Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with BSOD; STOP C0000135 - FRST LOG


  • This topic is locked This topic is locked
31 replies to this topic

#1 fvong

fvong

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 25 September 2017 - 08:13 AM

Hi All,

 

Appreciate you taking the time to read and try to troubleshoot this.

 

My problem has occurred on my Windows 7 Laptop when a Windows Update was interrupted whilst it was installing.

After this, I have tried everything I could to reboot the Laptop but it would not go past the Windows loading screen where it would then be met by the BSOD error; Stop C0000135.

 

I have attempted to reboot into Safe Mode and trying to restore to an earlier point in time but none of these options worked for me. 

 

I have looked around the internet and can determine that I do not have AVG installed. 

I have run FRST and here is the FRST log from my trials;

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
Ran by SYSTEM on MININT-RMFI042 (25-09-2017 20:33:07)
Running from f:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-20] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-09] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-20] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-24] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [S6000Mnt] => C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [SessionLogon] => C:\ExpressGateUtil\SessionLogon.exe
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-24] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-14] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-17] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-19] (Wondershare)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-06-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-06-28] (NVIDIA Corporation)
Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2012-02-16]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-20] (ESET)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1531352 2013-06-07] (Echobit LLC)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-03-11] ()
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AppIDSvc; %SystemRoot%\System32\appidsvc.dll [X]
S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-19] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-09] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-09] (ESET)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2012-10-02] (Echobit, LLC)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81920 2011-02-24] (Fresco Logic)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider)
S3 AppID; \SystemRoot\system32\drivers\appid.sys [X]
S3 GGSAFERDriver; \??\C:\Users\Roger\Garena Plus\Room\safedrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\AmUStor.SYS 9C7F164B49CADC658D1B3C575782F346
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys B4174564AD5834A1680610572477878C
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 58425D987F155F44C0BD4D0DB230327E
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\System32\DRIVERS\eamonm.sys 398904F1FBF13CEF0FCB822E9CA5F2D5
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 9E39134330C18CBAC0F24C1283701D7E
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys B4E8DC817963B256537B1EC09AF0647E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 05B0DCDA418E297A1B4CD8D7B8ADE403
C:\Windows\System32\DRIVERS\evolve.sys A0539478593A00AA64E600CF7E19F195
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FLxHCIc.sys 10B5AB16C34D4E316EDB825386F57DA6
C:\Windows\System32\DRIVERS\FLxHCIh.sys 66DE264C2DEFE746CB2E71F3A5EB5C2C
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 276EE9CDAB16C50E1DF0E4CEFA882F5F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 177B4E48C7A288E70779B42AB81D2D06
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 033B4AED2C5519072C0D81E00804D003
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LUsbFilt.Sys 29C733E1DE824670DC9315CFC9BDBCD3
C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 39DEFE644321F9A4B7F527664F628DEA
C:\Windows\System32\DRIVERS\nvpciflt.sys 5AFBEAF5D143253E9038E381AB7D4CC5
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\System32\Drivers\S6000KNT.sys 538B4DECD14E7A664921908C44987C8A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 16897B0322DD56621DF5978131130AF2
C:\Windows\System32\DRIVERS\srv2.sys 978423DEC32318FFBCD76D01232AC0FF
C:\Windows\System32\DRIVERS\srvnet.sys CB06B3D4659D744131E691B7B4CE6B2D
C:\Windows\System32\DRIVERS\ssudmdm.sys 383C219BFA39703A5AF40F1636E3A7F8
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys 595CB8DA5B522AD8CC28193DC21FD496
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\tpm.sys 48DDEF0B921DD331536CC82C1A8FF64F
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys FD24F98D2898BE093FE926604BE7DB99
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\System32\DRIVERS\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys D0335A55E5C3F812548E18300C2ACB62
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-25 20:32 - 2017-09-25 20:33 - 000000000 ____D C:\FRST
2017-09-24 18:05 - 2017-09-24 18:05 - 000000000 __SHD C:\found.000
2017-09-20 04:20 - 2016-09-02 07:40 - 000631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-09-20 04:20 - 2016-09-02 07:35 - 005548264 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-09-20 04:20 - 2016-09-02 07:35 - 000706280 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-09-20 04:20 - 2016-09-02 07:35 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-09-20 04:20 - 2016-09-02 07:35 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-09-20 04:20 - 2016-09-02 07:34 - 001732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-09-20 04:20 - 2016-09-02 07:31 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-09-20 04:20 - 2016-09-02 07:31 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 001464320 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-09-20 04:20 - 2016-09-02 07:21 - 004000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-20 04:20 - 2016-09-02 07:21 - 003944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-20 04:20 - 2016-09-02 07:18 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-20 04:20 - 2016-09-02 06:55 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-09-20 04:20 - 2016-09-02 06:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-09-20 04:20 - 2016-09-02 06:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-09-20 04:20 - 2016-09-02 06:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-09-20 04:20 - 2016-09-02 06:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-09-20 04:18 - 2017-05-03 07:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2017-09-20 04:18 - 2017-05-03 07:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-09-20 04:18 - 2017-03-22 18:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2017-09-20 04:18 - 2016-08-16 12:40 - 000343552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-09-20 03:46 - 2017-09-20 05:03 - 000000000 ____D C:\Program Files\ZAR
2017-09-20 03:46 - 2017-09-20 03:46 - 000000742 _____ C:\Users\Public\Desktop\ZAR X.lnk
2017-09-20 03:45 - 2016-08-29 07:31 - 014183424 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-09-20 03:45 - 2016-08-29 07:31 - 001941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2017-09-20 03:45 - 2016-08-29 07:31 - 001867776 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-20 03:45 - 2016-08-29 07:04 - 003229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-09-20 03:45 - 2016-08-29 06:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-09-20 03:45 - 2016-07-07 07:36 - 001896168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2017-09-20 03:45 - 2016-07-07 07:36 - 000377576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2017-09-20 03:45 - 2016-07-07 07:36 - 000287976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2017-09-20 03:45 - 2016-07-07 07:08 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2017-09-20 03:45 - 2016-07-01 07:31 - 000976896 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2017-09-20 03:45 - 2016-07-01 07:31 - 000084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2017-09-20 03:45 - 2016-07-01 07:13 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-20 03:45 - 2016-07-01 07:13 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-09-20 03:45 - 2016-07-01 06:56 - 000464896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-09-20 03:45 - 2016-07-01 06:56 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-09-20 03:45 - 2016-07-01 06:56 - 000168960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2017-09-20 03:34 - 2017-09-20 03:34 - 000000000 ____D C:\Users\Roger\AppData\LocalLow\uTorrent
2017-09-15 18:34 - 2017-09-15 18:47 - 1395320832 ____R C:\Users\Roger\Downloads\John.Wick.Chapter.2.2017.HDRip.XVid..Line-NoGrp.avi
2017-09-15 18:32 - 2017-09-15 18:55 - 000000000 ____D C:\Users\Roger\Downloads\John.Wick.2014.BluRay.720p.x264-HEFF
2017-08-28 00:51 - 2017-08-28 04:00 - 000000000 ____D C:\Users\Roger\Downloads\Game.of.Thrones.S07E07.The.Dragon.and.the.Wolf.1080p.AMZN.WEBRip.DDP5.1.x264-GoT[rarbg]
2017-08-28 00:51 - 2017-08-28 00:52 - 000000000 ____D C:\Users\Roger\Downloads\Game.of.Thrones.S07E07.WEB.H264-STRiFE[ettv]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 00:30 - 2013-05-18 20:11 - 000323478 _____ C:\Windows\ntbtlog.txt
2017-09-23 23:54 - 2014-12-11 15:06 - 000000000 ____D C:\Windows\System32\appraiser
2017-09-23 23:54 - 2014-05-07 05:42 - 000000000 ___SD C:\Windows\System32\CompatTel
2017-09-23 23:53 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-20 07:38 - 2011-10-17 20:17 - 000782160 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-20 07:38 - 2009-07-13 21:13 - 000782160 _____ C:\Windows\System32\PerfStringBackup.INI
2017-09-20 07:38 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-09-20 07:34 - 2015-12-05 03:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d12f4ec41cc1b1.job
2017-09-20 07:32 - 2009-07-13 18:34 - 000000478 _____ C:\Windows\win.ini
2017-09-20 07:26 - 2015-09-07 20:13 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d0e9ecb9c97505.job
2017-09-20 07:25 - 2015-02-04 16:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d040d957d0d985.job
2017-09-20 07:24 - 2016-05-11 05:18 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d1ab87a6f1b1e3.job
2017-09-20 07:24 - 2014-06-21 00:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1cf8d297f347bad.job
2017-09-20 07:23 - 2016-02-04 14:29 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d15f9b75d991c4.job
2017-09-20 07:21 - 2012-05-24 04:03 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-09-20 07:21 - 2012-05-24 04:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-09-20 07:18 - 2016-05-11 05:03 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab8584a1ae93.job
2017-09-20 07:18 - 2015-05-15 21:20 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d08f97fb7b0993.job
2017-09-20 07:18 - 2015-05-14 21:18 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08ecea00bee04.job
2017-09-20 07:09 - 2016-08-10 04:59 - 000000000 ____D C:\Windows\System32\MRT
2017-09-20 07:08 - 2016-02-04 14:56 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15f9f41ec90ba.job
2017-09-20 07:03 - 2015-09-07 20:13 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e9ecbf7b366d.job
2017-09-20 07:01 - 2016-08-10 04:59 - 140394280 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-09-20 07:01 - 2015-12-05 02:58 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12f4be506e1e3.job
2017-09-20 06:55 - 2014-06-21 15:33 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8da9356177de.job
2017-09-20 06:55 - 2013-04-28 17:09 - 000000000 ____D C:\Users\Roger\AppData\Roaming\uTorrent
2017-09-20 05:23 - 2016-02-04 14:29 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d15f9b75994c9c.job
2017-09-20 04:41 - 2013-05-11 22:12 - 000000000 ____D C:\Users\Roger\AppData\Local\Adobe
2017-09-20 03:47 - 2009-07-13 20:45 - 000018736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-20 03:47 - 2009-07-13 20:45 - 000018736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-20 03:44 - 2013-10-20 00:28 - 000000000 ____D C:\SoundCloud Downloads
2017-09-20 03:32 - 2012-04-10 02:31 - 000000000 ___HD C:\ASUS.DAT
2017-09-20 03:31 - 2015-09-07 20:13 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e9ecbf26d3a1.job
2017-09-20 03:31 - 2014-06-21 15:33 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8da9351b9438.job
2017-09-16 01:36 - 2014-06-21 00:19 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1cf8d297f052e1d.job
2017-09-15 21:26 - 2015-09-07 20:13 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d0e9ecb9466069.job
2017-09-15 21:25 - 2015-02-04 16:19 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d040d95797521d.job
2017-09-15 18:46 - 2012-08-29 18:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-15 18:46 - 2012-08-29 18:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-15 18:46 - 2012-08-29 18:24 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-15 18:46 - 2012-08-29 18:24 - 000000000 ____D C:\Windows\System32\Macromed
2017-09-15 18:46 - 2011-10-17 20:27 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-15 18:34 - 2012-04-10 04:18 - 000002384 _____ C:\Users\Roger\Desktop\Google Chrome.lnk
2017-09-15 18:20 - 2017-07-17 02:48 - 000003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2017-08-28 00:40 - 2012-02-16 20:02 - 000045056 _____ C:\Windows\System32\acovcnt.exe

Some files in TEMP:
====================
2012-04-10 03:55 - 2012-04-10 03:55 - 000352768 _____ () C:\Users\Roger\AppData\Local\Temp\autorun.dll
2012-06-15 13:42 - 2012-08-30 21:44 - 021944384 _____ (ArenaNet) C:\Users\Roger\AppData\Local\Temp\Gw2.exe
2015-01-03 19:43 - 2015-01-03 19:43 - 009565624 _____ (Macroplant LLC                                              ) C:\Users\Roger\AppData\Local\Temp\iExplorer_Setup_3640.exe
2013-05-18 20:05 - 2013-05-18 20:05 - 000425560 _____ (ESET) C:\Users\Roger\AppData\Local\Temp\InstHelper.exe
2012-05-11 22:18 - 2011-09-27 11:15 - 000101144 _____ () C:\Users\Roger\AppData\Local\Temp\LMkRstPt.exe
2015-05-16 20:18 - 2015-05-16 20:18 - 050067152 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2012-05-31 19:26 - 2012-08-13 06:19 - 025653936 _____ (Skype Technologies S.A.) C:\Users\Roger\AppData\Local\Temp\SkypeSetup.exe
2012-04-10 07:14 - 2012-04-10 07:14 - 000139672 _____ (Eclipse Foundation) C:\Users\Roger\AppData\Local\Temp\swt-win32-3349.dll
2014-04-13 05:59 - 2014-04-13 05:59 - 001268816 _____ (BitTorrent Inc.) C:\Users\Roger\AppData\Local\Temp\uttC7D3.tmp.exe
2013-04-28 17:09 - 2013-04-28 17:09 - 008182784 _____ () C:\Users\Roger\AppData\Local\Temp\uttFB24.tmp.exe
2015-01-08 19:33 - 2015-01-08 19:33 - 024743106 _____ () C:\Users\Roger\AppData\Local\Temp\vlc-2.1.5-win32.exe
2016-01-04 04:50 - 2016-01-04 04:50 - 028849904 _____ () C:\Users\Roger\AppData\Local\Temp\vlc-2.2.1-win32.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Roger\AppData\Local\Temp\_is148A.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Roger\AppData\Local\Temp\_isF538.exe
2013-04-22 03:40 - 2013-04-22 03:56 - 000000000 _____ () C:\Users\Roger\AppData\Local\Temp\{0E7163BC-64DD-43DC-B9E0-3EB02D1B3290}-26.0.1410.64_26.0.1410.43_chrome_updater.exe
2013-02-11 03:52 - 2013-02-11 04:13 - 000000000 _____ () C:\Users\Roger\AppData\Local\Temp\{715D3A25-9602-4654-A834-A1545FB8FA74}-24.0.1312.57_23.0.1271.95_chrome_updater.exe

==================== Known DLLs (Whitelisted) =========================

C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION

==================== Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2017-09-20 07:01
Restore point date: 2017-09-24 18:50

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 6049.06 MB
Available physical RAM: 5324.49 MB
Total Virtual: 6047.21 MB
Available Virtual: 5315.71 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:49.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:150.53 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:0.54 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2016-06-27 03:14

==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
Ran by SYSTEM on MININT-RMFI042 (25-09-2017 20:33:07)
Running from f:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-20] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-09] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-20] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-24] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [S6000Mnt] => C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [SessionLogon] => C:\ExpressGateUtil\SessionLogon.exe
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-24] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-14] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-17] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-19] (Wondershare)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-06-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-06-28] (NVIDIA Corporation)
Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2012-02-16]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-20] (ESET)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1531352 2013-06-07] (Echobit LLC)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-03-11] ()
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AppIDSvc; %SystemRoot%\System32\appidsvc.dll [X]
S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-19] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-09] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-09] (ESET)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2012-10-02] (Echobit, LLC)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81920 2011-02-24] (Fresco Logic)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider)
S3 AppID; \SystemRoot\system32\drivers\appid.sys [X]
S3 GGSAFERDriver; \??\C:\Users\Roger\Garena Plus\Room\safedrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\AmUStor.SYS 9C7F164B49CADC658D1B3C575782F346
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys B4174564AD5834A1680610572477878C
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 58425D987F155F44C0BD4D0DB230327E
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\System32\DRIVERS\eamonm.sys 398904F1FBF13CEF0FCB822E9CA5F2D5
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 9E39134330C18CBAC0F24C1283701D7E
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys B4E8DC817963B256537B1EC09AF0647E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 05B0DCDA418E297A1B4CD8D7B8ADE403
C:\Windows\System32\DRIVERS\evolve.sys A0539478593A00AA64E600CF7E19F195
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FLxHCIc.sys 10B5AB16C34D4E316EDB825386F57DA6
C:\Windows\System32\DRIVERS\FLxHCIh.sys 66DE264C2DEFE746CB2E71F3A5EB5C2C
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 276EE9CDAB16C50E1DF0E4CEFA882F5F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 177B4E48C7A288E70779B42AB81D2D06
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 033B4AED2C5519072C0D81E00804D003
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LUsbFilt.Sys 29C733E1DE824670DC9315CFC9BDBCD3
C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 39DEFE644321F9A4B7F527664F628DEA
C:\Windows\System32\DRIVERS\nvpciflt.sys 5AFBEAF5D143253E9038E381AB7D4CC5
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\System32\Drivers\S6000KNT.sys 538B4DECD14E7A664921908C44987C8A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 16897B0322DD56621DF5978131130AF2
C:\Windows\System32\DRIVERS\srv2.sys 978423DEC32318FFBCD76D01232AC0FF
C:\Windows\System32\DRIVERS\srvnet.sys CB06B3D4659D744131E691B7B4CE6B2D
C:\Windows\System32\DRIVERS\ssudmdm.sys 383C219BFA39703A5AF40F1636E3A7F8
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys 595CB8DA5B522AD8CC28193DC21FD496
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\tpm.sys 48DDEF0B921DD331536CC82C1A8FF64F
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys FD24F98D2898BE093FE926604BE7DB99
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\System32\DRIVERS\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys D0335A55E5C3F812548E18300C2ACB62
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-25 20:32 - 2017-09-25 20:33 - 000000000 ____D C:\FRST
2017-09-24 18:05 - 2017-09-24 18:05 - 000000000 __SHD C:\found.000
2017-09-20 04:20 - 2016-09-02 07:40 - 000631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-09-20 04:20 - 2016-09-02 07:35 - 005548264 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-09-20 04:20 - 2016-09-02 07:35 - 000706280 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-09-20 04:20 - 2016-09-02 07:35 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-09-20 04:20 - 2016-09-02 07:35 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-09-20 04:20 - 2016-09-02 07:34 - 001732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-09-20 04:20 - 2016-09-02 07:31 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-09-20 04:20 - 2016-09-02 07:31 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 001464320 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-09-20 04:20 - 2016-09-02 07:21 - 004000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-20 04:20 - 2016-09-02 07:21 - 003944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-20 04:20 - 2016-09-02 07:18 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-20 04:20 - 2016-09-02 06:55 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-09-20 04:20 - 2016-09-02 06:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-09-20 04:20 - 2016-09-02 06:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-09-20 04:20 - 2016-09-02 06:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-09-20 04:20 - 2016-09-02 06:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-09-20 04:18 - 2017-05-03 07:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2017-09-20 04:18 - 2017-05-03 07:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-09-20 04:18 - 2017-03-22 18:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2017-09-20 04:18 - 2016-08-16 12:40 - 000343552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-09-20 03:46 - 2017-09-20 05:03 - 000000000 ____D C:\Program Files\ZAR
2017-09-20 03:46 - 2017-09-20 03:46 - 000000742 _____ C:\Users\Public\Desktop\ZAR X.lnk
2017-09-20 03:45 - 2016-08-29 07:31 - 014183424 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-09-20 03:45 - 2016-08-29 07:31 - 001941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2017-09-20 03:45 - 2016-08-29 07:31 - 001867776 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-20 03:45 - 2016-08-29 07:04 - 003229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-09-20 03:45 - 2016-08-29 06:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-09-20 03:45 - 2016-07-07 07:36 - 001896168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2017-09-20 03:45 - 2016-07-07 07:36 - 000377576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2017-09-20 03:45 - 2016-07-07 07:36 - 000287976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2017-09-20 03:45 - 2016-07-07 07:08 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2017-09-20 03:45 - 2016-07-01 07:31 - 000976896 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2017-09-20 03:45 - 2016-07-01 07:31 - 000084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2017-09-20 03:45 - 2016-07-01 07:13 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-20 03:45 - 2016-07-01 07:13 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-09-20 03:45 - 2016-07-01 06:56 - 000464896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-09-20 03:45 - 2016-07-01 06:56 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-09-20 03:45 - 2016-07-01 06:56 - 000168960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2017-09-20 03:34 - 2017-09-20 03:34 - 000000000 ____D C:\Users\Roger\AppData\LocalLow\uTorrent
2017-09-15 18:34 - 2017-09-15 18:47 - 1395320832 ____R C:\Users\Roger\Downloads\John.Wick.Chapter.2.2017.HDRip.XVid..Line-NoGrp.avi
2017-09-15 18:32 - 2017-09-15 18:55 - 000000000 ____D C:\Users\Roger\Downloads\John.Wick.2014.BluRay.720p.x264-HEFF
2017-08-28 00:51 - 2017-08-28 04:00 - 000000000 ____D C:\Users\Roger\Downloads\Game.of.Thrones.S07E07.The.Dragon.and.the.Wolf.1080p.AMZN.WEBRip.DDP5.1.x264-GoT[rarbg]
2017-08-28 00:51 - 2017-08-28 00:52 - 000000000 ____D C:\Users\Roger\Downloads\Game.of.Thrones.S07E07.WEB.H264-STRiFE[ettv]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 00:30 - 2013-05-18 20:11 - 000323478 _____ C:\Windows\ntbtlog.txt
2017-09-23 23:54 - 2014-12-11 15:06 - 000000000 ____D C:\Windows\System32\appraiser
2017-09-23 23:54 - 2014-05-07 05:42 - 000000000 ___SD C:\Windows\System32\CompatTel
2017-09-23 23:53 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-20 07:38 - 2011-10-17 20:17 - 000782160 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-20 07:38 - 2009-07-13 21:13 - 000782160 _____ C:\Windows\System32\PerfStringBackup.INI
2017-09-20 07:38 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-09-20 07:34 - 2015-12-05 03:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d12f4ec41cc1b1.job
2017-09-20 07:32 - 2009-07-13 18:34 - 000000478 _____ C:\Windows\win.ini
2017-09-20 07:26 - 2015-09-07 20:13 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d0e9ecb9c97505.job
2017-09-20 07:25 - 2015-02-04 16:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d040d957d0d985.job
2017-09-20 07:24 - 2016-05-11 05:18 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d1ab87a6f1b1e3.job
2017-09-20 07:24 - 2014-06-21 00:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1cf8d297f347bad.job
2017-09-20 07:23 - 2016-02-04 14:29 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d15f9b75d991c4.job
2017-09-20 07:21 - 2012-05-24 04:03 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-09-20 07:21 - 2012-05-24 04:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-09-20 07:18 - 2016-05-11 05:03 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab8584a1ae93.job
2017-09-20 07:18 - 2015-05-15 21:20 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d08f97fb7b0993.job
2017-09-20 07:18 - 2015-05-14 21:18 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08ecea00bee04.job
2017-09-20 07:09 - 2016-08-10 04:59 - 000000000 ____D C:\Windows\System32\MRT
2017-09-20 07:08 - 2016-02-04 14:56 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15f9f41ec90ba.job
2017-09-20 07:03 - 2015-09-07 20:13 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e9ecbf7b366d.job
2017-09-20 07:01 - 2016-08-10 04:59 - 140394280 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-09-20 07:01 - 2015-12-05 02:58 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12f4be506e1e3.job
2017-09-20 06:55 - 2014-06-21 15:33 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8da9356177de.job
2017-09-20 06:55 - 2013-04-28 17:09 - 000000000 ____D C:\Users\Roger\AppData\Roaming\uTorrent
2017-09-20 05:23 - 2016-02-04 14:29 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d15f9b75994c9c.job
2017-09-20 04:41 - 2013-05-11 22:12 - 000000000 ____D C:\Users\Roger\AppData\Local\Adobe
2017-09-20 03:47 - 2009-07-13 20:45 - 000018736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-20 03:47 - 2009-07-13 20:45 - 000018736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-20 03:44 - 2013-10-20 00:28 - 000000000 ____D C:\SoundCloud Downloads
2017-09-20 03:32 - 2012-04-10 02:31 - 000000000 ___HD C:\ASUS.DAT
2017-09-20 03:31 - 2015-09-07 20:13 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e9ecbf26d3a1.job
2017-09-20 03:31 - 2014-06-21 15:33 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8da9351b9438.job
2017-09-16 01:36 - 2014-06-21 00:19 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1cf8d297f052e1d.job
2017-09-15 21:26 - 2015-09-07 20:13 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d0e9ecb9466069.job
2017-09-15 21:25 - 2015-02-04 16:19 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d040d95797521d.job
2017-09-15 18:46 - 2012-08-29 18:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-15 18:46 - 2012-08-29 18:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-15 18:46 - 2012-08-29 18:24 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-15 18:46 - 2012-08-29 18:24 - 000000000 ____D C:\Windows\System32\Macromed
2017-09-15 18:46 - 2011-10-17 20:27 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-15 18:34 - 2012-04-10 04:18 - 000002384 _____ C:\Users\Roger\Desktop\Google Chrome.lnk
2017-09-15 18:20 - 2017-07-17 02:48 - 000003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2017-08-28 00:40 - 2012-02-16 20:02 - 000045056 _____ C:\Windows\System32\acovcnt.exe

Some files in TEMP:
====================
2012-04-10 03:55 - 2012-04-10 03:55 - 000352768 _____ () C:\Users\Roger\AppData\Local\Temp\autorun.dll
2012-06-15 13:42 - 2012-08-30 21:44 - 021944384 _____ (ArenaNet) C:\Users\Roger\AppData\Local\Temp\Gw2.exe
2015-01-03 19:43 - 2015-01-03 19:43 - 009565624 _____ (Macroplant LLC                                              ) C:\Users\Roger\AppData\Local\Temp\iExplorer_Setup_3640.exe
2013-05-18 20:05 - 2013-05-18 20:05 - 000425560 _____ (ESET) C:\Users\Roger\AppData\Local\Temp\InstHelper.exe
2012-05-11 22:18 - 2011-09-27 11:15 - 000101144 _____ () C:\Users\Roger\AppData\Local\Temp\LMkRstPt.exe
2015-05-16 20:18 - 2015-05-16 20:18 - 050067152 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2012-05-31 19:26 - 2012-08-13 06:19 - 025653936 _____ (Skype Technologies S.A.) C:\Users\Roger\AppData\Local\Temp\SkypeSetup.exe
2012-04-10 07:14 - 2012-04-10 07:14 - 000139672 _____ (Eclipse Foundation) C:\Users\Roger\AppData\Local\Temp\swt-win32-3349.dll
2014-04-13 05:59 - 2014-04-13 05:59 - 001268816 _____ (BitTorrent Inc.) C:\Users\Roger\AppData\Local\Temp\uttC7D3.tmp.exe
2013-04-28 17:09 - 2013-04-28 17:09 - 008182784 _____ () C:\Users\Roger\AppData\Local\Temp\uttFB24.tmp.exe
2015-01-08 19:33 - 2015-01-08 19:33 - 024743106 _____ () C:\Users\Roger\AppData\Local\Temp\vlc-2.1.5-win32.exe
2016-01-04 04:50 - 2016-01-04 04:50 - 028849904 _____ () C:\Users\Roger\AppData\Local\Temp\vlc-2.2.1-win32.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Roger\AppData\Local\Temp\_is148A.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Roger\AppData\Local\Temp\_isF538.exe
2013-04-22 03:40 - 2013-04-22 03:56 - 000000000 _____ () C:\Users\Roger\AppData\Local\Temp\{0E7163BC-64DD-43DC-B9E0-3EB02D1B3290}-26.0.1410.64_26.0.1410.43_chrome_updater.exe
2013-02-11 03:52 - 2013-02-11 04:13 - 000000000 _____ () C:\Users\Roger\AppData\Local\Temp\{715D3A25-9602-4654-A834-A1545FB8FA74}-24.0.1312.57_23.0.1271.95_chrome_updater.exe

==================== Known DLLs (Whitelisted) =========================

C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION

==================== Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2017-09-20 07:01
Restore point date: 2017-09-24 18:50

==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 6049.06 MB
Available physical RAM: 5324.49 MB
Total Virtual: 6047.21 MB
Available Virtual: 5315.71 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:49.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:150.53 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:0.54 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2016-06-27 03:14

==================== End of FRST.txt ============================

I know there is a search.txt and fixlist.txt component after this but I do not want to jump the gun unknowingly as I'm afraid I'd break more stuff without proper guidance. 

Thanks a bunch for looking at my issue.
 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:11 PM

Posted 25 September 2017 - 01:52 PM

Welcome :)

 

Lets first try to locate the missing files. Save these instructions to the USB drive, so you can have access to it in WINRE.

 

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

advapi32.dll;kernel32.dll;OLEAUT32.dll;winsrv.dll;igfxdev.dll;appidsvc.dll;wuaueng.dll;appid.sys;safedrv.sys

It then should look like:

Search: advapi32.dll;kernel32.dll;OLEAUT32.dll;winsrv.dll;igfxdev.dll;appidsvc.dll;wuaueng.dll;appid.sys;safedrv.sys

Click Search Files button and post the log (Search.txt) it makes in the USB drive in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 fvong

fvong
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 26 September 2017 - 07:14 AM

Hi 

JSntgRvr,

 

I really appreciate you taking the time out of you day to help me, here is the contents of the search.txt;

Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by SYSTEM (26-09-2017 19:53:38)
Running from F:\
Boot Mode: Recovery

================== Search Files: "advapi32.dll;kernel32.dll;OLEAUT32.dll;winsrv.dll;igfxdev.dll;appidsvc.dll;wuaueng.dll;appid.sys;safedrv.sys" =============

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23539_none_e5c88a84fded5e35\advapi32.dll
[2017-09-20 04:20][2016-09-02 07:16] 000644096 _____ (Microsoft Corporation) 901B8E4C2BA406EDCA8B3A8DADA4AD6E

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23418_none_e5dd282cfdde0fd5\advapi32.dll
[2016-05-16 01:11][2016-04-08 22:54] 000644096 _____ (Microsoft Corporation) 039567AA833DDAC96E85880204516424

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23392_none_e580a52afe245a2c\advapi32.dll
[2016-04-24 22:38][2016-03-17 14:24] 000644096 _____ (Microsoft Corporation) 9F55E7A647A793A4D8C89A32B9543799

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23391_none_e57fa4e0fe2540d5\advapi32.dll
[2016-04-24 22:39][2016-03-16 10:23] 000644096 _____ (Microsoft Corporation) 5E4BAA343F2C4BA0E9CD507620F29904

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23349_none_e5bdb6ccfdf57fd8\advapi32.dll
[2016-03-11 19:19][2016-02-10 10:24] 000644096 _____ (Microsoft Corporation) CC521AA0E93B59DE1822F1B2A8145CA7

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23338_none_e5c7866efdee4a90\advapi32.dll
[2016-02-20 20:57][2016-01-21 22:07] 000644608 _____ (Microsoft Corporation) 3D0942B68ED0A5ECFFD2E47581EA6E4D

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23334_none_e5c38546fdf1e534\advapi32.dll
[2016-02-20 20:58][2016-01-16 16:09] 000644096 _____ (Microsoft Corporation) 509A4A0E5A4E8BD1BA2375B6EE06EE91

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23290_none_e57ea2b0fe262a57\advapi32.dll
[2016-01-17 02:50][2015-12-08 10:31] 000643072 _____ (Microsoft Corporation) 648660CA3896C91C4808A1600082851E

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23142_none_e5b6b0fafdfbd429\advapi32.dll
[2015-09-10 07:47][2015-07-22 15:57] 000643072 _____ (Microsoft Corporation) 437BAD628FE3B7BDD029A94FE402C95B

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23072_none_e5963f50fe142ad5\advapi32.dll
[2015-06-11 06:51][2015-05-25 10:06] 000643072 _____ (Microsoft Corporation) 01E5C5E43D05E9FBB9FD6A505CEF2C64

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23040_none_e5b4ae80fdfda454\advapi32.dll
[2015-05-12 21:41][2015-04-27 10:55] 000643072 _____ (Microsoft Corporation) 6C990982B96775CB77DB18B9BAD385A5

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.22436_none_e5c59e88fdeffb68\advapi32.dll
[2013-10-09 15:33][2013-08-28 17:54] 000640512 _____ (Microsoft Corporation) 46B71227881046A2F95FB892DC251C21

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.19160_none_e51575a9e4f036ba\advapi32.dll
[2016-03-11 19:19][2016-02-11 10:30] 000642560 _____ (Microsoft Corporation) 1B2966418D805A871C30998D45570109

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.19135_none_e53ae6dfe4d3619a\advapi32.dll
[2016-02-20 20:57][2016-01-21 21:59] 000642560 _____ (Microsoft Corporation) 8E906BEE0415C2D4689305B8406B5E07

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.19131_none_e536e5b7e4d6fc3e\advapi32.dll
[2016-02-20 20:58][2016-01-16 10:34] 000642560 _____ (Microsoft Corporation) C69473DD9D5E33F054FD3B89245210C9

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.19091_none_e4f60449e507a6bd\advapi32.dll
[2016-01-17 02:50][2015-12-08 13:53] 000641536 _____ (Microsoft Corporation) E8D68D619AAF4E78850DF96B5E53EA03

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.18939_none_e53f0dffe4cf968d\advapi32.dll
[2015-09-10 07:47][2015-07-22 09:53] 000641536 _____ (Microsoft Corporation) 82CBE024109D89FFE27DB8601792758A

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.18869_none_e51e9c55e4e7ed39\advapi32.dll
[2015-06-11 06:51][2015-05-25 10:01] 000641536 _____ (Microsoft Corporation) 9E68E1BDEBD85FC8803707370BE0FC6E

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.18839_none_e53f0c19e4cf9966\advapi32.dll
[2015-05-12 21:41][2015-04-27 11:04] 000641536 _____ (Microsoft Corporation) 7A5824DC9A85FCE4334F57FF0795853E

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.18247_none_e5323035e4d993bf\advapi32.dll
[2013-10-09 15:33][2013-08-28 17:48] 000640512 _____ (Microsoft Corporation) D67472125471784DE7147946EDA25FEB

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.17514_none_e54fbb95e4c3d1bb\advapi32.dll
[2011-02-18 11:49][2010-11-20 04:18] 000640512 _____ (Microsoft Corporation) 95E2376B3323F062EB562B8586D0F14A

C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_e31ea7cde7d54e21\advapi32.dll
[2009-07-13 16:20][2009-07-13 17:14] 000640000 _____ (Microsoft Corporation) 0C65FA8214D6F8378D1D3BA1CA46AF0A

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.23452_none_25d7057a5fba9538\oleaut32.dll
[2017-09-20 04:20][2016-05-12 07:18] 000572416 _____ (Microsoft Corporation) BDCB734932273BB559B6370F39655F60

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.23344_none_25e3d4145fb0aece\oleaut32.dll
[2016-03-11 19:21][2016-02-03 10:42] 000572416 _____ (Microsoft Corporation) 6B526246B299F79CEA0ADD77BD51B48B

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.22886_none_25bab53e5fcf2962\oleaut32.dll
[2015-02-11 19:46][2014-11-25 19:51] 000571904 _____ (Microsoft Corporation) 833A14F37525FF292332A96B67FA9790

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.22846_none_25e5f4ee5faeb99e\oleaut32.dll
[2014-11-13 04:02][2014-10-17 17:32] 000571904 _____ (Microsoft Corporation) 0656C40A75085075E04DF985CCA138C6

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21802_none_260d4a3e5f91cadd\oleaut32.dll
[2012-04-10 07:35][2011-08-26 21:41] 000571904 _____ (Microsoft Corporation) 6AF714B44B582D6600AB34778948B74B

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21669_none_25d368f05fbc2996\oleaut32.dll
[2011-10-17 19:46][2011-10-17 19:46] 000571904 _____ (Microsoft Corporation) 845EAC47A1D69CF2FA5FCD2DF320C02C

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.19144_none_255a3563469311dd\oleaut32.dll
[2016-03-11 19:21][2016-02-03 10:49] 000572416 _____ (Microsoft Corporation) 4CE464D543C536B2E039524C93413238

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.18679_none_253ee75746a6bc85\oleaut32.dll
[2015-02-11 19:46][2014-11-25 19:32] 000571904 _____ (Microsoft Corporation) A208DAC2932649CFF82A6A684D8BB1F6

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.18640_none_25565481469684a3\oleaut32.dll
[2014-11-13 04:02][2014-10-17 17:33] 000571904 _____ (Microsoft Corporation) EDA54D2E17C0271D2CDA946ABE344110

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17676_none_253bfd4146a956df\oleaut32.dll
[2012-04-10 07:35][2011-08-26 20:26] 000571904 _____ (Microsoft Corporation) 6C765E82B57F2E66CE9C54AC238471D9

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17567_none_2547cb9146a0571e\oleaut32.dll
[2011-10-17 19:46][2011-10-17 19:46] 000571904 _____ (Microsoft Corporation) 1CBAEDC5448CD922DCF82283383AD68B

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17514_none_257ada4f467a7f64\oleaut32.dll
[2011-02-18 11:49][2010-11-20 04:20] 000571904 _____ (Microsoft Corporation) 028D74F61952756C9DFFF7969162BB39

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.21036_none_240a54d862804e3b\oleaut32.dll
[2012-04-10 07:35][2011-08-26 20:41] 000571904 _____ (Microsoft Corporation) D91B8D9F154929130900A8BEEC697D41

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.20861_none_23e5099a629cf2f2\oleaut32.dll
[2011-10-17 19:46][2011-10-17 19:46] 000571904 _____ (Microsoft Corporation) 8BB4D5AB47AA6960AEE3CD758ECA01ED

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16872_none_23519f1349868597\oleaut32.dll
[2012-04-10 07:35][2011-08-26 20:43] 000571904 _____ (Microsoft Corporation) 705C210EFC5564BE49EB026BD7AFF27A

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16722_none_2387acc9495dfcbb\oleaut32.dll
[2011-10-17 19:46][2011-10-17 19:46] 000571904 _____ (Microsoft Corporation) 06333B8D05D4F3A2AF25EB14FC0A1DFF

C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16385_none_2349c687498bfbca\oleaut32.dll
[2009-07-13 15:44][2009-07-13 17:16] 000571904 _____ (Microsoft Corporation) FADBB267FE9846233ED486DE6EEAAEB9

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23539_none_fcb163f1ba756164\kernel32.dll
[2017-09-20 04:20][2016-09-02 07:16] 001114112 _____ (Microsoft Corporation) 9FFAA819B32476804ED0FED6DD245094

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23418_none_fcc60199ba661304\kernel32.dll
[2016-05-16 01:11][2016-04-08 22:54] 001114112 _____ (Microsoft Corporation) 7214F85DDE720F547C88746044A9DF50

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23392_none_fc697e97baac5d5b\kernel32.dll
[2016-04-24 22:38][2016-03-17 14:31] 001114112 _____ (Microsoft Corporation) 002E17D37479281C5D241A189F973C5F

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23391_none_fc687e4dbaad4404\kernel32.dll
[2016-04-24 22:39][2016-03-16 10:31] 001114112 _____ (Microsoft Corporation) 991D33667BEB392CD6C9828893F165B0

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23349_none_fca69039ba7d8307\kernel32.dll
[2016-03-11 19:19][2016-02-10 10:30] 001114112 _____ (Microsoft Corporation) 60A14A0BB9BAFD0B37FF6E2FDE66C19D

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23338_none_fcb05fdbba764dbf\kernel32.dll
[2016-02-20 20:57][2016-01-21 22:06] 001114112 _____ (Microsoft Corporation) 0395FCC1F6DE5155ACB84F6BBF771B45

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23334_none_fcac5eb3ba79e863\kernel32.dll
[2016-02-20 20:58][2016-01-16 16:17] 001114112 _____ (Microsoft Corporation) 591DDCCA27EFC5A931084B6D4B4542B6

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23313_none_fcc0fe41ba6a972a\kernel32.dll
[2016-01-17 02:50][2015-12-30 10:55] 001114112 _____ (Microsoft Corporation) D6BAC40F57558E09045E52F0BD995524

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_fc92bbcdba8dbdc2\kernel32.dll
[2015-11-28 23:26][2015-10-19 16:45] 001114112 _____ (Microsoft Corporation) 6D2B6BCAE365F879F958BCAB2B0EBC9D

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23223_none_fcb62c6fba72b5f4\kernel32.dll
[2015-10-14 05:02][2015-09-28 12:15] 001114112 _____ (Microsoft Corporation) A0CFCED64576C13EC04AD7B39940BE93

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23153_none_fc95bac5ba8b0ca0\kernel32.dll
[2015-09-10 07:46][2015-08-04 09:51] 001114112 _____ (Microsoft Corporation) F7C976A71C09A6B4141CC5C8097DE81C

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_fc9f8a67ba83d758\kernel32.dll
[2015-09-10 07:47][2015-07-22 15:56] 001114112 _____ (Microsoft Corporation) 6F5C056D1AEB8713E403259B5FB38EE8

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_fcae5b7bba7820c3\kernel32.dll
[2015-09-07 21:32][2015-07-15 09:48] 001114112 _____ (Microsoft Corporation) 50159C0AEE9029D43B7E27022B6C0B37

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_fcb92b67ba7004d2\kernel32.dll
[2015-09-07 21:31][2015-07-14 18:58] 001114112 _____ (Microsoft Corporation) CA1A5EE549FE248BC127C1A5CAB72B70

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_fc7f18bdba9c2e04\kernel32.dll
[2015-06-11 06:51][2015-05-25 10:05] 001114112 _____ (Microsoft Corporation) 5EA4D6D52DB2679B8F9DE67A7F8BC41A

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_fc9d87edba85a783\kernel32.dll
[2015-05-12 21:41][2015-04-27 10:54] 001114112 _____ (Microsoft Corporation) B4E11856DF2535DF158D32DA7B780FDF

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_fccac831ba636a6d\kernel32.dll
[2015-04-14 15:29][2015-03-16 20:44] 001114112 _____ (Microsoft Corporation) 9FBA00AA15C45A2F1D26776193E543C1

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll
[2014-05-13 19:46][2014-04-11 18:05] 001114112 _____ (Microsoft Corporation) C8C41EBEE097FEB29FB816854D3AD1E7

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_fcc41b99ba67c103\kernel32.dll
[2014-04-08 16:51][2014-03-04 02:38] 001114112 _____ (Microsoft Corporation) 866696FBE24914047462E34812169954

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_fcae77f5ba77fe97\kernel32.dll
[2013-10-09 15:33][2013-08-28 17:57] 001114112 _____ (Microsoft Corporation) EE751CBD5D0C332FDF3DF7187B612416

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_fcbf165bba6c4802\kernel32.dll
[2013-09-11 22:25][2013-08-01 21:55] 001114112 _____ (Microsoft Corporation) 61579F821AB5FF7FA2966D64D1070BA8

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22379_none_fc86373dba95bd39\kernel32.dll
[2013-08-14 05:28][2013-07-07 21:05] 001114112 _____ (Microsoft Corporation) 2997A7BC59E3EEFE8E86D1B0F3A3D748

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_fcd1e4cbba5cfc7b\kernel32.dll
[2013-04-26 16:34][2013-01-03 20:52] 001114112 _____ (Microsoft Corporation) 7E55988F5CB3BA67E2732370E8D71BBB

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll
[2013-04-22 03:21][2012-11-29 20:57] 001114112 _____ (Microsoft Corporation) 9CC2571E3646B9A24296AD7ADCC71682

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_fcb841e5ba70d1da\kernel32.dll
[2013-04-22 03:25][2012-10-04 08:36] 001114112 _____ (Microsoft Corporation) 5FA395364EE727E4BEE6B1406C207F98

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_fc688f63baad32ee\kernel32.dll
[2012-10-10 06:20][2012-08-20 09:31] 001114112 _____ (Microsoft Corporation) 305681B4B695D4A888B941965FFC2C17

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2011-10-17 19:54][2011-10-17 19:54] 001114112 _____ (Microsoft Corporation) D3CB12854171DF61D117D7C2BF22C675

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[2011-10-17 19:50][2011-10-17 19:50] 000837632 _____ (Microsoft Corporation) CC5CBC069944E7EA70D8674478A70A37

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19160_none_fbfe4f16a17839e9\kernel32.dll
[2016-03-11 19:19][2016-02-11 10:38] 001114112 _____ (Microsoft Corporation) A51056F0AB2386C1032977E89BCB267A

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19135_none_fc23c04ca15b64c9\kernel32.dll
[2016-02-20 20:57][2016-01-21 22:06] 001114112 _____ (Microsoft Corporation) 8A4577DE02C55182ED46202BA2E06DA5

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19131_none_fc1fbf24a15eff6d\kernel32.dll
[2016-02-20 20:58][2016-01-16 10:37] 001114112 _____ (Microsoft Corporation) 426462DFDE05F334131C67D24C6A2DF4

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19110_none_fc345eb2a14fae34\kernel32.dll
[2016-01-17 02:50][2015-12-30 10:41] 001114112 _____ (Microsoft Corporation) E149FE1FD23748986551F4E1F5752090

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_fc18ee7aa1638393\kernel32.dll
[2015-11-28 23:26][2015-10-19 16:44] 001114112 _____ (Microsoft Corporation) 4166C05FA57548E6518D7EE20896C0A5

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19018_none_fc3c5f1ca1487bc5\kernel32.dll
[2015-10-14 05:02][2015-09-28 18:57] 001114112 _____ (Microsoft Corporation) 9E83A4F6E776F7A3E5F7FB90180FBC0B

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_fc27e76ca15799bc\kernel32.dll
[2015-09-10 07:47][2015-07-22 09:52] 001114112 _____ (Microsoft Corporation) 1E679BB6671C67B2097A5E53D884D4D0

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_fc21e5b0a15d01b2\kernel32.dll
[2015-09-07 21:32][2015-07-15 09:53] 001114112 _____ (Microsoft Corporation) A38E10B4143A19F32D64517B6A1FCB98

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_fc2cb59ca154e5c1\kernel32.dll
[2015-09-07 21:31][2015-07-14 18:54] 001114112 _____ (Microsoft Corporation) C3856345C4FB053140237236D1146242

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_fc0775c2a16ff068\kernel32.dll
[2015-06-11 06:51][2015-05-25 09:59] 001114112 _____ (Microsoft Corporation) F81920ADB15012CF4E9FF8238C85686A

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_fc27e586a1579c95\kernel32.dll
[2015-05-12 21:41][2015-04-27 11:03] 001114112 _____ (Microsoft Corporation) 1569F20BB9DB9FDC87A6D3C8A3726ABF

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18798_none_fbe603cea1892dbd\kernel32.dll
[2015-04-14 15:29][2015-03-16 20:56] 001114112 _____ (Microsoft Corporation) 99DE8BADC0E85C9AB4A8301A3723FFEA

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll
[2014-04-08 16:51][2014-03-04 01:16] 001114112 _____ (Microsoft Corporation) 76161B9D78A275F8F28DD67436013110

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_fc32aa0ea14f91ba\kernel32.dll
[2013-09-11 22:25][2013-08-01 17:50] 001114112 _____ (Microsoft Corporation) 365A5034093AD9E04F433046C4CDF6AB

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
[2013-04-22 03:21][2012-11-29 20:53] 001114112 _____ (Microsoft Corporation) AC0B6F41882FC6ED186962D770EBF1D2

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_fc038d48a1736e92\kernel32.dll
[2013-04-22 03:25][2012-10-04 08:47] 001114112 _____ (Microsoft Corporation) D4F3176082566CEFA633B4945802D4C4

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\kernel32.dll
[2012-10-10 06:20][2012-08-20 09:37] 001114112 _____ (Microsoft Corporation) 9B98D47916EAD4F69EF51B56B0C2323C

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2011-10-17 19:54][2011-10-17 19:54] 001114112 _____ (Microsoft Corporation) 99C3F8E9CC59D95666EB8D8A8B4C2BEB

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[2011-10-17 19:50][2011-10-17 19:50] 000837632 _____ (Microsoft Corporation) 166116134C58DC36400DE59ACD64FB39

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[2011-02-18 11:49][2010-11-20 04:08] 000837632 _____ (Microsoft Corporation) E80758CF485DB142FCA1EE03A34EAD05

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21416_none_faddb6fbbd41607b\kernel32.dll
[2013-04-26 16:34][2013-01-03 20:51] 001114112 _____ (Microsoft Corporation) F9F6CD9EF1F6C896A56B5259B81027D9

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21386_none_fa9205a1bd7a26eb\kernel32.dll
[2013-04-22 03:21][2012-11-29 20:51] 001114112 _____ (Microsoft Corporation) E747ADB6223DBBE1BB138F08A09ADAD6

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_fac714f3bd5281df\kernel32.dll
[2013-04-22 03:25][2012-10-04 08:56] 001114112 _____ (Microsoft Corporation) DE7A37CB1F48526A78A2D42786411578

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21306_none_fae88501bd394763\kernel32.dll
[2012-10-10 06:20][2012-08-20 09:51] 001114112 _____ (Microsoft Corporation) 85660067ECD49B6E302347EFCC2F72A5

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll
[2011-10-17 19:54][2011-10-17 19:54] 001114112 _____ (Microsoft Corporation) 2113248DB2D1AF9CA790B09F3E6C6E85

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll
[2011-10-17 19:50][2011-10-17 19:50] 001114112 _____ (Microsoft Corporation) 6EB2AEE15C20681E323E9A3E334FE6CF

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17206_none_fa5ee836a41ba799\kernel32.dll
[2013-04-26 16:34][2013-01-03 20:51] 001114112 _____ (Microsoft Corporation) 385BE92E3106491BBB542F8F1C06C606

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17179_none_fa1637baa451ba0e\kernel32.dll
[2013-04-22 03:21][2012-11-29 21:06] 001114112 _____ (Microsoft Corporation) C95793F4BE3471AEED92F5BF367BE69E

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_fa3d7642a434e4ee\kernel32.dll
[2013-04-22 03:25][2012-10-04 08:54] 001114112 _____ (Microsoft Corporation) A6778FC49011313995A4D718F624CC74

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17107_none_fa5fe69aa41ac3c9\kernel32.dll
[2012-10-10 06:20][2012-08-18 03:17] 001114112 _____ (Microsoft Corporation) 33616DACC75C9E105DAE944120DB4274

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_fa22f90aa449708d\kernel32.dll
[2011-10-17 19:54][2011-10-17 19:54] 001048576 _____ (Microsoft Corporation) 4EA99F1644627B1EBAD99D0B93CDEE1C

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll
[2011-10-17 19:50][2011-10-17 19:50] 000837120 _____ (Microsoft Corporation) 40EACEE0B6432CBE2459A11B298E9D88

C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
[2009-07-13 15:16][2009-07-13 17:11] 000836608 _____ (Microsoft Corporation) 606ECB76A424CC535407E7A24E2A34BC

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23539_none_151d6b00cc1e4c66\winsrv.dll
[2017-09-20 04:20][2016-09-02 07:31] 000215552 _____ (Microsoft Corporation) B96D67F1BF78F1005B9D77EA7889F2B8

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23418_none_153208a8cc0efe06\winsrv.dll
[2016-05-16 01:11][2016-04-08 22:58] 000215552 _____ (Microsoft Corporation) E0E4D286839FC27F56A85B4710E16B6B

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23392_none_14d585a6cc55485d\winsrv.dll
[2016-04-24 22:38][2016-03-17 14:58] 000215552 _____ (Microsoft Corporation) 841BF993597DCD498247684B5D3AE845

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23391_none_14d4855ccc562f06\winsrv.dll
[2016-04-24 22:39][2016-03-16 10:53] 000215552 _____ (Microsoft Corporation) C3A12C3277B625E5D6B8CC3586D7A16B

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23349_none_15129748cc266e09\winsrv.dll
[2016-03-11 19:19][2016-02-10 10:56] 000215552 _____ (Microsoft Corporation) ACCB745C5952B041B548DDD879902369

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23338_none_151c66eacc1f38c1\winsrv.dll
[2016-02-20 20:57][2016-01-21 22:28] 000215552 _____ (Microsoft Corporation) 2EAE95F2308236806D0BA94A8059F072

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23334_none_151865c2cc22d365\winsrv.dll
[2016-02-20 20:58][2016-01-16 16:32] 000215552 _____ (Microsoft Corporation) 21D831EA876E381114DACFD0A002C71A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23313_none_152d0550cc13822c\winsrv.dll
[2016-01-17 02:50][2015-12-30 11:14] 000215552 _____ (Microsoft Corporation) 1B191119CA1CAABEC3D22C606577C941

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23250_none_14fec2dccc36a8c4\winsrv.dll
[2015-11-28 23:26][2015-10-19 17:12] 000215552 _____ (Microsoft Corporation) 5670C0D6F1D4D280A04D94CA482F6EE1

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23226_none_1525345ccc18ecfb\winsrv.dll
[2015-10-14 05:02][2015-10-01 10:07] 000215552 _____ (Microsoft Corporation) C3C3221BC5FF27C3747E354112671221

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23223_none_1522337ecc1ba0f6\winsrv.dll
[2015-10-14 05:02][2015-09-28 10:16] 000215552 _____ (Microsoft Corporation) FE2BB7D5CF4460551FF5A0079AAFA7FC

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23153_none_1501c1d4cc33f7a2\winsrv.dll
[2015-09-10 07:46][2015-08-04 10:12] 000215552 _____ (Microsoft Corporation) BEF290D165BE120135C21438C40E2F99

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23142_none_150b9176cc2cc25a\winsrv.dll
[2015-09-10 07:47][2015-07-22 14:04] 000215552 _____ (Microsoft Corporation) 93B05A374E8B264FE41553BAEA2DAC07

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23136_none_151a628acc210bc5\winsrv.dll
[2015-09-07 21:32][2015-07-15 10:09] 000215552 _____ (Microsoft Corporation) 9EF75B9438147AAD6A6899F76FB8B4E3

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23126_none_15253276cc18efd4\winsrv.dll
[2015-09-07 21:31][2015-07-14 19:20] 000215552 _____ (Microsoft Corporation) 3E19966F2F720A4DF6C1F2F0D483DC81

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23072_none_14eb1fcccc451906\winsrv.dll
[2015-06-11 06:51][2015-05-25 10:22] 000215552 _____ (Microsoft Corporation) 7B3C10D38F84D2D534E1565A8B17018C

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23040_none_15098efccc2e9285\winsrv.dll
[2015-05-12 21:41][2015-04-27 11:17] 000215552 _____ (Microsoft Corporation) 4A7726EC105064BB6614A402F25D3913

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23002_none_1536cf40cc0c556f\winsrv.dll
[2015-04-14 15:29][2015-03-16 21:12] 000215552 _____ (Microsoft Corporation) C05095F6593579EA61C5E99FD264D602

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22653_none_1501e21acc33cfc4\winsrv.dll
[2014-05-13 19:46][2014-04-11 18:32] 000215552 _____ (Microsoft Corporation) BDADDE9AD8DD2BF67426C23A8874D776

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22616_none_153022a8cc10ac05\winsrv.dll
[2014-04-08 16:51][2014-03-04 03:08] 000215552 _____ (Microsoft Corporation) 9A1BEE89214174AC2862344670C42B5A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22436_none_151a7f04cc20e999\winsrv.dll
[2013-10-09 15:33][2013-08-28 18:21] 000215040 _____ (Microsoft Corporation) 516D82106CAFAE156C61C5AB627A6409

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22411_none_152b1d6acc153304\winsrv.dll
[2013-09-11 22:25][2013-08-01 22:23] 000215040 _____ (Microsoft Corporation) 99AACC82C6B8A8E976CA59CFD3C322EF

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22379_none_14f23e4ccc3ea83b\winsrv.dll
[2013-08-14 05:28][2013-07-07 21:18] 000215040 _____ (Microsoft Corporation) 1F1DA89B6582F8728ECEB1C35438C1E7

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22209_none_153debdacc05e77d\winsrv.dll
[2013-04-26 16:34][2013-01-03 21:43] 000215040 _____ (Microsoft Corporation) 5F38CFC96BCA5DD462E2B243B6E31849

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f\winsrv.dll
[2013-04-22 03:21][2012-11-29 21:55] 000215040 _____ (Microsoft Corporation) C2B1F6196C7FE1EA1BF827312B095D06

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22125_none_152448f4cc19bcdc\winsrv.dll
[2013-04-22 03:25][2012-10-04 09:43] 000215040 _____ (Microsoft Corporation) CC44EBC3E04E76AABE19EB4A16663E4A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22091_none_14d49672cc561df0\winsrv.dll
[2012-10-10 06:20][2012-08-20 10:27] 000215040 _____ (Microsoft Corporation) 111AFE35DD2D423EE8E176CA7B2BBDC7

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll
[2011-10-17 19:54][2011-10-17 19:54] 000214528 _____ (Microsoft Corporation) C13D05A015346DED3D722BE285814495

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_151c9c12cc1efa1b\winsrv.dll
[2011-10-17 19:50][2011-10-17 19:50] 000214528 _____ (Microsoft Corporation) 5AA1C7B5F471C4657BE38447BC397665

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_15276bfecc16de2a\winsrv.dll
[2011-10-17 19:50][2011-10-17 19:50] 000214528 _____ (Microsoft Corporation) 1A589228B6DC007120F877DBBD6CB79D

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19160_none_146a5625b32124eb\winsrv.dll
[2016-03-11 19:19][2016-02-11 10:49] 000215040 _____ (Microsoft Corporation) DE4812AB2E6926D0FF2423F3B774585A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19135_none_148fc75bb3044fcb\winsrv.dll
[2016-02-20 20:57][2016-01-21 22:20] 000215040 _____ (Microsoft Corporation) 96AEEE466EA56AF34AE4AD5E55DAD164

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19131_none_148bc633b307ea6f\winsrv.dll
[2016-02-20 20:58][2016-01-16 11:03] 000215040 _____ (Microsoft Corporation) 5D47F5EFC5D88116D71BA72B1D1BE118

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19110_none_14a065c1b2f89936\winsrv.dll
[2016-01-17 02:50][2015-12-30 11:02] 000215040 _____ (Microsoft Corporation) CE14A4BBF890A7D4C898CF886D145EC9

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19045_none_1484f589b30c6e95\winsrv.dll
[2015-11-28 23:26][2015-10-19 17:06] 000215040 _____ (Microsoft Corporation) FF41063E45C6238CAF48CBE6D0D6FC4B

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19018_none_14a8662bb2f166c7\winsrv.dll
[2015-10-14 05:02][2015-09-28 19:11] 000215040 _____ (Microsoft Corporation) 4AD1C61152A0199E3D7F9A82C07AC629

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18939_none_1493ee7bb30084be\winsrv.dll
[2015-09-10 07:47][2015-07-22 16:03] 000215040 _____ (Microsoft Corporation) 8927015C999D55D9B4AC66000EE5343D

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18933_none_148decbfb305ecb4\winsrv.dll
[2015-09-07 21:32][2015-07-15 10:11] 000215040 _____ (Microsoft Corporation) E80CA72FA43BF258E72C408CEF9839BE

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18923_none_1498bcabb2fdd0c3\winsrv.dll
[2015-09-07 21:31][2015-07-14 19:20] 000215040 _____ (Microsoft Corporation) C5A10C9C75F8A51AD20ED0E2EC4C82A4

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18869_none_14737cd1b318db6a\winsrv.dll
[2015-06-11 06:51][2015-05-25 10:19] 000215040 _____ (Microsoft Corporation) 2313AF8D5A9CEB4A55400A01DD311A95

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18839_none_1493ec95b3008797\winsrv.dll
[2015-05-12 21:41][2015-04-27 11:23] 000215040 _____ (Microsoft Corporation) D17DD01601460F5899E5C154B3FD0BFA

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18798_none_14520addb33218bf\winsrv.dll
[2015-04-14 15:29][2015-03-16 21:16] 000215040 _____ (Microsoft Corporation) EA32F4EA3AE06EDD122FBCD5A489E457

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18229_none_149eb11db2f87cbc\winsrv.dll
[2013-09-11 22:25][2013-08-01 18:14] 000215040 _____ (Microsoft Corporation) 88EDD0B34EED542745931E581AD21A32

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_14830bbdb30e2246\winsrv.dll
[2013-04-26 16:34][2013-01-03 21:46] 000215040 _____ (Microsoft Corporation) 0C27239FEA4DB8A2AAC9E502186B7264

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18015_none_14a57c15b2f40121\winsrv.dll
[2013-04-22 03:21][2012-11-29 21:45] 000215040 _____ (Microsoft Corporation) 9E479C2B605C25DA4971ABA36250FAEF

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17965_none_146f9457b31c5994\winsrv.dll
[2013-04-22 03:25][2012-10-04 09:45] 000215040 _____ (Microsoft Corporation) 72CC564BBC70DE268784BCE91EB8A28F

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17932_none_148d033db306b9bc\winsrv.dll
[2012-10-10 06:20][2012-08-20 10:48] 000215040 _____ (Microsoft Corporation) F46BBAAC1C4980F4D0DD463F190A42D3

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll
[2011-10-17 19:54][2011-10-17 19:54] 000214528 _____ (Microsoft Corporation) EB6A48CC998E1090E44E8E7F1009A640

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_149ace55b2fbf25b\winsrv.dll
[2011-10-17 19:50][2011-10-17 19:50] 000214528 _____ (Microsoft Corporation) 9F761CE1C6C013120B2F0DB27D48C06F

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_14a79ed5b2f20918\winsrv.dll
[2011-10-17 19:50][2011-10-17 19:50] 000214528 _____ (Microsoft Corporation) 3A8135A7DED2FA0DAD3BDE1B14865A8A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2011-02-18 11:49][2010-11-20 05:27] 000214016 _____ (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21416_none_1349be0aceea4b7d\winsrv.dll
[2013-04-26 16:34][2013-01-04 06:18] 000215040 _____ (Microsoft Corporation) 7BAEFACB8C5048465B7E3D354554DA70

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21386_none_12fe0cb0cf2311ed\winsrv.dll
[2013-04-22 03:21][2012-11-29 21:43] 000215040 _____ (Microsoft Corporation) B0F0F844BB3BA4C25837310FD0909BFD

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21335_none_13331c02cefb6ce1\winsrv.dll
[2013-04-22 03:25][2012-10-04 09:35] 000215040 _____ (Microsoft Corporation) 7C17C4AACC79E619E6A4131F51588ED3

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.21306_none_13548c10cee23265\winsrv.dll
[2012-10-10 06:20][2012-08-20 11:06] 000215040 _____ (Microsoft Corporation) 0E83424D4CEC0665A3A916AD6B261E53

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_12f25ea6cf2be9d0\winsrv.dll
[2011-10-17 19:54][2011-10-17 19:54] 000214528 _____ (Microsoft Corporation) 6D408ABD60A995A2DAB4BAAE38BCA04F

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20978_none_130aff5ccf18fdf3\winsrv.dll
[2011-10-17 19:50][2011-10-17 19:50] 000214528 _____ (Microsoft Corporation) 55917E3ABDDC20D0AAEAC49F5CE67462

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17206_none_12caef45b5c4929b\winsrv.dll
[2013-04-26 16:34][2013-01-03 21:36] 000215040 _____ (Microsoft Corporation) 3FB74FF230B5D240A57AE1C4A3D0459D

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17179_none_12823ec9b5faa510\winsrv.dll
[2013-04-22 03:21][2012-11-29 21:49] 000215040 _____ (Microsoft Corporation) C4C551E6AB333C0EB812A3A4672E89DB

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17135_none_12a97d51b5ddcff0\winsrv.dll
[2013-04-22 03:25][2012-10-04 09:38] 000215040 _____ (Microsoft Corporation) 4343295C52C8B1ADD906F1A37B940AA1

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.17107_none_12cbeda9b5c3aecb\winsrv.dll
[2012-10-10 06:20][2012-08-18 07:42] 000215040 _____ (Microsoft Corporation) 79CDA06F75AD5373DD447F57575C4400

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_128f0019b5f25b8f\winsrv.dll
[2011-10-17 19:54][2011-10-17 19:54] 000214528 _____ (Microsoft Corporation) 0CB6EBF4B461A6043353C570BD72A1E1

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16823_none_12b270bbb5d753c1\winsrv.dll
[2011-10-17 19:50][2011-10-17 19:50] 000214528 _____ (Microsoft Corporation) DE09FA38A6544829F012B9531C18454F

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16816_none_12c04185b5cc83d5\winsrv.dll
[2011-10-17 19:50][2011-10-17 19:50] 000214528 _____ (Microsoft Corporation) 3739AA2F57FE492EA976E20C56CDF2F4

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll
[2009-07-13 15:38][2009-07-13 17:41] 000214016 _____ (Microsoft Corporation) 457B44AB6D502E55F64A867D4F35C76C

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.23453_none_e7c00c697e579911\wuaueng.dll
[2017-09-20 04:20][2016-05-13 13:55] 002607104 _____ (Microsoft Corporation) 31F32E0C1A8BA9A37EEC23DE5F27F847

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19161_none_e7299b526543e83c\wuaueng.dll
[2016-03-11 19:22][2016-02-12 10:22] 002610688 _____ (Microsoft Corporation) 86F11B85102AFA6A1A6101DCE2F09386

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19116_none_e764ac606516db3a\wuaueng.dll
[2016-02-20 21:01][2016-01-11 10:26] 002610176 _____ (Microsoft Corporation) 3D4032E6A5885C007AEF4BA816AB4032

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19077_none_e724cb3c65469f10\wuaueng.dll
[2015-12-10 05:56][2015-11-20 10:54] 002609152 _____ (Microsoft Corporation) 6075791ED85E47A2A2916B1F34582944

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19046_none_e7443ab6652f31e6\wuaueng.dll
[2015-11-28 23:28][2015-10-20 10:42] 002608128 _____ (Microsoft Corporation) 361845875ED8ED13086E7F37265C45DA

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19016_none_e764aa7a6516de13\wuaueng.dll
[2015-10-14 05:03][2015-09-25 10:07] 002607104 _____ (Microsoft Corporation) 291778E1A36716182AFBC1731B2DFEAB

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18979_none_e726f3ae65449e7c\wuaueng.dll
[2015-09-10 07:46][2015-08-26 10:07] 002606080 _____ (Microsoft Corporation) 39D604E190DFE2E483B637D6796ABAFF

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18937_none_e75032ca6525fc0a\wuaueng.dll
[2015-09-07 21:03][2015-07-20 10:12] 002606080 _____ (Microsoft Corporation) 499034D7F1F6AF49F9EE12F8822793CB

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18917_none_e765d2a26515c428\wuaueng.dll
[2015-07-18 10:09][2015-07-09 09:58] 002603008 _____ (Microsoft Corporation) AA3E844A2595B1AA5825C70CA50D963E

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18804_none_e76d9fca65105f0b\wuaueng.dll
[2015-04-14 15:29][2015-03-24 19:24] 002553856 _____ (Microsoft Corporation) 0814A74C853F50B354F08F83DDA9F7FB

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_d5f64d30518fd000\wuaueng.dll
[2014-08-20 16:06][2014-05-14 08:23] 002477536 _____ (Microsoft Corporation) 61FF576450CCC80564B850BC3FB6713A

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuaueng.dll
[2012-06-21 05:26][2012-06-02 14:19] 002428952 _____ (Microsoft Corporation) D9EF901DCA379CFE914E9FA13B73B4C4

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuaueng.dll
[2011-02-18 11:49][2010-11-20 05:27] 002420736 _____ (Microsoft Corporation) 9DF12EDBC698B0BC353B3EF84861E430

C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll
[2009-07-13 16:36][2009-07-13 17:41] 002418176 _____ (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.23452_none_1b825b282b59d33d\oleaut32.dll
[2017-09-20 04:20][2016-05-12 09:14] 000862208 _____ (Microsoft Corporation) 6209E8DB0358CFD100C8932ED9A6FAF2

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.23344_none_1b8f29c22b4fecd3\oleaut32.dll
[2016-03-11 19:21][2016-02-03 11:12] 000862208 _____ (Microsoft Corporation) A0A9912FA837F20DF08B1C1F4C523B3F

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.22886_none_1b660aec2b6e6767\oleaut32.dll
[2015-02-11 19:46][2014-11-25 20:17] 000861696 _____ (Microsoft Corporation) 9B7A44CF51E54D903A74A4E2C8C532F3

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.22846_none_1b914a9c2b4df7a3\oleaut32.dll
[2014-11-13 04:02][2014-10-17 18:03] 000861696 _____ (Microsoft Corporation) 0D732306DC2A586D2FCAA97C530F542F

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21802_none_1bb89fec2b3108e2\oleaut32.dll
[2012-04-10 07:35][2011-08-26 21:32] 000861696 _____ (Microsoft Corporation) 3FF788A8B5A1AEDDEEB668E192804A22

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21669_none_1b7ebe9e2b5b679b\oleaut32.dll
[2011-10-17 19:46][2011-10-17 19:46] 000861696 _____ (Microsoft Corporation) 437BA31239626D89CFC09C895017B788

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.19144_none_1b058b1112324fe2\oleaut32.dll
[2016-03-11 19:21][2016-02-03 10:58] 000862208 _____ (Microsoft Corporation) B429BEF73402E8D2B2731ECA08D6195F

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.18679_none_1aea3d051245fa8a\oleaut32.dll
[2015-02-11 19:46][2014-11-25 19:53] 000861696 _____ (Microsoft Corporation) AE4FEDD98096C09A8A86E021FC5E9D67

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.18640_none_1b01aa2f1235c2a8\oleaut32.dll
[2014-11-13 04:02][2014-10-17 18:05] 000861696 _____ (Microsoft Corporation) B938AF16A521C913791C6F7AFF032757

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17676_none_1ae752ef124894e4\oleaut32.dll
[2012-04-10 07:35][2011-08-26 21:37] 000861696 _____ (Microsoft Corporation) C06B32165E23A72A898B7A89679AD754

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17567_none_1af3213f123f9523\oleaut32.dll
[2011-10-17 19:46][2011-10-17 19:46] 000861696 _____ (Microsoft Corporation) 628E31A35C9FEB92CB11133497603ECE

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17514_none_1b262ffd1219bd69\oleaut32.dll
[2011-02-18 11:49][2010-11-20 05:27] 000861696 _____ (Microsoft Corporation) 42F05F980F164E084DB65B2E8CD8430F

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.21036_none_19b5aa862e1f8c40\oleaut32.dll
[2012-04-10 07:35][2011-08-26 21:41] 000861184 _____ (Microsoft Corporation) 1FD44975AAD8267F483B3F7EDB200496

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.20861_none_19905f482e3c30f7\oleaut32.dll
[2011-10-17 19:46][2011-10-17 19:46] 000861184 _____ (Microsoft Corporation) AA0F564958C66A7E37D68C009AA7A25D

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16872_none_18fcf4c11525c39c\oleaut32.dll
[2012-04-10 07:35][2011-08-26 21:40] 000861184 _____ (Microsoft Corporation) 2A46451EE42BCD2C842D8AA4923FAC16

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16722_none_1933027714fd3ac0\oleaut32.dll
[2011-10-17 19:46][2011-10-17 19:46] 000861184 _____ (Microsoft Corporation) 8F6C92F275CB489D4EC28C3CB419485D

C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16385_none_18f51c35152b39cf\oleaut32.dll
[2009-07-13 15:59][2009-07-13 17:41] 000861184 _____ (Microsoft Corporation) 2EC1645863B2C0598227D99C13E231DB

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23539_none_f25cb99f86149f69\kernel32.dll
[2017-09-20 04:20][2016-09-02 07:30] 001163264 _____ (Microsoft Corporation) C9805CDE0B275E7554F9023497169B9B

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23418_none_f271574786055109\kernel32.dll
[2016-05-16 01:11][2016-04-08 22:57] 001163264 _____ (Microsoft Corporation) ACEDF96749861DB3DA92AE9B9D94FE72

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23392_none_f214d445864b9b60\kernel32.dll
[2016-04-24 22:38][2016-03-17 14:53] 001163264 _____ (Microsoft Corporation) B46D03BABD31B23E6FCB226CB22D4D6B

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23391_none_f213d3fb864c8209\kernel32.dll
[2016-04-24 22:39][2016-03-16 10:48] 001163264 _____ (Microsoft Corporation) 97027CD66BA95E4C832600EE57F97241

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23349_none_f251e5e7861cc10c\kernel32.dll
[2016-03-11 19:19][2016-02-10 10:51] 001163264 _____ (Microsoft Corporation) 10F0BAFDBB4C0D4B73D135AD65562938

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23338_none_f25bb58986158bc4\kernel32.dll
[2016-02-20 20:57][2016-01-21 22:28] 001164288 _____ (Microsoft Corporation) 57194C298622069B98BC40FD80A2BEFF

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23334_none_f257b46186192668\kernel32.dll
[2016-02-20 20:58][2016-01-16 16:30] 001163264 _____ (Microsoft Corporation) 09421707EE6879FBAF337184C3279117

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23313_none_f26c53ef8609d52f\kernel32.dll
[2016-01-17 02:50][2015-12-30 11:09] 001163264 _____ (Microsoft Corporation) FF40A21D0127E86406C4E62924BE85CA

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_f23e117b862cfbc7\kernel32.dll
[2015-11-28 23:26][2015-10-19 17:11] 001166336 _____ (Microsoft Corporation) C86A77F9C93B7E04E4044B1D12E4E085

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23226_none_f26482fb860f3ffe\kernel32.dll
[2015-10-14 05:02][2015-10-01 10:06] 001166336 _____ (Microsoft Corporation) 2E52D789C4B17017556ED45D771DA5EB

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23223_none_f261821d8611f3f9\kernel32.dll
[2015-10-14 05:02][2015-09-28 10:16] 001166336 _____ (Microsoft Corporation) FA37233F148A06C9995854B890DEACBD

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23153_none_f2411073862a4aa5\kernel32.dll
[2015-09-10 07:46][2015-08-04 10:12] 001164288 _____ (Microsoft Corporation) E58CB7F258EDD938CEC4CFE44ABEC764

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_f24ae0158623155d\kernel32.dll
[2015-09-10 07:47][2015-07-22 14:03] 001164288 _____ (Microsoft Corporation) 313D319AB74D0218F44CC66BE393E38A

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8\kernel32.dll
[2015-09-07 21:32][2015-07-15 10:09] 001164288 _____ (Microsoft Corporation) A3A71E4BEE2BA121C969B39AD1EB30FC

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7\kernel32.dll
[2015-09-07 21:31][2015-07-14 19:20] 001164288 _____ (Microsoft Corporation) 093861BB2A36B95CE824683714737CAD

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_f22a6e6b863b6c09\kernel32.dll
[2015-06-11 06:51][2015-05-25 10:22] 001163776 _____ (Microsoft Corporation) 3A2E4CB43CC4AE0195F686146ADCAD3D

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_f248dd9b8624e588\kernel32.dll
[2015-05-12 21:41][2015-04-27 11:17] 001163776 _____ (Microsoft Corporation) 2A782D0DD0C53C8B0A0A2318EBBCEC5D

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_f2761ddf8602a872\kernel32.dll
[2015-04-14 15:29][2015-03-16 21:11] 001164800 _____ (Microsoft Corporation) 36F241A637A424A75C98926189115502

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_f24130b9862a22c7\kernel32.dll
[2014-05-13 19:46][2014-04-11 18:32] 001164800 _____ (Microsoft Corporation) 77BBBF70BCE286CD19E1E68F248363FA

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_f26f71478606ff08\kernel32.dll
[2014-04-08 16:51][2014-03-04 03:08] 001164800 _____ (Microsoft Corporation) 52E77DC8E31C89FBB1E968699C8121C5

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_f259cda386173c9c\kernel32.dll
[2013-10-09 15:33][2013-08-28 18:19] 001162240 _____ (Microsoft Corporation) 786D234A90FCAC72633AE6FC52653A49

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_f26a6c09860b8607\kernel32.dll
[2013-09-11 22:25][2013-08-01 22:22] 001162240 _____ (Microsoft Corporation) C525D51A79B01342344F02E38866CF60

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22379_none_f2318ceb8634fb3e\kernel32.dll
[2013-08-14 05:28][2013-07-07 21:14] 001162240 _____ (Microsoft Corporation) 38E54D419A2962E24D35D868E4724AE7

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_f27d3a7985fc3a80\kernel32.dll
[2013-04-26 16:34][2013-01-03 21:36] 001162240 _____ (Microsoft Corporation) B844114B247D8EF1E5E4E93A282D2E6F

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42\kernel32.dll
[2013-04-22 03:21][2012-11-29 21:52] 001163264 _____ (Microsoft Corporation) B3BEA6420D482356E53B7C728E05C637

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_f263979386100fdf\kernel32.dll
[2013-04-22 03:25][2012-10-04 09:37] 001162240 _____ (Microsoft Corporation) F3C594D0DA3ACFA6C7B781A490AB4282

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_f213e511864c70f3\kernel32.dll
[2012-10-10 06:20][2012-08-20 10:24] 001163264 _____ (Microsoft Corporation) 624B34180C79D67C470C155DB81FFB8E

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2011-10-17 19:54][2011-10-17 19:54] 001163264 _____ (Microsoft Corporation) 27AC02D8EE4C02E7648C41CB880151DA

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[2011-10-17 19:50][2011-10-17 19:50] 001163264 _____ (Microsoft Corporation) 6743E8705A96FCBF71279B5AE2CCFDBC

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19160_none_f1a9a4c46d1777ee\kernel32.dll
[2016-03-11 19:20][2016-02-11 10:44] 001163264 _____ (Microsoft Corporation) 4E3E2F8EA0920FC793634479866C5198

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19135_none_f1cf15fa6cfaa2ce\kernel32.dll
[2016-02-20 20:57][2016-01-21 22:15] 001163264 _____ (Microsoft Corporation) 0547E50F916294862FDAF11A4D701547

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19131_none_f1cb14d26cfe3d72\kernel32.dll
[2016-02-20 20:58][2016-01-16 10:58] 001163264 _____ (Microsoft Corporation) 8EC342039B7C4B5E596147EC1F4B9051

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19110_none_f1dfb4606ceeec39\kernel32.dll
[2016-01-17 02:50][2015-12-30 10:57] 001163264 _____ (Microsoft Corporation) FE0C67D8D5D54F37B3A92E129A15C03A

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_f1c444286d02c198\kernel32.dll
[2015-11-28 23:26][2015-10-19 17:05] 001164800 _____ (Microsoft Corporation) 386BF677B78B66AABBA92C0FCA0579A6

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19018_none_f1e7b4ca6ce7b9ca\kernel32.dll
[2015-10-14 05:02][2015-09-28 19:10] 001164800 _____ (Microsoft Corporation) 11C18D613F66CB5CE829B821599ED339

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_f1d33d1a6cf6d7c1\kernel32.dll
[2015-09-10 07:47][2015-07-22 16:02] 001163264 _____ (Microsoft Corporation) 9C261AB78DE420AA52FC08D69FD5745D

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_f1cd3b5e6cfc3fb7\kernel32.dll
[2015-09-07 21:32][2015-07-15 10:10] 001163264 _____ (Microsoft Corporation) 72585BDAF2EC5237EBD71D540657D6A2

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_f1d80b4a6cf423c6\kernel32.dll
[2015-09-07 21:31][2015-07-14 19:19] 001163264 _____ (Microsoft Corporation) 9D0A88DF1CCB89596DDB876093CD16A4

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_f1b2cb706d0f2e6d\kernel32.dll
[2015-06-11 06:51][2015-05-25 10:19] 001162752 _____ (Microsoft Corporation) 6FDF03A3B110C5264F52F979335AE301

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_f1d33b346cf6da9a\kernel32.dll
[2015-05-12 21:41][2015-04-27 11:23] 001162752 _____ (Microsoft Corporation) 1C9F2F4A2C603739BD8CC8C64310AFD7

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18798_none_f191597c6d286bc2\kernel32.dll
[2015-04-14 15:29][2015-03-16 21:16] 001163264 _____ (Microsoft Corporation) E75074EFBE3C24FBC95C7C1985E08FDE

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_f1f3a3606cde922b\kernel32.dll
[2014-04-08 16:51][2014-03-04 01:44] 001163264 _____ (Microsoft Corporation) D2A513EE880D71BDE7F0257F38B9D019

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_f1ddffbc6ceecfbf\kernel32.dll
[2013-09-11 22:25][2013-08-01 18:13] 001161216 _____ (Microsoft Corporation) D8973E71F1B35CD3F3DEA7C12D49D0F0

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_f1e4cab46cea5424\kernel32.dll
[2013-04-22 03:21][2012-11-29 21:41] 001161216 _____ (Microsoft Corporation) 65C113214F7B05820F6D8A65B1485196

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_f1aee2f66d12ac97\kernel32.dll
[2013-04-22 03:25][2012-10-04 09:41] 001161216 _____ (Microsoft Corporation) 1DC3504CA4C57900F1557E9A3F01D272

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_f1cc51dc6cfd0cbf\kernel32.dll
[2012-10-10 06:20][2012-08-20 10:48] 001162240 _____ (Microsoft Corporation) EAF41CFBA5281834CBC383C710AC7965

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011-10-17 19:54][2011-10-17 19:54] 001162752 _____ (Microsoft Corporation) B9B42A302325537D7B9DC52D47F33A73

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[2011-10-17 19:50][2011-10-17 19:50] 001162752 _____ (Microsoft Corporation) 0E1B2E16235AA7F89F064EE75DFC905E

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2011-02-18 11:49][2010-11-20 05:26] 001161216 _____ (Microsoft Corporation) 7A6326D96D53048FDEC542DF23D875A0

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21416_none_f0890ca988e09e80\kernel32.dll
[2013-04-26 16:34][2013-01-04 06:14] 001162752 _____ (Microsoft Corporation) 9DD828EFBD17246275E8A74D58E836AC

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21386_none_f03d5b4f891964f0\kernel32.dll
[2013-04-22 03:21][2012-11-29 21:38] 001162752 _____ (Microsoft Corporation) B6B1AB98BA656BA1D8E0CA03F59DED51

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_f0726aa188f1bfe4\kernel32.dll
[2013-04-22 03:25][2012-10-04 09:29] 001162752 _____ (Microsoft Corporation) 6EED0D77C20137948979EA47360A890B

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21306_none_f093daaf88d88568\kernel32.dll
[2012-10-10 06:20][2012-08-20 11:02] 001163776 _____ (Microsoft Corporation) 1BDA5DB0C493B390C2DFD09139140DE1

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
[2011-10-17 19:54][2011-10-17 19:54] 001162240 _____ (Microsoft Corporation) 06835B46D9676BEDD80AF25ACF6845FD

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll
[2011-10-17 19:50][2011-10-17 19:50] 001162240 _____ (Microsoft Corporation) 8225958BAC83EAFCDB6BAB6EE5EDF6E6

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17206_none_f00a3de46fbae59e\kernel32.dll
[2013-04-26 16:34][2013-01-03 21:30] 001161216 _____ (Microsoft Corporation) 43DB3433F141F01E53D1C5AA0F434098

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17179_none_efc18d686ff0f813\kernel32.dll
[2013-04-22 03:21][2012-11-29 21:43] 001161216 _____ (Microsoft Corporation) E3BC37881D92EB59EE0BA3B854A54D1E

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_efe8cbf06fd422f3\kernel32.dll
[2013-04-22 03:25][2012-10-04 09:32] 001161216 _____ (Microsoft Corporation) 1DDCACAB8DA5399E5521051923016B18

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17107_none_f00b3c486fba01ce\kernel32.dll
[2012-10-10 06:20][2012-08-18 07:37] 001162240 _____ (Microsoft Corporation) 8E7F88A62E1AA28F15C0D6784E4C78B6

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll
[2011-10-17 19:54][2011-10-17 19:54] 001162240 _____ (Microsoft Corporation) DDBD24DC04DA5FD0EDF45CF72B7C01E2

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll
[2011-10-17 19:50][2011-10-17 19:50] 001162240 _____ (Microsoft Corporation) 98DA1B7572DAD6BA10296E0DF0950B37

C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009-07-13 15:28][2009-07-13 17:41] 001162240 _____ (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23539_none_b5eae4a9e1f062c1\appid.sys
[2017-09-20 04:20][2016-09-02 07:02] 000062464 _____ (Microsoft Corporation) 52F8C264D3BF90D2726FDE6642A381D4

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23539_none_b5eae4a9e1f062c1\appidsvc.dll
[2017-09-20 04:20][2016-09-02 07:30] 000034816 _____ (Microsoft Corporation) 2C49C5C911D1BE2A815BC183C0B2FED1

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23418_none_b5ff8251e1e11461\appid.sys
[2016-05-16 01:11][2016-04-08 21:52] 000062464 _____ (Microsoft Corporation) 6474F8823C7188D2DA579F01FB6CED6B

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23418_none_b5ff8251e1e11461\appidsvc.dll
[2016-05-16 01:11][2016-04-08 22:57] 000034816 _____ (Microsoft Corporation) 8F58BA1F7772D6D7CE45F03309608001

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23392_none_b5a2ff4fe2275eb8\appid.sys
[2016-04-24 22:38][2016-03-17 13:52] 000062464 _____ (Microsoft Corporation) A9FB80B0BBA6F765F4E691B7AD4963A7

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23392_none_b5a2ff4fe2275eb8\appidsvc.dll
[2016-04-24 22:38][2016-03-17 14:50] 000034816 _____ (Microsoft Corporation) C47B6624AF9AEE4146743DCB133A159D

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23391_none_b5a1ff05e2284561\appid.sys
[2016-04-24 22:39][2016-03-16 09:49] 000062464 _____ (Microsoft Corporation) CDB8DFAF0506B9AF2D2655056DD2B5F2

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23391_none_b5a1ff05e2284561\appidsvc.dll
[2016-04-24 22:39][2016-03-16 10:44] 000034816 _____ (Microsoft Corporation) AF16177F2E06CF1D1568319AC09AC618

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23349_none_b5e010f1e1f88464\appid.sys
[2016-03-11 19:19][2016-02-10 09:55] 000062464 _____ (Microsoft Corporation) 0E09A65AEE931E2CA6710EFF45382CD3

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23349_none_b5e010f1e1f88464\appidsvc.dll
[2016-03-11 19:19][2016-02-10 10:48] 000034816 _____ (Microsoft Corporation) 93BF2077420E50FBEED972982563007E

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23338_none_b5e9e093e1f14f1c\appid.sys
[2016-02-20 20:57][2016-01-21 21:19] 000062464 _____ (Microsoft Corporation) 6CE9D6139738CC9467466103442C1790

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23338_none_b5e9e093e1f14f1c\appidsvc.dll
[2016-02-20 20:57][2016-01-21 22:28] 000034816 _____ (Microsoft Corporation) B9EB64A883E02D0422C3248CC194CC9D

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23334_none_b5e5df6be1f4e9c0\appid.sys
[2016-02-20 20:58][2016-01-16 15:33] 000062464 _____ (Microsoft Corporation) 76B803198935673B6DB4ADD75F4121BB

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23334_none_b5e5df6be1f4e9c0\appidsvc.dll
[2016-02-20 20:58][2016-01-16 16:28] 000034816 _____ (Microsoft Corporation) 2C4AC54928F6B26373147D4CA512DF3B

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23313_none_b5fa7ef9e1e59887\appid.sys
[2016-01-17 02:50][2015-12-30 10:07] 000062464 _____ (Microsoft Corporation) 2B488366F4492BDF8F586CA0B27DAE46

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23313_none_b5fa7ef9e1e59887\appidsvc.dll
[2016-01-17 02:50][2015-12-30 11:06] 000034816 _____ (Microsoft Corporation) 4F185BC45DAE5E9679C0277947A2821B

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23250_none_b5cc3c85e208bf1f\appid.sys
[2015-11-28 23:26][2015-10-19 16:05] 000062464 _____ (Microsoft Corporation) 5A7AFF643BCEA8F8F3A29F207B2FEECD

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23250_none_b5cc3c85e208bf1f\appidsvc.dll
[2015-11-28 23:26][2015-10-19 17:11] 000034816 _____ (Microsoft Corporation) E73DBF7637CECC5B4EB9DA1FC7309242

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23226_none_b5f2ae05e1eb0356\appid.sys
[2015-10-14 05:01][2015-10-01 09:02] 000062464 _____ (Microsoft Corporation) 8F30904399B706B46970E4310EF060CD

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23226_none_b5f2ae05e1eb0356\appidsvc.dll
[2015-10-14 05:01][2015-10-01 10:06] 000034816 _____ (Microsoft Corporation) 31C5911ABCE617EA32EDF042C7A8CEBF

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23223_none_b5efad27e1edb751\appid.sys
[2015-10-14 05:02][2015-09-28 09:08] 000062464 _____ (Microsoft Corporation) 1D56B608F2E47568EEA1E02E98FE887C

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23223_none_b5efad27e1edb751\appidsvc.dll
[2015-10-14 05:02][2015-09-28 10:16] 000034816 _____ (Microsoft Corporation) 539D935DDBF1041051D886DA014D9280

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_b5cf3b7de2060dfd\appid.sys
[2015-09-10 07:46][2015-08-04 09:09] 000062464 _____ (Microsoft Corporation) 0BBAEE2BBDE712C4BBD9F128C2BE1AD3

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23153_none_b5cf3b7de2060dfd\appidsvc.dll
[2015-09-10 07:46][2015-08-04 10:12] 000034816 _____ (Microsoft Corporation) 66C9D0B357D30DA3155044168845013A

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appid.sys
[2015-09-10 07:47][2015-07-22 12:51] 000062464 _____ (Microsoft Corporation) 4247A8ADCC3D11ABC42509A699658BF0

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23142_none_b5d90b1fe1fed8b5\appidsvc.dll
[2015-09-10 07:47][2015-07-22 14:03] 000034304 _____ (Microsoft Corporation) 288B69259D261CB25F799D4739690D4D

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220\appid.sys
[2015-09-07 21:32][2015-07-15 09:10] 000062464 _____ (Microsoft Corporation) 107838FE607651D092944F3F1525BEF2

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23136_none_b5e7dc33e1f32220\appidsvc.dll
[2015-09-07 21:32][2015-07-15 10:09] 000034304 _____ (Microsoft Corporation) 20D94847712A5A30451824902FE28C1B

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23126_none_b5f2ac1fe1eb062f\appid.sys
[2015-09-07 21:31][2015-07-14 18:16] 000062464 _____ (Microsoft Corporation) 8FE151D470E8721E3588D5977985421F

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23126_none_b5f2ac1fe1eb062f\appidsvc.dll
[2015-09-07 21:31][2015-07-14 19:19] 000034304 _____ (Microsoft Corporation) 578B1B015802D43C5E48D55ABA320809

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23072_none_b5b89975e2172f61\appid.sys
[2015-06-11 06:51][2015-05-25 09:15] 000062464 _____ (Microsoft Corporation) FD4C75719AEB09C938E12291496FF25E

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23072_none_b5b89975e2172f61\appidsvc.dll
[2015-06-11 06:51][2015-05-25 10:21] 000034304 _____ (Microsoft Corporation) 6A5B942C2B39F7FB678878E54B47E4E5

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appid.sys
[2015-05-12 21:41][2015-04-27 10:14] 000062464 _____ (Microsoft Corporation) 5355B9542D9058CAF2A9918A77776F16

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23040_none_b5d708a5e200a8e0\appidsvc.dll
[2015-05-12 21:41][2015-04-27 11:17] 000034304 _____ (Microsoft Corporation) F626A07F8ED8C8C24CB7B3205A2D2563

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23002_none_b60448e9e1de6bca\appid.sys
[2015-04-14 15:29][2015-03-16 20:06] 000062464 _____ (Microsoft Corporation) 9349B18206E92E299EAD99B58F2DB176

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23002_none_b60448e9e1de6bca\appidsvc.dll
[2015-04-14 15:29][2015-03-16 21:11] 000034304 _____ (Microsoft Corporation) CE61F6B7DE71F16D9ABE5B51CF981270

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056\appid.sys
[2015-03-11 05:52][2015-02-02 18:35] 000062464 _____ (Microsoft Corporation) 02D4DE040DA056068F5D275445CE336A

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22948_none_b5df32d3e1f94056\appidsvc.dll
[2015-03-11 05:52][2015-02-02 19:50] 000034304 _____ (Microsoft Corporation) A14B9A51587AACB37EAE5CD29C862C78

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_b5efd139e1ed89c1\appid.sys
[2015-01-13 17:32][2014-07-06 17:04] 000062464 _____ (Microsoft Corporation) E1D50C4B23B1DD2D5B97DAE215A400C9

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22923_none_b5efd139e1ed89c1\appidsvc.dll
[2015-01-13 17:32][2014-07-06 18:06] 000034304 _____ (Microsoft Corporation) EA673696AA352A0D87091C794C69C407

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22921_none_b5edd0a5e1ef5713\appid.sys
[2015-01-13 17:32][2014-07-06 17:04] 000062464 _____ (Microsoft Corporation) E1D50C4B23B1DD2D5B97DAE215A400C9

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22921_none_b5edd0a5e1ef5713\appidsvc.dll
[2015-01-13 17:32][2014-07-06 18:06] 000034304 _____ (Microsoft Corporation) EA673696AA352A0D87091C794C69C407

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22908_none_b60a7283e1d8d092\appid.sys
[2015-01-13 17:32][2014-07-06 17:04] 000062464 _____ (Microsoft Corporation) E1D50C4B23B1DD2D5B97DAE215A400C9

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22908_none_b60a7283e1d8d092\appidsvc.dll
[2015-01-13 17:32][2014-07-06 18:06] 000034304 _____ (Microsoft Corporation) EA673696AA352A0D87091C794C69C407

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f\appid.sys
[2014-05-13 19:46][2014-04-11 17:34] 000061952 _____ (Microsoft Corporation) D6934D14EDAEC74F47C8C6A8026ADA01

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22653_none_b5cf5bc3e205e61f\appidsvc.dll
[2014-05-13 19:46][2014-04-11 18:31] 000034304 _____ (Microsoft Corporation) A66E46C7C869B195EBB2D8F00A210B75

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appid.sys
[2013-10-09 15:33][2013-08-28 17:22] 000061952 _____ (Microsoft Corporation) 9C4444FACE3B6A11C613186878A75D8E

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_b5e7f8ade1f2fff4\appidsvc.dll
[2013-10-09 15:33][2013-08-28 18:18] 000034304 _____ (Microsoft Corporation) B30533293343B79785CC00891BB776A5

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_b5f89713e1e7495f\appid.sys
[2013-09-11 22:25][2013-08-01 21:25] 000061952 _____ (Microsoft Corporation) 9A3F1546351EFA9092C3E365FB9B14CF

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_b5f89713e1e7495f\appidsvc.dll
[2013-09-11 22:25][2013-08-01 22:20] 000034304 _____ (Microsoft Corporation) 22E4B00108A1729162738CC29F9F8164

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appid.sys
[2013-08-14 05:28][2013-07-07 19:31] 000061440 _____ (Microsoft Corporation) FE1C253B40DF210E1CC29EE5A3DB53E6

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidsvc.dll
[2013-08-14 05:28][2013-07-07 21:11] 000034304 _____ (Microsoft Corporation) F9EE3FBC2A63635B94BD82C5D0824B5B

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appid.sys
[2013-04-26 16:34][2013-03-18 19:37] 000061440 _____ (Microsoft Corporation) C2C9CD15F76E0681C948BA5D5E7AC116

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_b5abe389e220f951\appidsvc.dll
[2013-04-26 16:34][2013-03-18 21:16] 000034304 _____ (Microsoft Corporation) EB13D5305577A9E47E35A96DB33B8909

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.19021_none_b5640de2c8d1e7b2\appid.sys
[2015-10-14 05:01][2015-10-01 09:00] 000061440 _____ (Microsoft Corporation) 27DABFB4A6B0140C34DBEC713469592B

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.19021_none_b5640de2c8d1e7b2\appidsvc.dll
[2015-10-14 05:01][2015-10-01 10:00] 000032768 _____ (Microsoft Corporation) ABC373B9C6275D45F17DB559408FFD1B

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_b542c5b2c8eaeeec\appid.sys
[2015-09-10 07:46][2015-08-04 08:58] 000061440 _____ (Microsoft Corporation) A0711D119BA4B48A1470C768D301013E

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18950_none_b542c5b2c8eaeeec\appidsvc.dll
[2015-09-10 07:46][2015-08-04 09:56] 000032768 _____ (Microsoft Corporation) 173C90AF5B243B4DD86F95CA154CB58A

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18741_none_b54e921cc8e1f204\appid.sys
[2015-03-11 05:52][2015-02-02 18:32] 000061440 _____ (Microsoft Corporation) 90C53BD47979FB8814F465A08B885102

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.18741_none_b54e921cc8e1f204\appidsvc.dll
[2015-03-11 05:52][2015-02-02 19:30] 000032256 _____ (Microsoft Corporation) 72D4757510FDA69D729169C00AFC211E

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appid.sys
[2011-02-18 11:49][2010-11-20 02:14] 000061440 _____ (Microsoft Corporation) 89A69C3F2F319B43379399547526D952

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appidsvc.dll
[2009-07-13 15:52][2009-07-13 17:40] 000032256 _____ (Microsoft Corporation) 0BC381A15355A3982216F7172F545DE1

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appid.sys
[2013-04-26 16:34][2013-03-18 19:57] 000061440 _____ (Microsoft Corporation) 308A886677FB0BD87F495DC95ACD8C54

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_b3bab697e502a956\appidsvc.dll
[2013-04-26 16:34][2013-03-18 21:51] 000034304 _____ (Microsoft Corporation) C0FA6F414410F70417016632DB6FEAF7

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.16385_none_b34101f2cbd852ad\appid.sys
[2009-07-13 15:52][2009-07-13 15:52] 000061440 _____ (Microsoft Corporation) 42FD751B27FA0E9C69BB39F39E409594

C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.16385_none_b34101f2cbd852ad\appidsvc.dll
[2009-07-13 15:52][2009-07-13 17:40] 000032256 _____ (Microsoft Corporation) 0BC381A15355A3982216F7172F545DE1

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23539_none_41e72608b64acf6b\advapi32.dll
[2017-09-20 04:20][2016-09-02 07:30] 000880640 _____ (Microsoft Corporation) 563CCCAF39FDB0D937D024CC5F095913

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23418_none_41fbc3b0b63b810b\advapi32.dll
[2016-05-16 01:11][2016-04-08 22:57] 000880640 _____ (Microsoft Corporation) 75EF65B6A987F360E7F6BF34814775E9

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23392_none_419f40aeb681cb62\advapi32.dll
[2016-04-24 22:38][2016-03-17 14:50] 000880640 _____ (Microsoft Corporation) B3A62D12B93A49189EA8CE51D186FC61

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23391_none_419e4064b682b20b\advapi32.dll
[2016-04-24 22:39][2016-03-16 10:44] 000880640 _____ (Microsoft Corporation) 726F1C822D767E77953FA616DC90C148

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23349_none_41dc5250b652f10e\advapi32.dll
[2016-03-11 19:19][2016-02-10 10:48] 000880640 _____ (Microsoft Corporation) 32C7DFE8F82AB380EDF591870AEA4BE4

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23338_none_41e621f2b64bbbc6\advapi32.dll
[2016-02-20 20:57][2016-01-21 22:28] 000881152 _____ (Microsoft Corporation) 3F5D85639254DF128CF8E1D9D7017F31

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23334_none_41e220cab64f566a\advapi32.dll
[2016-02-20 20:58][2016-01-16 16:28] 000880640 _____ (Microsoft Corporation) 2DDFC869B9BBFBF58BC82D182DD3F9B7

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23290_none_419d3e34b6839b8d\advapi32.dll
[2016-01-17 02:50][2015-12-08 10:58] 000879616 _____ (Microsoft Corporation) 2CE71BCFE0480F6FDF41231B21761399

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23142_none_41d54c7eb659455f\advapi32.dll
[2015-09-10 07:47][2015-07-22 14:03] 000879104 _____ (Microsoft Corporation) A3BDB6FAF3DEB2AA6956E8C13FC9AB19

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23072_none_41b4dad4b6719c0b\advapi32.dll
[2015-06-11 06:51][2015-05-25 10:21] 000879104 _____ (Microsoft Corporation) 3216F9D20B88C98A56FAD5638A3F9C73

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23040_none_41d34a04b65b158a\advapi32.dll
[2015-05-12 21:41][2015-04-27 11:17] 000879104 _____ (Microsoft Corporation) 3FF69E0EF1449D070F8E7833D009E2E5

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.22436_none_41e43a0cb64d6c9e\advapi32.dll
[2013-10-09 15:33][2013-08-28 18:18] 000878080 _____ (Microsoft Corporation) BD2379CBDCD386D27FC0AF40B01E5BD3

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.19160_none_4134112d9d4da7f0\advapi32.dll
[2016-03-11 19:19][2016-02-11 10:41] 000880128 _____ (Microsoft Corporation) 02886B176A15FFAC7DFED97E59A7B227

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.19135_none_415982639d30d2d0\advapi32.dll
[2016-02-20 20:57][2016-01-21 22:12] 000880128 _____ (Microsoft Corporation) 748F82A2222C49C3FED6D1695083716A

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.19131_none_4155813b9d346d74\advapi32.dll
[2016-02-20 20:58][2016-01-16 10:54] 000880128 _____ (Microsoft Corporation) F471A2B5BE3822E7DFFACFD79DE24BA2

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.19091_none_41149fcd9d6517f3\advapi32.dll
[2016-01-17 02:50][2015-12-08 11:07] 000879104 _____ (Microsoft Corporation) 35A6E891DF89085216F18F5B998D6CB4

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.18939_none_415da9839d2d07c3\advapi32.dll
[2015-09-10 07:47][2015-07-22 16:02] 000879104 _____ (Microsoft Corporation) C76537387488A98C6E8A70A5FF11C467

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.18869_none_413d37d99d455e6f\advapi32.dll
[2015-06-11 06:51][2015-05-25 10:18] 000879104 _____ (Microsoft Corporation) 4FFD08A01047EF6B58F6EB4E6D001A8D

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.18839_none_415da79d9d2d0a9c\advapi32.dll
[2015-05-12 21:41][2015-04-27 11:23] 000879104 _____ (Microsoft Corporation) B01B21E15671ACD3F0AD131DC4CABFC7

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.18247_none_4150cbb99d3704f5\advapi32.dll
[2013-10-09 15:33][2013-08-28 18:13] 000878080 _____ (Microsoft Corporation) 63A580C88CFAF72A92550940054569EF

C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_3f3d4351a032bf57\advapi32.dll
[2009-07-13 16:41][2009-07-13 17:40] 000877056 _____ (Microsoft Corporation) 6DF46D2BD74E3DA1B45F08F10D172732

C:\Windows\System32\igfxdev.dll
[2012-02-13 23:56][2012-02-13 23:56] 000430080 _____ (Intel Corporation) A2C7114D1D213AD752F2825443EBB899

C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_neutral_538f9608ce2f62a3\igfxdev.dll
[2011-07-11 19:29][2011-05-23 16:27] 000385024 _____ (Intel Corporation) AFFA72005414F39A1A86B8D1C9CFBE87

C:\Windows\System32\DriverStore\FileRepository\hp_ws_64.inf_amd64_neutral_c3298f7cc8931574\igfxdev.dll
[2012-02-13 23:56][2012-02-13 23:56] 000430080 _____ (Intel Corporation) A2C7114D1D213AD752F2825443EBB899

C:\Windows\SoftwareDistribution\Download\58248e41bfef33ed3af65a2b31825f81\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22943_none_b5da3161e1fdc1a3\appid.sys
[2015-03-11 05:51][2015-01-26 18:38] 000062464 _____ (Microsoft Corporation) 3DBA46945AAE6E4403172E1382840B29

C:\Windows\SoftwareDistribution\Download\58248e41bfef33ed3af65a2b31825f81\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22943_none_b5da3161e1fdc1a3\appidsvc.dll
[2015-03-11 05:51][2015-01-26 19:56] 000034304 _____ (Microsoft Corporation) 539D060FA1AEDF29EE0A06429B5BDC45

C:\eSupport\eDriver\Software\Display\Intel\HD_Graphics\Vista64_Win7_64_8.15.10.2405\Graphics\igfxdev.dll
[2011-07-11 19:29][2011-05-23 16:27] 000385024 ____N (Intel Corporation) AFFA72005414F39A1A86B8D1C9CFBE87

X:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll
[2009-07-13 15:38][2009-07-13 17:41] 000214016 _____ (Microsoft Corporation) 457B44AB6D502E55F64A867D4F35C76C

X:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16385_none_18f51c35152b39cf\oleaut32.dll
[2009-07-13 15:59][2009-07-13 17:41] 000861184 _____ (Microsoft Corporation) 2EC1645863B2C0598227D99C13E231DB

X:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009-07-13 15:28][2009-07-13 17:41] 001162240 _____ (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193

X:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_3f3d4351a032bf57\advapi32.dll
[2009-07-13 16:41][2009-07-13 17:40] 000877056 _____ (Microsoft Corporation) 6DF46D2BD74E3DA1B45F08F10D172732

X:\Windows\System32\advapi32.dll
[2009-07-13 16:41][2009-07-13 17:40] 000877056 _____ (Microsoft Corporation) 6DF46D2BD74E3DA1B45F08F10D172732

X:\Windows\System32\kernel32.dll
[2009-07-13 15:28][2009-07-13 17:41] 001162240 _____ (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193

X:\Windows\System32\oleaut32.dll
[2009-07-13 15:59][2009-07-13 17:41] 000861184 _____ (Microsoft Corporation) 2EC1645863B2C0598227D99C13E231DB

X:\Windows\System32\winsrv.dll
[2009-07-13 15:38][2009-07-13 17:41] 000214016 _____ (Microsoft Corporation) 457B44AB6D502E55F64A867D4F35C76C

====== End of Search ======

Again, thank you.



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:11 PM

Posted 28 September 2017 - 12:12 PM

Download the enclosed file.    Save it in the same location  FRST is saved in the USB. Open FRST as you did before and click on the Fix button. A Fixlog.txt report will be produced in the USB. Post it in your next reply.

 

 

Give it a try and boot in Normal Mode.

 

If unsuccessful rescan with FRST and also post the new FRST.txt log.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:11 PM

Posted 01 October 2017 - 07:00 PM

How is it doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 fvong

fvong
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 02 October 2017 - 03:01 AM

Hi JSntgRvr,

Deepest apologies as I was away from home.

I have attempted to run the fixlist.txt and it produced the following Fixlog (doesn't look like the files were all replaced/copied successfully). I also attempted to restart normally and it still did not work.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by SYSTEM (02-10-2017 17:56:09) Run:1
Running from G:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23539_none_e5c88a84fded5e35\advapi32.dll C:\Windows\SysWOW64\advapi32.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23539_none_41e72608b64acf6b\advapi32.dll C:\Windows\System32\advapi32.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23539_none_fcb163f1ba756164\kernel32.dll C:\Windows\SysWOW64\kernel32.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23539_none_f25cb99f86149f69\kernel32.dll C:\Windows\System32\kernel32.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.23452_none_25d7057a5fba9538\oleaut32.dll C:\Windows\SysWOW64\oleaut32.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.23452_none_1b825b282b59d33d\oleaut32.dll C:\Windows\System32\oleaut32.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23539_none_151d6b00cc1e4c66\winsrv.dll C:\Windows\System32\winsrv.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23539_none_b5eae4a9e1f062c1\appidsvc.dll C:\Windows\System32\appidsvc.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.23453_none_e7c00c697e579911\wuaueng.dll C:\Windows\System32\wuaueng.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23539_none_b5eae4a9e1f062c1\appid.sys C:\Windows\System32\appid.sys

*****************

"C:\Windows\SysWOW64\advapi32.dll" => not found
C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23539_none_e5c88a84fded5e35\advapi32.dll copied successfully to C:\Windows\SysWOW64\advapi32.dll
"C:\Windows\System32\advapi32.dll" => not found
C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.23539_none_41e72608b64acf6b\advapi32.dll copied successfully to C:\Windows\System32\advapi32.dll
"C:\Windows\SysWOW64\kernel32.dll" => not found
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23539_none_fcb163f1ba756164\kernel32.dll copied successfully to C:\Windows\SysWOW64\kernel32.dll
"C:\Windows\System32\kernel32.dll" => not found
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23539_none_f25cb99f86149f69\kernel32.dll copied successfully to C:\Windows\System32\kernel32.dll
"C:\Windows\SysWOW64\oleaut32.dll" => not found
C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.23452_none_25d7057a5fba9538\oleaut32.dll copied successfully to C:\Windows\SysWOW64\oleaut32.dll
"C:\Windows\System32\oleaut32.dll" => not found
C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.23452_none_1b825b282b59d33d\oleaut32.dll copied successfully to C:\Windows\System32\oleaut32.dll
"C:\Windows\System32\winsrv.dll" => not found
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23539_none_151d6b00cc1e4c66\winsrv.dll copied successfully to C:\Windows\System32\winsrv.dll
"C:\Windows\System32\appidsvc.dll" => not found
C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23539_none_b5eae4a9e1f062c1\appidsvc.dll copied successfully to C:\Windows\System32\appidsvc.dll
"C:\Windows\System32\wuaueng.dll" => not found
C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.23453_none_e7c00c697e579911\wuaueng.dll copied successfully to C:\Windows\System32\wuaueng.dll
"C:\Windows\System32\appid.sys" => not found
C:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23539_none_b5eae4a9e1f062c1\appid.sys copied successfully to C:\Windows\System32\appid.sys

==== End of Fixlog 17:56:10 ====


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:11 PM

Posted 02 October 2017 - 02:52 PM

They were all copied.

 

Please rescan with FRST and post a new FRST.txt log.

 

Also, let me know if it is the same error message and if there is any file involved indicated therein.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 fvong

fvong
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 03 October 2017 - 05:47 AM

Hi there,

Thanks for your reply.

 

I've rescanned with FRST and here are the results from the FRST.txt log;

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
Ran by SYSTEM on MININT-I9TPE71 (03-10-2017 21:31:37)
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-20] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-09] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-20] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-24] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [S6000Mnt] => C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [SessionLogon] => C:\ExpressGateUtil\SessionLogon.exe
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-24] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-14] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-17] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-19] (Wondershare)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-06-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-06-28] (NVIDIA Corporation)
Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2012-02-16]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-20] (ESET)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1531352 2013-06-07] (Echobit LLC)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-03-11] ()
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-19] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-09] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-09] (ESET)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2012-10-02] (Echobit, LLC)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81920 2011-02-24] (Fresco Logic)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2010-08-05] (Windows (R) Win 7 DDK provider)
S3 AppID; \SystemRoot\system32\drivers\appid.sys [X]
S3 GGSAFERDriver; \??\C:\Users\Roger\Garena Plus\Room\safedrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\AmUStor.SYS 9C7F164B49CADC658D1B3C575782F346
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys B4174564AD5834A1680610572477878C
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 58425D987F155F44C0BD4D0DB230327E
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\System32\DRIVERS\eamonm.sys 398904F1FBF13CEF0FCB822E9CA5F2D5
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 9E39134330C18CBAC0F24C1283701D7E
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys B4E8DC817963B256537B1EC09AF0647E
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 05B0DCDA418E297A1B4CD8D7B8ADE403
C:\Windows\System32\DRIVERS\evolve.sys A0539478593A00AA64E600CF7E19F195
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FLxHCIc.sys 10B5AB16C34D4E316EDB825386F57DA6
C:\Windows\System32\DRIVERS\FLxHCIh.sys 66DE264C2DEFE746CB2E71F3A5EB5C2C
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 276EE9CDAB16C50E1DF0E4CEFA882F5F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 177B4E48C7A288E70779B42AB81D2D06
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 033B4AED2C5519072C0D81E00804D003
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LUsbFilt.Sys 29C733E1DE824670DC9315CFC9BDBCD3
C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 39DEFE644321F9A4B7F527664F628DEA
C:\Windows\System32\DRIVERS\nvpciflt.sys 5AFBEAF5D143253E9038E381AB7D4CC5
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\System32\Drivers\S6000KNT.sys 538B4DECD14E7A664921908C44987C8A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 16897B0322DD56621DF5978131130AF2
C:\Windows\System32\DRIVERS\srv2.sys 978423DEC32318FFBCD76D01232AC0FF
C:\Windows\System32\DRIVERS\srvnet.sys CB06B3D4659D744131E691B7B4CE6B2D
C:\Windows\System32\DRIVERS\ssudmdm.sys 383C219BFA39703A5AF40F1636E3A7F8
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys 595CB8DA5B522AD8CC28193DC21FD496
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\tpm.sys 48DDEF0B921DD331536CC82C1A8FF64F
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TurboB.sys FD24F98D2898BE093FE926604BE7DB99
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\System32\DRIVERS\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys D0335A55E5C3F812548E18300C2ACB62
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-02 17:56 - 2016-09-02 07:31 - 000215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-10-02 17:56 - 2016-09-02 07:30 - 001163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2017-10-02 17:56 - 2016-09-02 07:30 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2017-10-02 17:56 - 2016-09-02 07:30 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2017-10-02 17:56 - 2016-09-02 07:16 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-02 17:56 - 2016-09-02 07:16 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-02 17:56 - 2016-09-02 07:02 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\appid.sys
2017-10-02 17:56 - 2016-05-13 13:55 - 002607104 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2017-10-02 17:56 - 2016-05-12 09:14 - 000862208 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2017-10-02 17:56 - 2016-05-12 07:18 - 000572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-09-25 20:32 - 2017-10-03 21:31 - 000000000 ____D C:\FRST
2017-09-24 18:05 - 2017-09-24 18:05 - 000000000 __SHD C:\found.000
2017-09-20 04:20 - 2016-09-02 07:40 - 000631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-09-20 04:20 - 2016-09-02 07:35 - 005548264 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-09-20 04:20 - 2016-09-02 07:35 - 000706280 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-09-20 04:20 - 2016-09-02 07:35 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-09-20 04:20 - 2016-09-02 07:35 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-09-20 04:20 - 2016-09-02 07:34 - 001732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-09-20 04:20 - 2016-09-02 07:31 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-09-20 04:20 - 2016-09-02 07:31 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 001464320 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-09-20 04:20 - 2016-09-02 07:30 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-09-20 04:20 - 2016-09-02 07:21 - 004000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-20 04:20 - 2016-09-02 07:21 - 003944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-20 04:20 - 2016-09-02 07:18 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-20 04:20 - 2016-09-02 07:16 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-20 04:20 - 2016-09-02 06:55 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-09-20 04:20 - 2016-09-02 06:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-09-20 04:20 - 2016-09-02 06:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-09-20 04:20 - 2016-09-02 06:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-09-20 04:20 - 2016-09-02 06:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-09-20 04:18 - 2017-05-03 07:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2017-09-20 04:18 - 2017-05-03 07:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2017-09-20 04:18 - 2017-05-03 05:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-09-20 04:18 - 2017-03-22 18:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2017-09-20 04:18 - 2016-08-16 12:40 - 000343552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-09-20 04:18 - 2016-08-16 12:40 - 000007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-09-20 03:46 - 2017-09-20 05:03 - 000000000 ____D C:\Program Files\ZAR
2017-09-20 03:46 - 2017-09-20 03:46 - 000000742 _____ C:\Users\Public\Desktop\ZAR X.lnk
2017-09-20 03:45 - 2016-08-29 07:31 - 014183424 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-09-20 03:45 - 2016-08-29 07:31 - 001941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2017-09-20 03:45 - 2016-08-29 07:31 - 001867776 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-09-20 03:45 - 2016-08-29 07:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-20 03:45 - 2016-08-29 07:04 - 003229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-09-20 03:45 - 2016-08-29 06:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-09-20 03:45 - 2016-07-07 07:36 - 001896168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2017-09-20 03:45 - 2016-07-07 07:36 - 000377576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2017-09-20 03:45 - 2016-07-07 07:36 - 000287976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2017-09-20 03:45 - 2016-07-07 07:08 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2017-09-20 03:45 - 2016-07-01 07:31 - 000976896 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2017-09-20 03:45 - 2016-07-01 07:31 - 000084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2017-09-20 03:45 - 2016-07-01 07:13 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-20 03:45 - 2016-07-01 07:13 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-09-20 03:45 - 2016-07-01 06:56 - 000464896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-09-20 03:45 - 2016-07-01 06:56 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-09-20 03:45 - 2016-07-01 06:56 - 000168960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2017-09-20 03:34 - 2017-09-20 03:34 - 000000000 ____D C:\Users\Roger\AppData\LocalLow\uTorrent
2017-09-15 18:34 - 2017-09-15 18:47 - 1395320832 ____R C:\Users\Roger\Downloads\John.Wick.Chapter.2.2017.HDRip.XVid..Line-NoGrp.avi
2017-09-15 18:32 - 2017-09-15 18:55 - 000000000 ____D C:\Users\Roger\Downloads\John.Wick.2014.BluRay.720p.x264-HEFF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 00:30 - 2013-05-18 20:11 - 000323478 _____ C:\Windows\ntbtlog.txt
2017-09-23 23:54 - 2014-12-11 15:06 - 000000000 ____D C:\Windows\System32\appraiser
2017-09-23 23:54 - 2014-05-07 05:42 - 000000000 ___SD C:\Windows\System32\CompatTel
2017-09-23 23:53 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-20 07:38 - 2011-10-17 20:17 - 000782160 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-20 07:38 - 2009-07-13 21:13 - 000782160 _____ C:\Windows\System32\PerfStringBackup.INI
2017-09-20 07:38 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-09-20 07:34 - 2015-12-05 03:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d12f4ec41cc1b1.job
2017-09-20 07:32 - 2009-07-13 18:34 - 000000478 _____ C:\Windows\win.ini
2017-09-20 07:26 - 2015-09-07 20:13 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d0e9ecb9c97505.job
2017-09-20 07:25 - 2015-02-04 16:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d040d957d0d985.job
2017-09-20 07:24 - 2016-05-11 05:18 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d1ab87a6f1b1e3.job
2017-09-20 07:24 - 2014-06-21 00:19 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1cf8d297f347bad.job
2017-09-20 07:23 - 2016-02-04 14:29 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d15f9b75d991c4.job
2017-09-20 07:21 - 2012-05-24 04:03 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2017-09-20 07:21 - 2012-05-24 04:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-09-20 07:18 - 2016-05-11 05:03 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab8584a1ae93.job
2017-09-20 07:18 - 2015-05-15 21:20 - 000000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001UA1d08f97fb7b0993.job
2017-09-20 07:18 - 2015-05-14 21:18 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08ecea00bee04.job
2017-09-20 07:09 - 2016-08-10 04:59 - 000000000 ____D C:\Windows\System32\MRT
2017-09-20 07:08 - 2016-02-04 14:56 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15f9f41ec90ba.job
2017-09-20 07:03 - 2015-09-07 20:13 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e9ecbf7b366d.job
2017-09-20 07:01 - 2016-08-10 04:59 - 140394280 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-09-20 07:01 - 2015-12-05 02:58 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12f4be506e1e3.job
2017-09-20 06:55 - 2014-06-21 15:33 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8da9356177de.job
2017-09-20 06:55 - 2013-04-28 17:09 - 000000000 ____D C:\Users\Roger\AppData\Roaming\uTorrent
2017-09-20 05:23 - 2016-02-04 14:29 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d15f9b75994c9c.job
2017-09-20 04:41 - 2013-05-11 22:12 - 000000000 ____D C:\Users\Roger\AppData\Local\Adobe
2017-09-20 03:47 - 2009-07-13 20:45 - 000018736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-20 03:47 - 2009-07-13 20:45 - 000018736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-20 03:44 - 2013-10-20 00:28 - 000000000 ____D C:\SoundCloud Downloads
2017-09-20 03:32 - 2012-04-10 02:31 - 000000000 ___HD C:\ASUS.DAT
2017-09-20 03:31 - 2015-09-07 20:13 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e9ecbf26d3a1.job
2017-09-20 03:31 - 2014-06-21 15:33 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8da9351b9438.job
2017-09-16 01:36 - 2014-06-21 00:19 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1cf8d297f052e1d.job
2017-09-15 21:26 - 2015-09-07 20:13 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d0e9ecb9466069.job
2017-09-15 21:25 - 2015-02-04 16:19 - 000000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2156483762-217303773-897775373-1001Core1d040d95797521d.job
2017-09-15 18:46 - 2012-08-29 18:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-15 18:46 - 2012-08-29 18:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-15 18:46 - 2012-08-29 18:24 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-15 18:46 - 2012-08-29 18:24 - 000000000 ____D C:\Windows\System32\Macromed
2017-09-15 18:46 - 2011-10-17 20:27 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-15 18:34 - 2012-04-10 04:18 - 000002384 _____ C:\Users\Roger\Desktop\Google Chrome.lnk
2017-09-15 18:20 - 2017-07-17 02:48 - 000003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings

Some files in TEMP:
====================
2012-04-10 03:55 - 2012-04-10 03:55 - 000352768 _____ () C:\Users\Roger\AppData\Local\Temp\autorun.dll
2012-06-15 13:42 - 2012-08-30 21:44 - 021944384 _____ (ArenaNet) C:\Users\Roger\AppData\Local\Temp\Gw2.exe
2015-01-03 19:43 - 2015-01-03 19:43 - 009565624 _____ (Macroplant LLC                                              ) C:\Users\Roger\AppData\Local\Temp\iExplorer_Setup_3640.exe
2013-05-18 20:05 - 2013-05-18 20:05 - 000425560 _____ (ESET) C:\Users\Roger\AppData\Local\Temp\InstHelper.exe
2012-05-11 22:18 - 2011-09-27 11:15 - 000101144 _____ () C:\Users\Roger\AppData\Local\Temp\LMkRstPt.exe
2015-05-16 20:18 - 2015-05-16 20:18 - 050067152 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2012-05-31 19:26 - 2012-08-13 06:19 - 025653936 _____ (Skype Technologies S.A.) C:\Users\Roger\AppData\Local\Temp\SkypeSetup.exe
2012-04-10 07:14 - 2012-04-10 07:14 - 000139672 _____ (Eclipse Foundation) C:\Users\Roger\AppData\Local\Temp\swt-win32-3349.dll
2014-04-13 05:59 - 2014-04-13 05:59 - 001268816 _____ (BitTorrent Inc.) C:\Users\Roger\AppData\Local\Temp\uttC7D3.tmp.exe
2013-04-28 17:09 - 2013-04-28 17:09 - 008182784 _____ () C:\Users\Roger\AppData\Local\Temp\uttFB24.tmp.exe
2015-01-08 19:33 - 2015-01-08 19:33 - 024743106 _____ () C:\Users\Roger\AppData\Local\Temp\vlc-2.1.5-win32.exe
2016-01-04 04:50 - 2016-01-04 04:50 - 028849904 _____ () C:\Users\Roger\AppData\Local\Temp\vlc-2.2.1-win32.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Roger\AppData\Local\Temp\_is148A.exe
2006-05-24 09:10 - 2006-05-24 09:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Roger\AppData\Local\Temp\_isF538.exe
2013-04-22 03:40 - 2013-04-22 03:56 - 000000000 _____ () C:\Users\Roger\AppData\Local\Temp\{0E7163BC-64DD-43DC-B9E0-3EB02D1B3290}-26.0.1410.64_26.0.1410.43_chrome_updater.exe
2013-02-11 03:52 - 2013-02-11 04:13 - 000000000 _____ () C:\Users\Roger\AppData\Local\Temp\{715D3A25-9602-4654-A834-A1545FB8FA74}-24.0.1312.57_23.0.1271.95_chrome_updater.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2017-09-20 07:01
Restore point date: 2017-09-24 18:50

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  boot
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  boot
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                boot
systemroot              \Windows
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
device                  boot
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 6049.06 MB
Available physical RAM: 5336.44 MB
Total Virtual: 6047.21 MB
Available Virtual: 5330.94 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:49.84 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:150.53 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
Drive g: () (Removable) (Total:59.61 GB) (Free:37.94 GB) exFAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2016-06-27 03:14

==================== End of FRST.txt ============================

Also, after running the FRST again, I restarted and it resulted in the same BSOD error with %HS missing error and Stop C0000135.

 

For example;

 

ecgbbfad-738344.png

 

Thanks



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:11 PM

Posted 03 October 2017 - 04:27 PM

How is your SATA configuration in the BIOS set? Although I see efi components, the BCD seems set to ATA.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 fvong

fvong
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 04 October 2017 - 06:05 AM

Hi,

Not sure what is meant by SATA Config but please look at below screenshot. Please direct me any other way to provide you with the info you need. 

 

 

fbcd2u.jpg

 

 

Again, thanks so much for your time.



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:11 PM

Posted 05 October 2017 - 03:54 PM

Sorry for the delay, but under current conditions, a connection is not always available.

 

Download the enclosed file.   Save it in the flash drive next to FRST64.

 

Insert the flash drive in the affected computer.

 

Open FRST64 as you did before and click on the fix button.

 

This will add some paths to the Boot Configuration Data (BCD)

 

A log, Fixlog.txt will be produced in the flash drive, please post it in your next reply.

 

 

Attempt to boot and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 fvong

fvong
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 06 October 2017 - 10:32 PM

Hi there,

Please do not apologise, I completely understand and wish nothing but the best for you and all Puerto Ricans. 

 

I have run the Fixlist.txt and rebooted the laptop. It still hangs and then results in the same BSOD highlighted in the above posts. 

 

Here is the Fixlog contents;

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by SYSTEM (07-10-2017 14:24:06) Run:2
Running from F:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
CMD: BCDEDIT /set {bootmgr} device=partition=C:
CMD: BCDEDIT /set {bootmgr} path=\bootmgr
CMD: BCDEDIT /set {{default}} device=partition=C:
CMD: BCDEDIT /set {{default}} osdevice=partition=C:
CMD: BCDEDIT /ENUM ALL
*****************


========= BCDEDIT /set {bootmgr} device=partition=C: =========

The element data type specified is not recognized, or does not apply to the
specified entry.
Run "bcdedit /?" for command line assistance.
Element not found.

========= End of CMD: =========


========= BCDEDIT /set {bootmgr} path=\bootmgr =========

The element data type specified is not recognized, or does not apply to the
specified entry.
Run "bcdedit /?" for command line assistance.
Element not found.

========= End of CMD: =========


========= BCDEDIT /set {{default}} device=partition=C: =========

The element data type specified is not recognized, or does not apply to the
specified entry.
Run "bcdedit /?" for command line assistance.
Element not found.

========= End of CMD: =========


========= BCDEDIT /set {{default}} osdevice=partition=C: =========

The element data type specified is not recognized, or does not apply to the
specified entry.
Run "bcdedit /?" for command line assistance.
Element not found.

========= End of CMD: =========


========= BCDEDIT /ENUM ALL =========


Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  boot
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  boot
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                boot
systemroot              \Windows
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
device                  boot
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi

========= End of CMD: =========


==== End of Fixlog 14:24:09 ====


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:11 PM

Posted 07 October 2017 - 02:40 PM

Lets retry that fix, but use this    instead.


Edited by JSntgRvr, 07 October 2017 - 02:47 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 fvong

fvong
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 09 October 2017 - 06:50 AM

Hi,

I've fixed once again but the same issue appears. Here's the log;

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by SYSTEM (09-10-2017 22:47:45) Run:3
Running from F:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
CMD: BCDEDIT /set {bootmgr} device partition=C:        // Active partition
CMD: BCDEDIT /set {bootmgr} path \bootmgr
CMD: BCDEDIT /set {default} device partition=C:
CMD: BCDEDIT /set {default} osdevice partition=C:
CMD: BCDEDIT /ENUM ALL
*****************


========= BCDEDIT /set {bootmgr} device partition=C:        // Active partition =========

Invalid command line switch: //
Run "bcdedit /?" for command line assistance.
The parameter is incorrect.

========= End of CMD: =========


========= BCDEDIT /set {bootmgr} path \bootmgr =========

The operation completed successfully.

========= End of CMD: =========


========= BCDEDIT /set {default} device partition=C: =========

The operation completed successfully.

========= End of CMD: =========


========= BCDEDIT /set {default} osdevice partition=C: =========

The operation completed successfully.

========= End of CMD: =========


========= BCDEDIT /ENUM ALL =========


Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  boot
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
device                  boot
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi

========= End of CMD: =========


==== End of Fixlog 22:47:48 ====


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:11 PM

Posted 09 October 2017 - 12:24 PM

Download the enclosed file. Save it in the same location  FRST is saved in the USB. Open FRST as you did before and click on the Fix button. A Fixlog.txt report will be produced in the USB. Post it in your next reply.

 

The error indicates that the OS is unable to find a necessary file to boot. Considering you had a few files missing, chances are that some important files are still missing. After running the above fix, restart the computer to the Recovery Command prompt. It is important to restart the computer as is the only way we will be able to see the actual OS partition.

 

So after a restart, type the following at the prompt and press Enter.

 

bcdedit | find "osdevice"

 

Take note of it and let me know which partition is indicated therein.

 

Open FRST once again.

 

Type the following in the edit box on FRST, after "Search:".

bootmgr; winload.exe

It then should look like:

Search: bootmgr; winload.exe

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users