[SOLVED] [WinServer2012] Standard WSUS Problems

[WildPyro]

Log file sent.

-Pyro

 

[BrianDrab]

Thanks. Please do the following and let me know when complete.

1. Disable and stop the WMI service.
sc config winmgmt start= disabled (note that there is a blank between '=' and 'disabled')
net stop winmgmt

2. Rename the repository folder (located at %windir%\System32\wbem\repository) to repository.old.

3. Re-enable the WMI service.
sc config winmgmt start= auto

4. Reboot the server.

 

[WildPyro]

It wouldn't let me stop the winmgmt service. It gave me an error, uploaded to the thread.

-Pyro

 

[BrianDrab]

It looks like the service was set to disabled successfully so reboot your server and then continue with bullet#2.

 

[WildPyro]

Ok, got the folder renamed and re-enabled the service. I'm rebooting now.

-Pyro

 

[WildPyro]

Server is rebooted, attempting to check for updates.

-Pyr

 

[BrianDrab]

Thanks. If you still have the same issue please do the following.

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

[WildPyro]

FRST.txt --

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Administrator (administrator) on PNJSERVER (10-03-2017 23:19:33)
Running from C:\
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows Server 2012 Standard (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(hMailServer) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
(Tanuki Software, Ltd.) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Hewlett-Packard Company) C:\Windows\System32\sysdown.exe
(Oracle Corporation) C:\Program Files (x86)\PS3 Media Server\jre64\bin\java.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe


==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
Lsa: [Notification Packages] scecli rassfm
SecurityProviders: credssp.dll, pwdssp.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModBot.exe.lnk [2015-07-30]
ShortcutTarget: ModBot.exe.lnk -> C:\Streaming\ModBot.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileZilla Server.lnk [2013-09-17]
ShortcutTarget: FileZilla Server.lnk -> C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hMailAdmin.lnk [2013-11-30]
ShortcutTarget: hMailAdmin.lnk -> C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe (Halvar Information)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Minecraft Server.lnk [2013-12-01]
ShortcutTarget: Minecraft Server.lnk -> C:\Minecraft Server\CraftBukkit.bat ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk [2013-09-15]
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PS3 Media Server.lnk [2015-02-15]
ShortcutTarget: PS3 Media Server.lnk -> C:\Program Files (x86)\PS3 Media Server\pms.exe (PS3 Media Server)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ventrilo Server.lnk [2013-09-17]
ShortcutTarget: Ventrilo Server.lnk -> C:\Program Files\Ventrilo\ventrilo_srv.exe ()
BootExecute: autocheck autochk /q /v *
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\..\Interfaces\{30102ECF-7083-40AA-BA2B-A5699E31E6B9}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4CCF8E6B-7392-4B19-BAC8-7B55728EACCC}: [NameServer] 8.8.8.8,8.8.4.4


Internet Explorer:
==================
HKU\S-1-5-21-2146499467-1732687246-2212153872-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-14] (Oracle Corporation)
Handler: hpapp - No CLSID Value


FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation) [File not signed]
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [63488 2012-08-19] (IvoSoft) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [6069760 2013-06-02] (hMailServer) [File not signed]
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [171520 2012-07-25] (Microsoft Corporation)
R2 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [384280 2012-11-27] (Tanuki Software, Ltd.)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [95232 2012-07-25] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [83456 2012-07-25] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2012-07-25] (Microsoft Corporation)
R2 sysdown; C:\Windows\System32\sysdown.exe [18784 2011-02-17] (Hewlett-Packard Company)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [241664 2014-09-13] (Microsoft Corporation)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S0 bfad; C:\Windows\System32\drivers\bfad.sys [1963760 2012-07-26] (Brocade Communications Systems, Inc.)
S0 bfadfcoe; C:\Windows\System32\drivers\bfadfcoe.sys [1964272 2012-07-26] (Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [186096 2012-07-26] (Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [564976 2012-07-26] (Broadcom Corporation)
R3 CpqCiDrv; C:\Windows\System32\drivers\cpqcidrv.sys [53600 2011-09-13] (Hewlett-Packard Company)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [699632 2012-07-26] (Emulex)
R0 hpqilo2; C:\Windows\System32\drivers\hpqilo2.sys [150880 2011-02-17] (Hewlett-Packard Company)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [99840 2013-07-01] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94448 2012-07-25] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [131072 2014-02-26] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [109056 2013-06-28] (Microsoft Corporation)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2012-07-25] (Microsoft Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)


==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-03-10 23:19 - 2017-03-10 23:19 - 00008673 _____ C:\FRST.txt
2017-03-10 23:19 - 2017-03-10 23:19 - 00000000 ____D C:\FRST
2017-03-10 23:19 - 2017-03-10 23:18 - 02423808 _____ (Farbar) C:\FRST64.exe
2017-03-09 23:03 - 2017-03-10 23:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\2
2017-03-09 08:33 - 2017-03-09 08:33 - 00000000 ____D C:\83df85255a0d5f3f7be095bd
2017-03-06 21:49 - 2017-03-06 21:49 - 00000000 ____D C:\3910407301b5709e3b74
2017-03-06 21:42 - 2017-03-06 21:42 - 00000000 ____D C:\c6b1edbb7e8a72494697698ab4bc0e
2017-03-04 23:08 - 2017-03-04 23:08 - 00818508 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-04 23:06 - 2017-03-04 23:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PNJSERVER-Windows-Server-2012-Standard-(64-bit).dat
2017-03-04 23:06 - 2017-03-04 23:06 - 00000000 ____D C:\RegBackup
2017-03-04 22:41 - 2017-03-04 23:06 - 00000000 ____D C:\Windows Repair
2017-03-04 20:19 - 2016-07-05 21:01 - 02406912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2017-03-04 20:19 - 2016-07-05 20:05 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2017-03-04 19:33 - 2016-03-17 15:52 - 00979968 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-04 19:33 - 2016-03-17 15:52 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-03-04 19:33 - 2016-03-17 15:49 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-03-04 19:33 - 2016-03-17 15:49 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-03-04 19:33 - 2016-03-17 13:58 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-04 18:30 - 2016-03-08 11:04 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-03-04 18:30 - 2016-03-08 10:40 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-03-04 18:25 - 2016-01-28 14:57 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-03-04 18:22 - 2016-01-30 13:07 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2017-03-04 18:20 - 2016-01-20 11:08 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-03-04 15:48 - 2017-03-04 15:48 - 00281624 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-04 15:01 - 2016-01-10 10:40 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-03-04 15:01 - 2016-01-10 10:40 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-03-04 15:01 - 2016-01-10 07:04 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-03-04 15:00 - 2016-03-15 12:21 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-03-04 14:59 - 2016-01-13 20:10 - 00447832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-03-04 14:58 - 2016-01-10 11:23 - 01942360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-03-04 14:57 - 2015-11-19 09:09 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-04 14:57 - 2015-11-19 09:09 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-04 12:42 - 2015-10-22 14:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-03-04 12:42 - 2015-10-22 14:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-03-04 12:42 - 2015-10-22 14:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-03-04 12:42 - 2015-10-22 14:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-03-04 12:42 - 2015-10-22 14:00 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-03-04 12:42 - 2015-10-22 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-03-02 21:19 - 2017-03-02 21:19 - 00003910 _____ C:\Windows\system32\1.txt
2017-02-26 22:07 - 2016-06-08 22:27 - 05331968 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-02-26 22:07 - 2016-06-08 22:26 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-02-26 22:07 - 2016-06-08 22:26 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-02-26 22:07 - 2016-06-08 22:25 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
2017-02-26 22:07 - 2016-06-08 21:50 - 00088064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2017-02-26 22:07 - 2016-03-09 20:58 - 01622528 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2017-02-25 00:58 - 2017-02-25 00:58 - 00000041 _____ C:\Windows\woubak-pwrscheme-temp.txt
2017-02-25 00:58 - 2017-02-25 00:58 - 00000041 _____ C:\Windows\woubak-pwrscheme-act.txt
2017-02-25 00:44 - 2017-02-23 06:39 - 00177120 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-25 00:43 - 2017-02-23 06:39 - 00835040 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-23 06:37 - 2017-02-23 06:37 - 01043456 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-02-23 06:37 - 2017-02-23 06:37 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2017-02-23 06:37 - 2017-02-23 06:37 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-23 06:37 - 2017-02-23 06:37 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2017-02-23 06:37 - 2017-02-23 06:37 - 00478288 _____ C:\Windows\SysWOW64\locale.nls
2017-02-23 06:37 - 2017-02-23 06:37 - 00478288 _____ C:\Windows\system32\locale.nls
2017-02-23 06:37 - 2017-02-23 06:37 - 00396128 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2017-02-23 06:37 - 2017-02-23 06:37 - 00372064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2017-02-23 06:37 - 2017-02-23 06:37 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
2017-02-23 06:37 - 2017-02-23 06:37 - 00162850 _____ C:\Windows\system32\C_932.NLS
2017-02-23 06:37 - 2017-02-23 06:37 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 20122112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 15442944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 14727168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 13782528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 10098176 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 04048896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-23 06:34 - 2017-02-23 06:34 - 03927552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02875392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02818560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02684928 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02308096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02249216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02147328 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 02039296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 01770496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 01342464 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 01294336 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 01126912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 01025024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 00569200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-23 06:34 - 2017-02-23 06:34 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 00363872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-02-23 06:34 - 2017-02-23 06:34 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 00112992 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-23 06:34 - 2017-02-23 06:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-23 06:34 - 2017-02-23 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 06941024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-23 06:31 - 2017-02-23 06:31 - 01567064 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 01385984 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 01150784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 01115136 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00895488 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00888832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00704000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00515584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00505280 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-02-23 06:31 - 2017-02-23 06:31 - 00493568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00378720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-23 06:31 - 2017-02-23 06:31 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-23 06:31 - 2017-02-23 06:31 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-23 06:28 - 2017-02-23 06:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-23 06:28 - 2017-02-23 06:28 - 01843200 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-23 06:28 - 2017-02-23 06:28 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-23 06:28 - 2017-02-23 06:28 - 01437696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 01283072 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00907776 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00746496 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-23 06:28 - 2017-02-23 06:28 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-23 06:28 - 2017-02-23 06:28 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-23 06:28 - 2017-02-23 06:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00123744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-02-23 06:28 - 2017-02-23 06:28 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-23 06:28 - 2017-02-23 06:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-23 06:28 - 2017-02-23 06:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-23 06:28 - 2017-02-23 06:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-23 06:27 - 2017-02-23 06:27 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-23 06:27 - 2017-02-23 06:27 - 00573952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-23 06:26 - 2017-02-23 06:26 - 11464704 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-02-23 06:26 - 2017-02-23 06:26 - 08555008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-02-23 06:26 - 2017-02-23 06:26 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-02-23 06:26 - 2017-02-23 06:26 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-02-23 06:26 - 2017-02-23 06:26 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-02-23 06:25 - 2017-02-23 06:25 - 01822256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-23 06:25 - 2017-02-23 06:25 - 01413664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-02-23 06:25 - 2017-02-23 06:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00460800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00373424 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00338432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00332064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2017-02-23 06:24 - 2017-02-23 06:24 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2017-02-23 06:23 - 2017-02-23 06:23 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-02-23 06:23 - 2017-02-23 06:23 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-02-23 06:23 - 2017-02-23 06:23 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-02-23 06:23 - 2017-02-23 06:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2017-02-23 06:23 - 2017-02-23 06:23 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2017-02-23 06:22 - 2017-02-23 06:22 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-02-23 06:22 - 2017-02-23 06:22 - 00414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-02-23 06:22 - 2017-02-23 06:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-02-23 06:21 - 2017-02-23 06:21 - 01254912 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00822784 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00711680 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-02-23 06:21 - 2017-02-23 06:21 - 00360960 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-02-23 06:21 - 2017-02-23 06:21 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2017-02-23 06:21 - 2017-02-23 06:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2017-02-23 06:21 - 2017-02-23 06:21 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2017-02-23 06:20 - 2017-02-23 06:20 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-23 06:20 - 2017-02-23 06:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-23 06:20 - 2017-02-23 06:20 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-23 06:20 - 2017-02-23 06:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-23 06:20 - 2017-02-23 06:20 - 00171360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-23 06:19 - 2017-02-23 06:19 - 01441632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-02-23 06:19 - 2017-02-23 06:19 - 01298944 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-23 06:19 - 2017-02-23 06:19 - 00695296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-23 06:19 - 2017-02-23 06:19 - 00304480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-02-23 06:18 - 2017-02-23 06:18 - 01590272 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-02-23 06:18 - 2017-02-23 06:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-02-23 06:18 - 2017-02-23 06:18 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-23 06:18 - 2017-02-23 06:18 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-02-23 06:18 - 2017-02-23 06:18 - 00083296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2017-02-23 06:17 - 2017-02-23 06:17 - 00727552 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-02-23 06:17 - 2017-02-23 06:17 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-02-23 06:17 - 2017-02-23 06:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-02-23 06:17 - 2017-02-23 06:17 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-02-23 06:16 - 2017-02-23 06:16 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-02-23 06:16 - 2017-02-23 06:16 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-02-23 06:15 - 2017-02-23 06:15 - 00119128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2017-02-23 06:15 - 2017-02-23 06:15 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2017-02-23 06:15 - 2017-02-23 06:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-02-23 06:14 - 2017-02-23 06:14 - 14267392 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-02-23 06:14 - 2017-02-23 06:14 - 11878400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-02-23 06:14 - 2017-02-23 06:14 - 00448000 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-02-23 06:14 - 2017-02-23 06:14 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2017-02-23 06:13 - 2017-02-23 06:13 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-02-23 06:13 - 2017-02-23 06:13 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-02-23 06:13 - 2017-02-23 06:13 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2017-02-23 06:13 - 2017-02-23 06:13 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2017-02-23 06:12 - 2017-02-23 06:12 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2017-02-23 06:12 - 2017-02-23 06:12 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll
2017-02-23 06:10 - 2017-02-23 06:10 - 01751552 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-02-23 06:10 - 2017-02-23 06:10 - 01238528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-02-23 06:10 - 2017-02-23 06:10 - 00866816 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-02-23 06:10 - 2017-02-23 06:10 - 00465920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 02893824 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 02615808 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 02400256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 02312704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 01770496 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 01593344 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 01468928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 01376256 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 01374208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 01174016 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 01073664 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00929792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00904192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00793312 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00722944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00612528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00571392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00546304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00463880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00446872 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00382464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00324456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00253624 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-02-23 06:08 - 2017-02-23 06:08 - 00251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-02-23 06:08 - 2017-02-23 06:08 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2017-02-23 06:08 - 2017-02-23 06:08 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2017-02-23 06:08 - 2017-02-23 06:08 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-02-23 06:08 - 2017-02-23 06:08 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2017-02-23 06:07 - 2017-02-23 06:07 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-02-23 06:07 - 2017-02-23 06:07 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2017-02-23 06:07 - 2017-02-23 06:07 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-02-23 06:05 - 2017-02-23 06:05 - 01637376 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 01223168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-02-23 06:05 - 2017-02-23 06:05 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 00384512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-23 06:05 - 2017-02-23 06:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-23 06:04 - 2017-02-23 06:04 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-02-23 06:04 - 2017-02-23 06:04 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2017-02-23 06:04 - 2017-02-23 06:04 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-02-23 06:04 - 2017-02-23 06:04 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-02-19 17:50 - 2017-02-19 17:50 - 06975096 _____ (Tim Kosse) C:\Users\Administrator\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-19 03:04 - 2017-03-03 21:27 - 00000000 ____D C:\SFCFix
2017-02-17 12:31 - 2017-02-17 13:05 - 00000000 ____D C:\WSUS Offline
2017-02-16 23:54 - 2017-02-16 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-16 23:52 - 2017-02-16 23:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-02-16 23:52 - 2017-02-16 23:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-12 22:44 - 2017-01-12 02:36 - 212685810 _____ C:\Users\Administrator\AppData\Local\Temp\wsusscn2.cab
2017-02-12 22:43 - 2017-02-12 22:43 - 00000448 _____ C:\Users\Administrator\AppData\Local\Temp\UpdateInstaller.ini
2017-02-09 18:38 - 2017-02-09 18:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2017-02-09 18:38 - 2017-02-09 18:38 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2017-02-09 17:30 - 2017-02-09 17:30 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-02-09 17:30 - 2017-02-09 17:30 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-02-09 17:30 - 2017-02-09 17:30 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-02-09 17:30 - 2017-02-09 17:30 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-02-09 17:30 - 2017-02-09 17:30 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-02-09 17:30 - 2017-02-09 17:30 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-02-09 17:30 - 2017-02-09 17:30 - 00018600 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-02-09 17:30 - 2017-02-09 17:30 - 00018592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-03-10 12:01 - 2013-11-09 17:33 - 00000514 _____ C:\Windows\Tasks\ShadowCopyVolume{b163811d-ffd7-4b10-9edb-8e0fb57034ea}.job
2017-03-10 12:00 - 2013-11-09 17:33 - 00000514 _____ C:\Windows\Tasks\ShadowCopyVolume{a572c972-d6cd-11e1-93e8-806e6f6e6963}.job
2017-03-09 23:04 - 2015-02-15 13:06 - 00000000 ____D C:\ProgramData\PMS
2017-03-09 23:04 - 2013-09-14 10:59 - 00802870 _____ C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2017-03-09 23:00 - 2012-07-26 02:21 - 00818508 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-09 23:00 - 2012-07-26 00:37 - 00000000 ____D C:\Windows\Inf
2017-03-09 22:56 - 2012-07-26 02:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-04 20:20 - 2012-07-26 02:50 - 00000000 ____D C:\Windows\CbsTemp
2017-03-04 15:46 - 2012-07-26 00:26 - 00008192 ___SH C:\Windows\system32\config\BBI
2017-02-28 22:30 - 2013-09-14 11:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2146499467-1732687246-2212153872-500
2017-02-28 08:01 - 2015-06-06 05:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\ps3mediaserver
2017-02-28 08:01 - 2013-11-30 21:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2017-02-26 22:43 - 2012-07-26 03:04 - 00000000 ____D C:\Windows\rescache
2017-02-25 00:37 - 2012-07-26 03:04 - 00000000 ___RD C:\Windows\ToastData
2017-02-25 00:37 - 2012-07-26 03:04 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2017-02-19 17:50 - 2013-09-22 00:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FileZilla
2017-02-09 18:53 - 2012-07-26 00:37 - 00000000 ____D C:\Windows\servicing
2017-02-09 18:38 - 2017-01-22 03:04 - 00000000 ____D C:\Windows\system32\catroot2.bak
2017-02-09 17:25 - 2013-09-28 09:44 - 00000000 ____D C:\ProgramData\Package Cache


==================== Files in the root of some directories =======


2015-07-17 18:02 - 2015-07-17 18:02 - 0000114 _____ () C:\Users\Administrator\AppData\Roaming\jxklhgvu.t2z.vbs
2015-07-17 18:02 - 2015-07-17 18:02 - 0000114 _____ () C:\Users\Administrator\AppData\Roaming\k14tmjkt.2fh.vbs
2014-06-08 16:44 - 2014-06-08 16:44 - 0000357 _____ () C:\ProgramData\hpzinstall.log


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-03-04 03:00


==================== End of FRST.txt ============================

Addition.txt --

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Administrator (10-03-2017 23:20:52)
Running from C:\
Windows Server 2012 Standard (X64) (2012-07-26 03:01:47)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2146499467-1732687246-2212153872-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2146499467-1732687246-2212153872-501 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)




==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Apache HTTP Server 2.2.25 (HKLM-x32\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.25 - Apache Software Foundation)
CardBus (x32 Version: 2.00.0001 - Texas Instruments Inc) Hidden
Classic Shell (HKLM\...\{DC45D291-769A-4608-A688-77E6DBC03498}) (Version: 3.6.1 - IvoSoft)
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
hMailServer 5.4-B1950 (HKLM-x32\...\hMailServer_is1) (Version: - )
HP Array Configuration Utility (HKLM-x32\...\{3A9B2F71-2AC2-43E6-B839-6512F6647550}) (Version: 8.75.12.0 - Hewlett-Packard Development Company, L.P.)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
PCI 7510 CardBus Controller with SmartCard and Software (HKLM-x32\...\InstallShield_{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}) (Version: 2.00.0001 - Texas Instruments Inc)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0A6EC955-C70B-4917-A310-B883BB216C1C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-15] (Microsoft Corporation)
Task: {1A5AABCD-CF11-4BFA-8828-057E33DCCDB4} - System32\Tasks\ShadowCopyVolume{b163811d-ffd7-4b10-9edb-8e0fb57034ea} => C:\Windows\system32\vssadmin.exe [2012-07-25] (Microsoft Corporation)
Task: {2DD4DAE1-5FA1-4A6D-BD04-9CAA551C7450} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => Rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {420FBACC-76D3-45A8-BBE4-981875811425} - System32\Tasks\ShadowCopyVolume{a572c972-d6cd-11e1-93e8-806e6f6e6963} => C:\Windows\system32\vssadmin.exe [2012-07-25] (Microsoft Corporation)
Task: {4A2D7E4A-9C77-4CF0-9C9A-CF1435BBA2EB} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2012-07-25] (Microsoft Corporation)
Task: {59E8FC39-8262-4D00-849D-3A7C447D385C} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2012-07-25] (Microsoft Corporation)
Task: {8B56BECD-7294-470A-B8E9-5A0C7A454E5E} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => Cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\ShadowCopyVolume{a572c972-d6cd-11e1-93e8-806e6f6e6963}.job => C:\Windows\system32\vssadmin.exe
Task: C:\Windows\Tasks\ShadowCopyVolume{b163811d-ffd7-4b10-9edb-8e0fb57034ea}.job => C:\Windows\system32\vssadmin.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Administrator\Desktop\Minecraft Server.lnk -> C:\Minecraft Server\CraftBukkit.bat ()


==================== Loaded Modules (Whitelisted) ==============


2015-06-02 10:18 - 2015-06-02 10:18 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-02-27 19:42 - 2013-02-27 19:42 - 00081983 _____ () C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\zlib1.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2012-07-26 00:26 - 2013-09-28 11:03 - 00000885 ____A C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost frozenstarphotography.local


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2146499467-1732687246-2212153872-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Local\Microsoft\Windows\Themes\Canada\DesktopBackground\CA-olwp1.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==




==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [{B2B6315A-82BC-415F-B74A-FE21DE57F203}] => (Allow) C:\Program Files\Ventrilo\ventrilo_srv.exe
FirewallRules: [{20D77886-62C9-4694-AE43-D5A97C7B2CC7}] => (Allow) C:\Program Files\Ventrilo\ventrilo_srv.exe
FirewallRules: [{86C1D987-3F7D-45A6-ABC7-42342A391B90}] => (Allow) C:\Program Files\Ventrilo\ventrilo_srv.exe
FirewallRules: [{67C5E651-13DB-43A2-8A32-8B9A729B1A36}] => (Allow) C:\Program Files\Ventrilo\ventrilo_srv.exe
FirewallRules: [{A50F029B-44E0-4C10-9FE4-F31B7922D607}] => (Allow) LPort=8080
FirewallRules: [{14522FD4-4FD6-4D77-8ACD-CBE30F4187E4}] => (Allow) LPort=21
FirewallRules: [{81121A53-EB71-4EB6-8008-9BECED439506}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
FirewallRules: [{B19D1D78-7E32-41CC-97E1-DD416D1DF43A}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
FirewallRules: [{B2F9B761-5CBA-425D-B127-48123752D531}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
FirewallRules: [{4AC8677C-0E99-46CF-842C-369161C2CA2E}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
FirewallRules: [{01B4E207-2FB0-4D10-8E34-559A7B73176E}] => (Allow) LPort=3389
FirewallRules: [{4BB49844-B6CB-4FF1-948B-BF1256AC3C5F}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\DBSetup.exe
FirewallRules: [{A1B8F657-D653-412E-999F-B4BD53DAA283}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\DBSetup.exe
FirewallRules: [{AB3ACFEF-1104-4986-B835-9374CE4B568C}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\DBSetup.exe
FirewallRules: [{B5C5F793-9693-475D-875A-FEE0BFED1442}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\DBSetup.exe
FirewallRules: [{FB54EA62-0ECE-4990-91FA-0867518819C5}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
FirewallRules: [{02EECF88-4E75-4A31-AF73-28DE6DE46EE8}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
FirewallRules: [{573362D6-3BD6-4F9D-9EBC-B9976F48360C}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
FirewallRules: [{C5234E4B-5518-4B61-94F9-A55590F835BD}] => (Allow) C:\Program Files (x86)\hMailServer\Bin\hMailAdmin.exe
FirewallRules: [{7A98217C-6271-4F8D-80AB-A396BE5A9E8E}] => (Allow) LPort=143
FirewallRules: [{9ABC9E24-5F1B-4BC2-BD00-638189C404B3}] => (Allow) LPort=25567
FirewallRules: [{AD8BB35E-E872-494C-932A-283755009AB5}] => (Allow) C:\Program Files (x86)\PS3 Media Server\pms.exe
FirewallRules: [{A4EB074B-4F23-4F26-AEC7-43187247F07B}] => (Allow) C:\Program Files (x86)\PS3 Media Server\pms.exe
FirewallRules: [{3FF1BDE6-D445-4134-979A-F35085311539}] => (Allow) C:\Program Files (x86)\PS3 Media Server\pms.exe
FirewallRules: [{3527A82D-898E-4F67-BC57-A19AE292A383}] => (Allow) C:\Program Files (x86)\PS3 Media Server\pms.exe
FirewallRules: [{3E4DA18C-9461-4ABE-8645-ABE52FBEDA80}] => (Allow) LPort=5001
FirewallRules: [{222B3571-C206-4920-AAFB-643741A270D0}] => (Allow) LPort=3658
FirewallRules: [WindowsServerBackup-wbengine-In-TCP-NoScope] => (Allow) %systemroot%\system32\wbengine.exe


==================== Restore Points =========================


ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.




==================== Faulty Device Manager Devices =============


Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


Name: Broadcom NetXtreme Gigabit Ethernet #2
Description: Broadcom NetXtreme Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.




==================== Event log errors: =========================


Application errors:
==================
Error: (03/09/2017 10:54:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: java.exe, version: 7.0.250.17, time stamp: 0x51c4b1fc
Faulting module name: KERNELBASE.dll, version: 6.2.9200.21971, time stamp: 0x57c044e5
Exception code: 0xc0000142
Fault offset: 0x00000000000d2370
Faulting process id: 0xfec
Faulting application start time: 0x01d29951fc6e1518
Faulting application path: C:\Program Files (x86)\PS3 Media Server\jre64\bin\java.exe
Faulting module path: KERNELBASE.dll
Report Id: 3ac140b6-0545-11e7-946c-a44a4d6a478f
Faulting package full name:
Faulting package-relative application ID:


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\DFSRPROVS.MOF while recovering .MOF file marked with autorecover.


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\DFSRPROVS.MFL while recovering .MOF file marked with autorecover.


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\DFSNCIMPROV.MFL while recovering .MOF file marked with autorecover.


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\NTDSA.MOF while recovering .MOF file marked with autorecover.


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\DFSNCIMPROV.MOF while recovering .MOF file marked with autorecover.


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ADSTATUS\TRUSTMON.MOF while recovering .MOF file marked with autorecover.


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\ADSTATUS\EN-US\TRUSTMON.MFL while recovering .MOF file marked with autorecover.


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\REPLPROV.MOF while recovering .MOF file marked with autorecover.


Error: (03/09/2017 10:06:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\REPLPROV.MFL while recovering .MOF file marked with autorecover.




System errors:
=============
Error: (03/10/2017 11:18:26 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/10/2017 11:18:24 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/10/2017 11:18:23 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/09/2017 11:32:50 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/09/2017 11:32:49 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/09/2017 11:32:47 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/09/2017 11:03:59 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/09/2017 11:03:59 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/09/2017 11:03:58 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.


Error: (03/09/2017 10:54:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The PS3 Media Server service terminated with the following service-specific error:
The system cannot join or substitute a drive to or for a directory on the same drive.




==================== Memory info ===========================


Processor: Intel(R) Xeon(R) CPU 3060 @ 2.40GHz
Percentage of memory in use: 69%
Total physical RAM: 3070.02 MB
Available physical RAM: 945.41 MB
Total Virtual: 4478.02 MB
Available Virtual: 2239.2 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:465.36 GB) (Free:420.61 GB) NTFS
Drive d: (Storage) (Fixed) (Total:7451.73 GB) (Free:5181.09 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.7 GB) (Disk ID: ED5BA369)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)


========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7451.9 GB) (Disk ID: 00000000)


Partition: GPT.


==================== End of Addition.txt ============================

-Pyro

 

[BrianDrab]

Thanks. Can you uninstall the following program if you don't use it anymore? I see it's possibly causing conflicts.

PS3 Media Server

Also I see you are using Google's DNS servers. Can you change these temporarily to OpenDNS? The primary and secondary are listed below.
208.67.222.222
208.67.220.220

Then try checking for updates and let me know how it goes.

 

[WildPyro]

I currently do use my PS3 media server from time to time, but it has since been replaced by my Chrome Cast so I have no problem removing it for now. I have also changed my DNS servers from 8.8.8.8 | 8.8.4.4 to 208.67.222.222 | 208.67.220.220. I restarted the Windows Update service and am currently checking for updates. I'll let you know the results.

-Pyro

 

[BrianDrab]

Also please do the following when you have a sec.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
2. Download the file below, SFCScript.txt, and save this to your Desktop.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
5. Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

 

[WildPyro]

Windows update is going no where still. Here is the SFCFix.txt contents:

SFCFix version 3.0.0.0 by niemiro.Start time: 2017-03-11 14:24:30.557
Microsoft Windows Server 2012 - amd64
Using .txt script file at C:\SFCFix\SFCScript.txt [0]








FileScan::
[0: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.16384_none_11bd211f244affb7\win32k.sys
File is untraceable.
Found: PGEv6Y4Y9CmUZ9PFVRsfH3NuIf54krbYpBaqZvGoiKs=
Found: 6.2.9200.16384
Trace not available.






[1: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.21142_none_126fe08c3d4a1f3b\win32k.sys
File is untraceable.
Found: oxzwu6wLJEzjD8tzrtwVHmN9aqNNLeEFP1TdQSyCSL0=
Found: 6.2.9200.21142
Trace not available.






[2: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.17025_none_11fee47724199394\win32k.sys
File is untraceable.
Found: y4nJsZqsNgjg6FpEpD7K5QsZKYH/HuPTaskYNJ2MEP4=
Found: 6.2.9200.17025
Trace not available.






[3: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.16433_none_11f23257242357d2\win32k.sys
File is untraceable.
Found: to43LetFWy8W2fAb1rxaXE2HkybWaKGeWieSO0LMqhE=
Found: 6.2.9200.16433
Trace not available.






[4: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.20534_none_127ccf6c3d4010f3\win32k.sys
File is untraceable.
Found: uoA9FdbbQUMsSoa+86RfgrVDiyndY69DsYAtyQUVJ1o=
Found: 6.2.9200.20534
Trace not available.






[5: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.21403_none_129c26383d28c043\win32k.sys
File is untraceable.
Found: AdO87neWNQO23GSBW3L2b8+TQ8WcTPAh2/6Vg+oVovw=
Found: 6.2.9200.21403
Trace not available.






[6: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.17287_none_11c0094f24486836\win32k.sys
File is untraceable.
Found: TWv+fLxRzGNgni6+hRPz9BPE9UIM7Y7svDoBkbg81m4=
Found: 6.2.9200.17287
Trace not available.






[7: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.17461_none_11cfab37243d9298\win32k.sys
File is untraceable.
Found: RZ8Jb7glnqu3yd+TxFefS3hxBTPMmdmU6qbIksKwJIo=
Found: 6.2.9200.17459
Trace not available.






[8: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.21575_none_1252793e3d5fb3af\win32k.sys
File is untraceable.
Found: rmtu3qqpMUlYioYL/diydcMa5St/hHy4hUkXwbptKK4=
Found: 6.2.9200.21573
Trace not available.






[9: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.21172_none_124f70c83d62730e\win32k.sys
File is untraceable.
Found: +PeS28qQyGIiJmNlmh2MseHZzyWjw6nsNYxDeGHg1Iw=
Found: 6.2.9200.21172
Trace not available.






[10: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.17053_none_11dc741f2433b4b9\win32k.sys
File is untraceable.
Found: tq2uHouEyM3+hYWGhio5Qt1HCwdFOPNNA7U+SXuu9+E=
Found: 6.2.9200.17053
Trace not available.






[11: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.17500_none_120f8c5b240dcec2\win32k.sys
File is untraceable.
Found: I1E2vmoCamlS7nYtszfkzARdp3+92KdIDjKezRitbMM=
Found: 6.2.9200.17499
Trace not available.






[12: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.21613_none_12915a183d30d682\win32k.sys
File is untraceable.
Found: uYeupJuOn9EIVcwQVY6TSEv91mCgzTBmJxXbVQlVlr0=
Found: 6.2.9200.21612
Trace not available.






[13: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.21978_none_125581b43d5cf450\win32k.sys
File is untraceable.
Found: LOp0MdcTU0/SajkBNn8KXHxNHJR/G0xNE908xP9SJrw=
Found: 6.2.9200.21977
Trace not available.






[14: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.22023_none_128668003d391d2a\win32k.sys
File is untraceable.
Found: KZRx8GO73XCxdksxf66fXmXg66l9KyBkkkSDbiIisLA=
Found: 6.2.9200.22023
Trace not available.






[15: 2] C:\Windows\System32\win32k.sys
File is untraceable.
Found: 2CioFTUe/Ekt3COtrWtunfy3a3/28iJso54S28y7Rrk=
Found: 6.2.9200.22029
Trace not available.


[C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.22029_none_128c69bc3d33b534\win32k.sys]




[16: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.20683_none_1245c16c3d698078\win32k.sys
File is untraceable.
Found: x/pJ/QE052wJGWraBtlAJGVW5LoOO1shPIOIN2AK58M=
Found: 6.2.9200.20683
Trace not available.






[17: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.16579_none_11ccf649243e5cc7\win32k.sys
File is untraceable.
Found: 3+B7AkAMRk/IWpAl4hDnMWd3wZJv18TmFLRqqqWyJBU=
Found: 6.2.9200.16579
Trace not available.






[18: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.20764_none_125c63743d585f14\win32k.sys
File is untraceable.
Found: JQcpKXTcFr2ejs6mnFzcOebhOKvCaLzkPlFLamxVfwE=
Found: 6.2.9200.20764
Trace not available.






[19: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.16657_none_11e09773242fef5e\win32k.sys
File is untraceable.
Found: 6r0yGECwvY9Ypa9YhvGAuWyX3CAg0BPOPqU9dCJ3uQQ=
Found: 6.2.9200.16657
Trace not available.






[20: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.20525_none_12889fa23d370e59\win32k.sys
File is untraceable.
Found: rtGkw2TUMFSXHRfNYoivOo01DvEoYi7aLd5DQGwPvRU=
Found: 6.2.9200.20525
Trace not available.






[21: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.16424_none_11fe028d241a5538\win32k.sys
File is untraceable.
Found: zep0u09gzp5L/SrtUTYVvNxiIvR1d+ZrxDD9X/KLqks=
Found: 6.2.9200.16424
Trace not available.






[22: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.16420_none_11fa0165241defdc\win32k.sys
File is untraceable.
Found: VyzMb7tcRnCYeUVJP7Bo/e8ZZnGQq6ZxoOY44YUSgew=
Found: 6.2.9200.16420
Trace not available.






[23: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.20521_none_12849e7a3d3aa8fd\win32k.sys
File is untraceable.
Found: i8nhg8WPit1PIFbjk4oMmh26GUeB3WzYChE7wC2VMP4=
Found: 6.2.9200.20521
Trace not available.






[24: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.16465_none_11d3c3272439de53\win32k.sys
File is untraceable.
Found: LOnQll4seOtDj6/KBGC8PONMq8uyXHlw89Vjj1B+lZ4=
Found: 6.2.9200.16465
Trace not available.






[25: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.20569_none_1261611a3d53e379\win32k.sys
File is untraceable.
Found: UrcmdPPPUVVsl8gKc3xhH9XicpgEH/jRQAMmgX/OqXc=
Found: 6.2.9200.20569
Trace not available.






[26: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.16451_none_11da91eb24355d06\win32k.sys
File is untraceable.
Found: plHgxlFmNI/eASnrs3ZtyFDsgnD/St4Np56kDt8wDH0=
Found: 6.2.9200.16451
Trace not available.






[27: 1] C:\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.2.9200.20555_none_12682fde3d4f622c\win32k.sys
File is untraceable.
Found: hNl3t5Ezmi2J3BolY8DAuhAbDfPtopRKwFRZeI402bs=
Found: 6.2.9200.20555
Trace not available.
FileScan:: directive completed successfully.








Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 7 datablocks.
Finish time: 2017-03-11 14:24:43.724
Script hash: Tm25/DI1QiKddbytKL/LI/Y6DxTil4kBmH52hiJy9gk=
----------------------EOF-----------------------

-Pyro

 

[BrianDrab]

I'm guessing Checking for Windows Updates didn't work?

 

[WildPyro]

It's still checking from earlier this morning so I'm gonna say no. Would you like me to restart it?

-Pyro

 

[BrianDrab]

Not yet.

 

[BrianDrab]

Please do the following.

Remove Update Manually
1. Click on the Start

button and in the search box, type Command Prompt
2. When you see Command Prompt on the list, right-click on it and select Run as administrator
3. When command prompt opens, copy and paste the following command into it, press enter
wusa /uninstall /KB:3205408

4. Let me know if it says it was successful or if there are any errors.

 

[WildPyro]

Uninstalled successfully. Calling for a reboot.

-Pyro

 

[BrianDrab]

Follow steps 1-9 at the following article and then reboot.
https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components

 

[WildPyro]

All set. Ran through steps 1-9 (Including the "Aggressive" step 4) and rebooted. A few of those DLLs couldn't be found by the way, other than that, everything succeeded.

-Pyro

 

[BrianDrab]

Please check for updates and let me know how it goes.