097cceae271698f76ea8dee8ec\7fe5b82d4c2e0793d0da99727b09beac.exe [520192 2016-09-29] ()
C:\Program Files\c21473097cceae271698f76ea8dee8ec
S2 HpSvc; c:\program files (x86)\ludashi\lpi\HpSvc.dll [239016 2016-07-20] () <==== ATTENTION
c:\program files (x86)\ludashi
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]
S4 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [X]
S3 idsvc; "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S1 5cca3a99fba4b64c16214b1bf3add6e9; C:\Windows\System32\DRIVERS\5cca3a99fba4b64c16214b1bf3add6e9.sys [79936 2016-09-29] ()
C:\Windows\System32\DRIVERS\5cca3a99fba4b64c16214b1bf3add6e9.sys
S2 ComputerZLock; C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [44480 2016-09-13] (www.ludashi.com) <==== ATTENTION
S3 ComputerZ_x64; C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [49152 2016-06-27] (ludashi.com) <==== ATTENTION
S1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-29] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
C:\Windows\System32\DRIVERS\ucguard.sys
C:\Users\Eduard\winrar-32Bit-400.exe
C:\Users\Eduard\AppData\Local\Temp\003NWEBV0O.exe
C:\Users\Eduard\AppData\Local\Temp\3ZPKFWN6BL.exe
C:\Users\Eduard\AppData\Local\Temp\5PCDUYWN73.exe
C:\Users\Eduard\AppData\Local\Temp\5ZHI0YAVMF.exe
C:\Users\Eduard\AppData\Local\Temp\6ONQOK4S8P.exe
C:\Users\Eduard\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Eduard\AppData\Local\Temp\AutoRun.exe
C:\Users\Eduard\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Eduard\AppData\Local\Temp\avgnt.exe
C:\Users\Eduard\AppData\Local\Temp\Browser_V5.6.14087.902_f_4730_(Build1608021049).exe
C:\Users\Eduard\AppData\Local\Temp\Browser_V5.7.15319.5_r_4700_(Build1608291541).exe
C:\Users\Eduard\AppData\Local\Temp\Cleanup.dll
C:\Users\Eduard\AppData\Local\Temp\ddu.exe
C:\Users\Eduard\AppData\Local\Temp\difxapi.dll
C:\Users\Eduard\AppData\Local\Temp\DNGZM15TGI.exe
C:\Users\Eduard\AppData\Local\Temp\DriverInstall.exe
C:\Users\Eduard\AppData\Local\Temp\DriverInstall_X64.exe
C:\Users\Eduard\AppData\Local\Temp\DriverTool.dll
C:\Users\Eduard\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Eduard\AppData\Local\Temp\eauninstall.exe
C:\Users\Eduard\AppData\Local\Temp\HORSE9M5I4.exe
C:\Users\Eduard\AppData\Local\Temp\KuaiZip.exe
C:\Users\Eduard\AppData\Local\Temp\ludashisetup.exe
C:\Users\Eduard\AppData\Local\Temp\maohasubstat.dll
C:\Users\Eduard\AppData\Local\Temp\msvcm80.dll
C:\Users\Eduard\AppData\Local\Temp\msvcp80.dll
C:\Users\Eduard\AppData\Local\Temp\msvcr80.dll
C:\Users\Eduard\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
C:\Users\Eduard\AppData\Local\Temp\nslA5E1.tmp.exe
C:\Users\Eduard\AppData\Local\Temp\nsn517B.tmp.exe
C:\Users\Eduard\AppData\Local\Temp\OUONE83BS7.exe
C:\Users\Eduard\AppData\Local\Temp\raptrpatch.exe
C:\Users\Eduard\AppData\Local\Temp\raptr_stub.exe
C:\Users\Eduard\AppData\Local\Temp\RYNLOUSFQ0.exe
C:\Users\Eduard\AppData\Local\Temp\S3YKGTQZCX.exe
C:\Users\Eduard\AppData\Local\Temp\setup.exe
C:\Users\Eduard\AppData\Local\Temp\softconfig.dll
C:\Users\Eduard\AppData\Local\Temp\T1KK3OSFCJ.exe
C:\Users\Eduard\AppData\Local\Temp\uninstall.dll
C:\Users\Eduard\AppData\Local\Temp\updengine.exe
C:\Users\Eduard\AppData\Local\Temp\utils.dll
C:\Users\Eduard\AppData\Local\Temp\XFB0U37D9U.exe
C:\Users\Eduard\AppData\Local\Temp\YWDTKGFG6M.exe
C:\Users\Eduard\AppData\Local\Temp\Z20F0UICXR.exe
HKLM\...\.exe: => <===== ATTENTION
HKLM\...\exefile\DefaultIcon: <===== ATTENTION
HKLM\...\exefile\shell\open\command: <===== ATTENTION

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => value restored successfully
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => value restored successfully
HKU\Eduard\Software\Microsoft\Windows\CurrentVersion\Run\\nw => value removed successfully
HKU\Eduard\Software\Microsoft\Windows\CurrentVersion\Run\\ComputerZ-Tray => value removed successfully
HKU\Eduard\Software\Microsoft\Windows\CurrentVersion\Run\\JXEV43LUZB => value removed successfully
HKU\Eduard\Software\Microsoft\Windows\CurrentVersion\Run\\CPWFHRDMQI => value removed successfully
HKU\Eduard\Software\Microsoft\Windows\CurrentVersion\Run\\4QY9JXS4TN => value removed successfully
HKU\Eduard\Software\Microsoft\Windows\CurrentVersion\Run\\Y3DJ8TRALT => value removed successfully
"D:\Program Files (x86)\Crytek" => Could not move.
"C:\Program Files (x86)\LuDaShi" => not found.
"C:\Program Files (x86)\DPower" => not found.
985ca816deb456dee797d211a9787bbb => service removed successfully
C:\Program Files\c21473097cceae271698f76ea8dee8ec => moved successfully
HpSvc => service removed successfully
"c:\program files (x86)\ludashi" => not found.
aspnet_state => service removed successfully
clr_optimization_v2.0.50727_32 => service removed successfully
clr_optimization_v2.0.50727_64 => service removed successfully
clr_optimization_v4.0.30319_32 => service removed successfully
clr_optimization_v4.0.30319_64 => service removed successfully
FontCache3.0.0.0 => service not found.
FontCache3.0.0.0 => service removed successfully
idsvc => service removed successfully
NetMsmqActivator => service removed successfully
NetPipeActivator => service removed successfully
NetTcpActivator => service removed successfully
NetTcpPortSharing => service removed successfully
5cca3a99fba4b64c16214b1bf3add6e9 => service removed successfully
C:\Windows\System32\DRIVERS\5cca3a99fba4b64c16214b1bf3add6e9.sys => moved successfully
ComputerZLock => service removed successfully
ComputerZ_x64 => service removed successfully
UCGuard => service removed successfully
C:\Windows\System32\Drivers\ucguard.sys => moved successfully
"C:\Users\Eduard\winrar-32Bit-400.exe" => not found.
C:\Users\Eduard\AppData\Local\Temp\003NWEBV0O.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\3ZPKFWN6BL.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\5PCDUYWN73.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\5ZHI0YAVMF.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\6ONQOK4S8P.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\AMDCleanupUtility.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\AutoRun.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\AutoRunGUI.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\Browser_V5.6.14087.902_f_4730_(Build1608021049).exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\Browser_V5.7.15319.5_r_4700_(Build1608291541).exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\Cleanup.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\ddu.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\difxapi.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\DNGZM15TGI.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\DriverInstall.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\DriverInstall_X64.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\DriverTool.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\drm_dialogs.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\eauninstall.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\HORSE9M5I4.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\KuaiZip.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\ludashisetup.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\maohasubstat.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\msvcm80.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\msvcp80.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\msvcr80.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\nslA5E1.tmp.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\nsn517B.tmp.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\OUONE83BS7.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\raptrpatch.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\raptr_stub.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\RYNLOUSFQ0.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\S3YKGTQZCX.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\setup.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\softconfig.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\T1KK3OSFCJ.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\uninstall.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\updengine.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\utils.dll => moved successfully
C:\Users\Eduard\AppData\Local\Temp\XFB0U37D9U.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\YWDTKGFG6M.exe => moved successfully
C:\Users\Eduard\AppData\Local\Temp\Z20F0UICXR.exe => moved successfully
HKLM\Software\Classes\.exe\\Default => value restored successfully
HKLM\Software\Classes\exefile\DefaultIcon\\Default => value restored successfully
HKLM\Software\Classes\exefile\shell\open\command\\Default => value restored successfully

==== End of Fixlog 10:31:25 ====

ronald2rd · 2016/10/22

Hello Broni,

Can't see your answer in this thread anymore..........
Anyway. I execute your last fix and the computer boots.
So far so good.
Got a MOM.exe error missing .NET

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by SYSTEM (22-10-2016 10:57:46) Run:3
Running from L:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
LastRegBack: 2014-12-19 20:16
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 10:57:49 ====

broni · 2016/10/22

Great news !!!

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Double click on downloaded setup.exe file to install the program.

Click on Start Scan button.

Click on another Start Scan button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

Please download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

Already installed:
2.0 Threat Scan

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the scan log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported ".

Click Ok

Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the scan log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator

The tool will start to update the database if one is required.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Logfile button.

A window will open which lists the logs of your scans.

Click on the Scan tab.

Double-click the most recent scan which will be at the top of the list....the log will appear.

To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.

Copy and paste the contents of that logfile in your next reply.

A copy of all logfiles are saved to C:\AdwCleaner.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

ronald2rd · 2016/10/23

Hello Broni,

Because of our timegab and the behavor of the computer, as AV program couldn't installed, no windows updates etc.
I decided to do a fresh install of W7
I check my backup files with above programs later

Thx for your help.
For me the case is solved.

broni · 2016/10/23

Thanks for letting me know

Log in or Sign up

Solved W7 Pro Fatal error C000021A

ronald2rd New Member Thread Starter

ronald2rd New Member Thread Starter

ronald2rd New Member Thread Starter

retiredlearner SuperGeek WindowsBBS Team Member

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

ronald2rd New Member Thread Starter

ronald2rd New Member Thread Starter

broni Moderator Malware Analyst

ronald2rd New Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved W7 Pro Fatal error C000021A

ronald2rd New Member Thread Starter

ronald2rd New Member Thread Starter

ronald2rd New Member Thread Starter

retiredlearner SuperGeek WindowsBBS Team Member

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

ronald2rd New Member Thread Starter

ronald2rd New Member Thread Starter

broni Moderator Malware Analyst

ronald2rd New Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches